Hi everybody!

Pre-2.45 version of DefenseWall HIPS is ready for your tests. What's new here:

1. Significantly increased the number of auto-protected files extensions. This may cause compatibility issues, so, in case you'll find the one- please, report ASAP.
2. Added an ability to automatically launch browser for "Go Banking/Shopping" as trusted.
3. Added an ability to save DW's logs into one text file (no need to look for a defensewall_log.log file anymore).
4. Added "query Google" function for keys/files/folders from the rollback list.
5. Added "save details" function to save keys/files/folders info from the rollback list.
6. Added "Secured Files" excludes feature.
7. Added protection against account rights removal.
8. Re-organized shell extension menu (Kees, thanks).
9. Added additional resource protection for aMSN, Windows Address Book and Outlook Express mailing folders.

And, as usual- some compatibility improvements.

The beta is here: http://www.softsphere.com/cgi-bin/redirect...EFENSEWALL_BETA

Edited: July 21, improved help file is included.

Edited: July 25, DefenseWall HIPS pre-2.45 version has been updated due to "distnoted.exe crash" issue fixup. Please, download and check it out.

I love the new shell menu, it really does make Defensewall even easier to use :)

Now I realize that this isn't necessarily a problem caused directly by Defensewall as I've seen it happen with other programs as well (see Winpatrol), but with Opera set as the default browser it's often impossible to use the "query google" functionality introduced in this build. The problem is that the url/query string is to long, so it will refuse to open it (no error message is displayed). Don't know if this problem occurs with other browsers as well, but I can imagine it will with some strings. Perhaps if you didn't urlencode the query it would shorten it somewhat?

EDIT: Speaking of Opera and Defensewall, just thought I'd mention that starting with 9.5 the mail folder used by the email client have been moved from %APPDATA% to %LOCALAPPDATA% so the default resource protection settings could use a minor update (it's easy enough to add manually, but it'd be nice to have it correctly configured by default) :)

I got a BSOD upon reboot after install. See my mail.

Cheers

Ilya,with DW Protection enabled,if I try to open Firefox in Sandboxie the computer locks up. Have to hard shut down. 2.44 is no problem.

I don't know if this happens with previous versions or not, but with this build at least there's some problems when used together with VMware (which is running as a trusted application). The problem is that if you are using the virtual machine to access a folder shared with the host and this folder or files in it are marked as untrusted, the whole system pretty much locks up completely. You can still move the mouse cursor around inside the window of the virtualized machine but that's it. Nothing responds at all on the host or the guest. If I mark the same file/folders as trusted I can access them again without having the system freezing on me.

Run GreenBrowser as untrusted, The system is freezing.

GreenBrowser 4.6.0606
http://www.morequick.com/IndexEn.htm

OK, got it. I just uploaded new pre-2.45 build, please, check it out.

GreenBrowser is not working in new pre-2.45 build also.

in log:
4:Attempt to change service

2.44 build is no this.

Yes, thanks a lot to all- I just found an fixed a kernel-level memory leak that causes all the "freeze" issues but VMWare ones. Just uploaded improved version, you may download and try.

That last one fixed my problem with Sandboxie.

Ilya,this is not a big problem but I noticed that re-booting with protection on slows loading of the task bar and one program doesn't load. (Gadwin Print Screen) If protection is turned off there is no problem.

WilliamP, it this only with 2.45, but and with the previous versions of DW?

I didn't normally leave protection on. I had to when system locked up. So I re-downloaded 2.44 and it does the same thing on boot with the protection on. So don't worry about it . No problem for me. I'll just turn protection on after boot.

I just checked Gadwin Print Screen- everything's OK with its loading. Maybe, by some reason it runs untrusted?

It is probably the combination of programs that I have loading at boot that causes the problem. I'm happy the way it is.

DefenseWall does not work with Vista Transformation Pack v8.01 on Windows XP SP3. It constantly hangs the computer and requires a hard reboot. I have sent Ilya all of my logs, etc., but to no avail

I have received nothing. Please, re-download the latest pre-2.45 build and, in case of failure, send me as much information as you can.

Ilya,

I have sent you everything already. It was under the subject of DefenseWall 2.44 causing hard disk thrashing. I advised you that I thought it might be the Vista Transformation Pack in my emails to you. You have responded with the new 2.45 beta, so you did receive them. You have all of my log files and screen shots that you requested.

I have the latest verstion of 2.45 beta released a few hours ago. It hangs my computer and requires a hard reset. it might be the blank folder that shows up in the Untrusted list. You said to remove it, which I did..no help. It just keeps coming back.

Please look at the files I sent you.

