Retired Staff


Malware Defender is a HIPS (Host Intrusion Prevention System) with firewall. It is effective to protect your computer system from all forms of malware (viruses, worms, Trojans, adware, spyware, keyloggers, rootkits, etc.).

Malware Defender is also an advanced rootkit detector. It provides many useful tools that can be used to detect and remove already installed malware.

Whether you are an expert or not, Malware Defender is your choice to protect your system.

Key Features:
Realtime protection system
* Monitors process, file and registry activity for suspicious behavior.
* Monitors network activity.
* Detects all forms of malware, whether known or unknown.
* Supports learning mode and silent mode.
* High performance and low resource usage.

Process manager
* Detects hidden processes and threads.
* Detects unsigned processes and modules.
* Kills processes and threads using advanced method.
* Suspends/resumes processes and threads.
* Unloads modules of processes.
* Closes handles of processes.

Kernel module manager
* Detects hidden kernel modules and kernel threads.
* Detects unsigned kernel modules.
* Kills, suspends and resumes kernel threads.
* Kills kernel DPC (Deferred Procedure Call) timers.

Hooks detector
* Detects and removes system service table hooks (SSDT hooks).
* Detects and removes Win32k service table hooks (shadow SSDT hooks).
* Detects and removes interrupt descriptor table hooks (IDT hooks).
* Detects and removes SYSENTER handler hook.
* Detects and removes kernel object hooks.
* Detects and removes kernel notify routines.
* Detects and removes kernel mode code hooks.
* Detects and removes user mode code hooks.
* Detects and removes global message hooks.
* Detects attached devices.
* Detects hooked driver dispatch routines (IRP hooks).

Autostart application manager
* Scans all known autostart locations.
* Detects hidden autostart entries.
* Detects newly added autostart entries.
* Undoes and redoes deletion of autostart entries.

File explorer
* Detects hidden files and folders.
* Shows and deletes NTFS Alternate Data Streams (ADS).
* Deletes in-use files.

Registry editor
* Full functional registry editor.
* Detects hidden registry entries.

Operating Systems: Windows 2000 (SP4), XP, 2003, Vista, 7 and 2008 (all 32-bits).

What's new in Malware Defender
March 12th, 2012

· Kernel blocking access COM interface
· The kernel to intercept access to the Service Manager
· The interception process added to the JOB object
· Interception by registering hotkeys to record keystrokes
· Solve the problem of parameter processing in the SSDT HOOK incorrectly can cause the blue screen
· Rule annotation display in the alert window to the top of the window
· Solve the performance problems generated by the large number of logs, the second log is not repeated
· Automatically merge the same log in the log window and display the count
· Bubble prompted two seconds after the display does not show the new bubbles
· Fix some small bugs

Homepage (Chinese only)
Homepage (Google Translate to English)
Download (Direct Default Link)
Download (Softpedia)

Malware Defender was just recently bought by a new vendor "Qizhi Software (beijing) Co. Ltd.", they chosen to make Malware Defender an unlimited freeware.
All versions prior to 2.7.0 are commercial trialwares.
  • Like
Reactions: conceptualclarity


Retired Staff
There is a guide at Wilder's Security Forum, English help file is attached to the program (in the upper part of the GUI).



Level 61
Found this information related to this version

Note: The new version adds a new interceptor, open learning mode and re-start a recommended upgrade from an older version.

Deleted member 178

No x64 versions, a pure HIPS or Anti-exec on x64 is Appguard or Nothanks Exe Radar Pro (this one for x64 will be officially released in few weeks), but both are paid.