I realize this is a newbie question but I'm unclear on this point. I just downloaded and installed DW 2.53. I open DW and browe the web and I download a file to my desktop. I do not want the file saved to my computer so I mark it as untrusted. Is this correct? I know I can delete the file but when I shut down the computer and then restart, the file remains on my desktop. If the file was malware would it be saved to my desktop and ready for installation. The file was an mp3 file and I can run it without any warnings or alerts. I think I'm missing something very basic, can someone enlighten me on how I'm being protected? And, if using Firefox, untrusted, and I download a file, untrusted, then why is it installed to my hard drive and why can it run unhindered?
thank,
ph
Full Version: Newbie question
Hi,
I have only just started looking at this HIPS myself. But to my understanding of what I am seeing, is that the download if executed will be set as untrusted so will not harm the system.
I have only just started looking at this HIPS myself. But to my understanding of what I am seeing, is that the download if executed will be set as untrusted so will not harm the system.
QUOTE (pighunter @ Apr 22 2009, 03:59 PM) 
I realize this is a newbie question but I'm unclear on this point. I just downloaded and installed DW 2.53. I open DW and browe the web and I download a file to my desktop. I do not want the file saved to my computer so I mark it as untrusted. Is this correct? I know I can delete the file but when I shut down the computer and then restart, the file remains on my desktop. If the file was malware would it be saved to my desktop and ready for installation. The file was an mp3 file and I can run it without any warnings or alerts. I think I'm missing something very basic, can someone enlighten me on how I'm being protected? And, if using Firefox, untrusted, and I download a file, untrusted, then why is it installed to my hard drive and why can it run unhindered?
DefenseWall do not delete files automatically. You just have to forget all you know/read about sandboxes, DefenseWall is different.
About your case- downloading a file with untrusted browser will mark this file as untrusted (if it's executable or potentially dangerous). It runs untrusted if you run it. All the files saves "as is", without redirections. If you want save any- do it with your regular "delete" habits.
Thanks for the quick reply. Are you saying even though the file runs, it cannot infect my computer as long as it remains in an untrusted state. And, I can delete an untrusted file in the normal manner. If I do not load DW, then can the untrusted file infect my computer? And, if I determine the file is safe, I can change it to "trusted" and run it, even apart from DW, without any problems? So, what I am getting is that DW must be running, even if a file has previously been marked as untrusted, to protect from unwanted infections. Even though, once marked as untrusted, if DW is not running, then the "untrusted" file is, in effect, trusted, and can infect my computer. Is this correct?
ph
ph
Hi pighunter and welcome to GSF and DW forum.
Please take time to read the help file.. especially topics under "Welcome" and "Using Defensewall" ; it has a very good explanation.
[edit] there is also a brief introduction here on the forum..
Please take time to read the help file.. especially topics under "Welcome" and "Using Defensewall" ; it has a very good explanation.
[edit] there is also a brief introduction here on the forum..
Again, thanks for the help. I read the sources you advised. One thing, my big red button has never been red, it is grey, is this an issue? I'm using the trial version 2.53.
ph
ph
QUOTE
So, what I am getting is that DW must be running, even if a file has previously been marked as untrusted, to protect from unwanted infections. Even though, once marked as untrusted, if DW is not running, then the "untrusted" file is, in effect, trusted, and can infect my computer. Is this correct?
If Firewall is shutdown/disabled; if antivirus/antimalware real-time protection is shutdown/disabled, is your system protected? Naturally, defenses must be running to provide protection.
QUOTE (pighunter @ Apr 22 2009, 08:18 PM)
Again, thanks for the help. I read the sources you advised. One thing, my big red button has never been red, it is grey, is this an issue? I'm using the trial version 2.53.
ph
ph
No it is not an issue, this is OK. This button is grey because every single version after v2.45 is skinless - thats why :)
Chachazz,
I understand, now, that DW must be running to provide protection for a file previously marked as untrusted. For some reason, I though once a file was marked as untrusted, it would never be allowed to access to my computer. I assumed it to be isolated in some "netherspace" and would not be accessible from the harddrive. My mistake.
And, I do appreciate the help. So far, DW has been working well for me, I just need to learn how to use it.
ph
I understand, now, that DW must be running to provide protection for a file previously marked as untrusted. For some reason, I though once a file was marked as untrusted, it would never be allowed to access to my computer. I assumed it to be isolated in some "netherspace" and would not be accessible from the harddrive. My mistake.
And, I do appreciate the help. So far, DW has been working well for me, I just need to learn how to use it.
ph
QUOTE (pighunter @ Apr 22 2009, 07:41 PM)
For some reason, I though once a file was marked as untrusted, it would never be allowed to access to my computer. I assumed it to be isolated in some "netherspace" and would not be accessible from the harddrive. My mistake.
It's simply can't be in a "netherspace", there is no such a place. Any way, files are stored at hard drive. Sandboxes with virtualization redirects them from the place you save it to another, "virtual container" folder at your hard drive, but when I was making DefenseWall's initial design, I understood I can use my favorite Far Manager with that files, I have to dig deep inside that container.
So, I made it simpler and the way I can work every day with my usual habits. Files are protected according policy-based rules, potentially dangerous files, created by untrusted are marked as untrusted and continue to be covered by untrusted processes policy restrictions.
I can't say untrusted can't do harm at all, but its potential danger is significantly decreased.
Nice honest answer there Ilya! Hope you enjoy DefenseWall pighunter!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.