Many thanks,

Aha, I see. This could be because of a kernel memory leak I have fixed recently. Please, re-download and install.

I did install this pack (downloaded from Download.com) under a test virtual machine and had no single problem with it. At all. No hangs, no shatter events.

Ilya,

I downloaded the file just now. It is not hanging like it did but I still have the following problems so far:

1. I can't load a link to Firefox from within Outlook 2007. I get a pop up and tell it to allow next time, but it will not allow.

2. The system drive is still thrashing unless I filter the screen event for all untrusted programs.

Edit:

3. I am still getting the shatter events in all Untrusted Programs.

4. The clipboard keeps popping up even though I tell it not to do it again.

GreenBrowser is working now!

Thanks!

You need do following:
a. Clean up "Events log" sheet ("Delete all"->"Apply").
b. Reproduce the issue.
c. Without running more untrusted, just export log ("Events log" sheet->"Export log").

zip a log file and send it to the support e-mail.


Yes, this is the only way to get read of it. Or, it need to find the dll that cause massive screen capturing events.


Export the log file with them, zip and send to the support e-mail.


Could you clarify- you have this popup with, for example, IE, you select "Do not show me next time" and press "OK" and, when you run IE one more time, you get the same popup one more time?

Hello Ilya!

Everything is working fine here!

Some policy need to be improved.

1)open a microsoft link, IE is set to trusted

2)use this IE window to browse other site, it is still trusted

it is dangerous, right?

If you open Windows Updates ot Microsoft Updates with appropriate links, IE turns into trusted state automatically- it's comfortable.

Yes, it _could_ be dangerous, but, in fact, it's no more dangerous if you run IE as trusted manually. I believe that comfortability of the program's use is more important this case.

what i mean is if i use this IE window to visit other site than microsoft's, the IE window should be set back to
untrusted automatically.

Maybe, you are right. I'll think about it.

another two suggestions:
1)would you be kind enough to add right-click menu in events log window like menu in rollback window.

2)when using event filter function, same kind entry can be add to Filters.bat again and again,this may not occupy
a lot of disk, but may effect speed to judge wether display log or not.

What entries should be there? There are only two functions item-related there- Filter and Delete, not really many to add a context menu.


Sorry, could you clarify? Filtering is very fast here, I just don't get something...

I have DW on two computers. One has NOD32 AV and the other has Avira free. This morning I downloaded and installed 2.45 on the one with NOD. On re-boot I got a BSOD. It will boot now after shut down. I didn't get any pop ups just BSOD. Do you want Mini Dump? It seems to be ok now.

i mean there are a lot of event logs,i select them all, click "filter" button and then all of them are added into Filters.bat.

I have sent the zipped mini dump to support. Maybe will be of some help.

WilliamP, got it. Please, send me the dwall.sys file zipped from your system32\drivers folder.

Wrong. There are many events, but there is only one log file.

New version is uploaded with this BSOD issue fixed.

Thank you Ilya.

Ilya,

1. Just sent. As I explained, this only happens when Firefox (my default browser) is NOT open in the background.

2. I understand and I have filtered these screen events.

3. There are some shatter events in the log file I sent you under #1.

4. Yes, except I use Firefox.

Many thanks for all of your help. We are getting close to having this resolved.

Silver

I don't know what you changed, but the crashes/freezing I experienced with Defensewall and VMware stopped happening with one of the new builds

Ilya,

Thanks for all of your help. The new menu item "Allow untrusted to modify also" did the trick. The shatter events have stopped and everything in Outlook is working.

DefenseWall and your support and patience have been terrific!!!

Thanks again,

Silver

But I know what have been improved in order to fix this issue.

Silver, try to remove those files from the "Defense Excludes" list and install the latest build I just made according the logs you sent me and uploaded. Lets see how will it work.

Ilya,

my system froze a few hours after installing the current (yesterdays) pre 2.45 version (until this happenend the new version seemed to work great).

Now it freezes within 30 seconds after reboot, if I disable protection within these 30 secs the system keeps running.... until I enable protection.

There aren't any events in the defensewall eventlog nor in the windows system or appliction logs

I tried another computer, same thing there.

Any ideas? Thx, Mike.

Strange. OK, I send you test drivers set.

Did do and it works like a charm.

Many thanks

Just uploaded new build with some bugs fixed and improved help file included. Please, re-download and test.

Is it only me? or the file is not available atm?
I can access softsphere.com but not the download...

I can access both site and 2.45 build. Please, try one more time.

Yep, it's all good now !

Btw, great work with this 2.45 release, Ilya, it's running very nicely here.

Just uploaded new build. Rollback "Query Google" now works only with last file file, not with its full path.