Softpedia Editor's Review for Malware Defender
Detect and remove malicious software
Written by Sorin Cirneala on December 3rd, 2012
Malware Defender is an intrusion detection tool that allows you to prevent viruses or other applications for making modifications to your system. It is designed to permanently monitor the running programs and processes in order to notify you of any changes that might require your attention.
The intrusion detectors have different features from the antivirus products since they detect the suspicious behavior and not infected files. These actions might include adding a program to the startup list or changing the parameters of a certain application, such as stopping the antivirus components.
This tool can help you notice the changes and prevent the ones that can compromise the computer security. When you install the application it is switched automatically to learning mode in order to create the rules for the running software components. That is why it is recommended to install it right after scanning your computer for viruses or installing a clean operating system.
You can also create rules manually by selecting a program or a process and changing the permissions according to your trust level. The rules include complex parameters that enable you to restrict the network access and its ability to create new threads.
If you are not sure about a certain component you can create a rule and log all the activity for a certain time interval. You can specify the logged events in order to make an informed decision when you add it to the list of trusted applications.
This tool is also able to identify the startup items and to make changes in order to remove the ones that are not required. This section can be difficult to explore for a casual user since it includes very detailed information about DLL files, drivers and other components initialized during the startup.
Overall, Malware Defender is a valuable tool for permanently monitoring the changes in the running programs. Although its complexity might be scary at first, the learning mode and its ability to verify certain software publishers make it a good choice even for average users.
Malware Defender description
Here are some key features of "Malware Defender":
· Realtime protection system
· Monitors process, file and registry activity for suspicious behavior.
· Detects all forms of malware, whether known or unknown.
· Supports learning mode and silent mode.
· High performance and low resource usage.
· Process manager
· Detects hidden processes and threads.
· Detects unsigned processes and modules.
· Kills processes and threads using advanced method.
· Suspends/resumes processes and threads.
· Unloads modules of processes.
· Closes handles of processes.
· Kernel module manager
· Detects hidden kernel modules and kernel threads.
· Detects unsigned kernel modules.
· Kills, suspends and resumes kernel threads.
· Kills kernel DPC (Deferred Procedure Call) timers.
· Hooks detector
· Detects and removes system service table hooks (SSDT hooks).
· Detects and removes Win32k service table hooks (shadow SSDT hooks).
· Detects and removes interrupt descriptor table hooks (IDT hooks).
· Detects and removes SYSENTER handler hook.
· Detects and removes kernel object hooks.
· Detects and removes kernel notify routines.
· Detects and removes kernel mode code hooks.
· Detects and removes user mode code hooks.
· Detects and removes global message hooks.
· Detects attached devices.
· Detects hooked driver dispatch routines (IRP hooks).
· Autostart application manager
· Scans all known autostart locations.
· Detects hidden autostart entries.
· Detects newly added autostart entries.
· Undoes and redoes deletion of autostart entries.
· File explorer
· Detects hidden files and folders.
· Shows and deletes NTFS Alternate Data Streams (ADS).
· Deletes in-use files.
· Registry editor
· Full functional registry editor.
· Detects hidden registry entries.
What's New in This Release: [ read full changelog ]
· Kernel blocking access COM interface
· The kernel to intercept access to the Service Manager
· The interception process added to the JOB object
· Interception by registering hotkeys to record keystrokes
· Solve the problem of parameter processing in the SSDT HOOK incorrectly can cause the blue screen
· Rule annotation display in the alert window to the top of the window
· Solve the performance problems generated by the large number of logs, the second log is not repeated
· Automatically merge the same log in the log window and display the count
· Bubble prompted two seconds after the display does not show the new bubbles
· Fix some small bugs