defense + ?

Can someone tell me more about Defender+

I have tryed to find something about it on the forums but i could only find this.

Using HIPS engine, we have created an ability to create rules that checks for common malware behaviour and stops them in their tracks. Its a very nice platform and will come with an extensive range of behaviours that we already block. It also has the ability for our users to create rules for this behaviour blocker. Its a powerful and flexible platform.



and how much will defender+ help, because normal anti-spyware/virus also checks for malware behavior, and i also have Cyberhawk…

Def+ is not an anti-spyware or anti-malware in the sens that it does not use a definition file to block stuff; it doesn’t either have the ability to scan for malware. It is a HIPS (Host Intrusion Prevention System) and as such checks the running of all processes on your system, giving you the ability to allow or deny them. Hence this is also a way, another way to fight against malware.

You can check that link for a couple of infos:

also here in the forum, many threads:

browsing Castlecops website will also tell you more ( a lot more)

now concerning the deep mechanisms of Defender+ and the new firewall, I read in an earlier post from Melih answering to another user that nothing would be said publicly before the final release is out, a very well understandable position for a developer.

Defence + (its a really nice name btw :slight_smile: ) is a System Firewall.
it protects the Kernel! an ordinary firewall protects your Network layer. Defense + protects all critical system calls. Literally, there can be no critical execution of any code without Defense+ knowing about it.

What it does is: it allows the user to create policies and apply those policies about critical system capability to any executable the user chooses. So you can say i want this application to operate with these privileges but no access to keyboard etc etc. its bloody powerful!


in defense + settings if i mark ff and ie as isolated browser application what exactly does it prevent?

(:CLP) (:CLP) (:CLP)

I think the name “System Firewall” is nicer.


What is an isolated browser applikation?
Is an isolated browser applikation a sandbox?

(:CLP) (:CLP) (:CLP)


in defense + settings if i mark ff and ie as isolated browser application what exactly does it prevent?does it prevent downloads,etc through these browsers?

i set internet explorer to isolated browser application and downloaded a file and file was automatically renamed(bunches of letters,20 or so)then when it was finished downloading could not read file to continue,is this what it is supposed to do?

I´m suprised Isolated Browser can Bowse the internet at all. When I look at the settings in Predefined Access rights it Has DNS Client Sevice checked as Blocked. [s]This should limit browsing to the local PC only.

Attached are two files showing the difference in the settings[/s]

Kail corrected me and this service is only to cache DNS entries on the local PC. It is not required to browse at all (:TNG) OOPS

Nope just tested it and I could access the internet and tried a file download and it worked just fine
To see the difference diference between what CFPA gave iexplorer.exe and an “Isolated Browser” see the attached files

[attachment deleted by admin]