Updated to 5.3.0

• Add Process Rule Template
  • Supports Integrity Level Control
  • Supports Privilege Control
  • Supports Control Over 20+ Types of Behaviors
  • Supports Advanced Behavior Control
• Add Transparent Proxy Template
• Add C2 Detection Support
  • Supports Accurate Detection of SilverFox
  • Supports Accurate Detection of BRC4
• Add Detection for Common Defense Evasion Techniques
  • Stack Obfuscation Detection
  • Stack Spoof Detection
  • WFP Silent EDR Detection
  • Direct RPC Call Detection
  • Patch ETW Detection
  • Patch AMSI Detection
• Advanced Template Supports Adding Firewall Events
• Advanced Template Supports Process Reputation Field
• Fixed Issue with Invalid Zooming
• Fixed Issue Where Real-Time Protection Failed Due to Custom Real-Time Protection
• Optimized Some User Experience Aspects

5.2.2

• Added automatic update support

• Added built-in rule: Privacy & Ad-Blocking DNS Guarding

• Added RegisterHotKey support for keylogging blocking

• Add a privacy policy link and telemetry data option

• Optimized file access (kernel mode) rules (does not block EA reading, reducing alerts)

• Optimized built-in rules, reducing false positives

• Fixed the issue of wow64 key not working in some registry protection sections

• Fixed the issue of direct raw disk access blocking not working

• Fixed the issue of YARA rules not working

• Fixed the issue of process information not being obtained in some RPC scenarios

• Fixed the issue of APC injection warnings constantly appearing in environments where Avast was installed.

• Retrained the antivirus engine

5.2.0

Major Release: Upgrade Recommended

• Mechanism Improvements
  • Refactored all built-in rules based on ATT&CK framework, adding labels, scoring, and threat levels
  • Added automatic blocking mechanism based on IOA multi-step behavior
  • Added automatic blocking mechanism based on scoring system
  • Added stack detection to identify Direct Syscall, Indirect Syscall, and Shellcode calls
  • Added UAC Bypass detection
  • Added Keylogging detection
  • Added asynchronous detection mechanism based on ETW-TI
• New Built-in Rules
  • Global Trusted Modules
  • Automatically Blocking Malicious Behaviors (IOA)
  • Automatically Blocking Malicious Behaviors (Scoring)
  • Automatically Allowing Anomalous Behaviors from High-Reputation Processes
  • Automatically Blocking Suspicious Behaviors from Low-Reputation Processes
  • Block modification of HVCI settings to intercept driver loading
  • Lsass Hardening
  • Block LOLBins Process Network Access
  • Block Keylogging
  • Block Browser Data and Password Theft
  • Block UAC Elevation Bypass Exploits
  • Block Exploits Leveraging System Mechanisms
    • Block WDAC modifications
    • Block DosDevices symbolic link modifications
    • Block wow64log.dll hijacking
• Feature Optimizations
  • Optimized process reputation mechanism
  • Optimized injection detection mechanism
  • Optimized process caching
  • Network Access Prompt support allowing high-reputation processes
  • Prompt pop-ups now display TTP
  • Other usability improvements
• Issue Fixes
  • Fixed UI lag caused by driver blocking pop-ups in Windows 11, version 25H2
  • Fixed various other reported issues

5.1.2

• Fixed the issue where the Ransomware Detection rule was ineffective.
• Added a feature toggle: Allows disabling the antivirus component.
• Import and export rules are available for limited-time free use.

5.1.1

• Added a one-month free trial of the Pro version.
• Added support for real-time protection for Anti-virus.
• Anti-virus now supports file deletion.
• Fixed the issue where custom real-time protection was ineffective.
• Optimized some built-in rules.

5.1.0

• Reimplemented the detection logic for DLL Side-Loading.
• Reimplemented the detection logic for BYOVD (Bring Your Own Vulnerable Driver).
• Built-in advanced defense available for free for a limited time.
• Added support for blocked events and notifications for kernel rules.
• Add support for RPC remote call traceability initiated via localhost.
• Added a process reputation mechanism, allowing the display of process reputation information in pop-up notifications.
• Added support for configuring to avoid recording duplicate events or displaying badge for duplicate events.
• Added detection for more code injection methods.
• Added recognition of third-party original signature information signed by Microsoft.
• Optimized the tagging mechanism of the rule engine.
• Enhanced self-protection logic.
• Merged rule files into a single file to avoid frequent I/O issues in scenarios with large numbers of rules.
• Fixed an issue where process protection failed when pop-up rules were triggered.
• Fixed other reported issues.
• Optimized some built-in rules.
• Updated the antivirus engine.

5.0.5

• Added AI-powered antivirus scanning
• Fixed false positives in built-in rules and enhanced existing rules
• Fixed dark mode background display issue in Exclusions
• Fixed driver loading process recognition issue
• Improved password requirement for tray menu operations (valid for 1 minute)
• Added value name field to registry setting value handling cache

5.0.3

5.0.3

4.2.0.0

4.2.0.0

主要优化使用体验和BUG修复，重要版本，建议更新！

• iMonitorSDK

  • 添加进程篡改事件（Process Hollowing、Process Doppelganging、Process Ghosting 等）
  • 添加镜像篡改事件 （傀儡进程、内存篡改）
  • 添加跨进程模块加载事件
  • 优化远程注入（支持识别注入的动态库路径）
  • 文件隐藏支持进程白名单
  • 进程信息添加原始文件名字段
  • 修复自保护导致FontCache打不开被保护进程问题

• 内置规则

  • 添加增强防御忽略名单
  • 添加资源管理器加固（可以拦截APC注入到explorer.exe)
  • 添加远程线程注入检测（支持识别注入的动态库路径）
  • 添加进程文件篡改检测
  • 添加远程镜像注入检测
  • 添加进程内存篡改检测
  • 添加父进程伪造检测
  • 修复一些误报

• 第三方规则

  • 精简优化、减少误报

• 拦截记录

  • 日历添加今日按钮
  • 支持记住上次调整的宽度
  • 拦截记录添加信任进程目标组合

• 询问弹窗

  • 修复信任的命令行取错成数字签名问题
  • 优化弹窗速度和位置计算

• 规则编辑

  • 参数支持多选复制
  • 修复操作目标拖曳后导致操作丢失的问题

• 响应动作

  • 添加询问（默认结束进程）选项

• 规则模板

  • 添加屏幕截图模板
  • 添加设备操作拦截模板（高级规则）

• 规则市场

  • 导入的规则支持增量更新（合并信任列表）

• 其他

  • 添加专业版功能
  • 优化启动性能
  • 优化规则编辑性能
  • 开启密码保护后，退出需要输入密码

• 修复和优化

  • 修复特定场景下内存泄漏问题

  • 修复开启密码保护，开机会弹密码框的问题

  • 修复参数零宽字符导致匹配失败问题

  • 修复跟360的兼容性问题

  • 修复数据库被锁导致无法正常写入拦截记录的问题

  • 进程创建记录详情里面添加命令行

  • 修复Server2008R2服务管理器列表为空的问题

  • 修复结束进程过程还有对应进程事件的问题

  • 优化Classes注册表项的重定向问题

  • 其他问题修复和使用优化

下载： https://trustsing.com/idefender/#_4-2-0-0

4.0.0

重大版本更新，建议更新

• iMonitorSDK更新到4.0

  • 添加内核规则引擎
  • 添加文件隐藏支持
  • 添加沙箱支持
  • 添加RPC调用进程溯源
  • 优化部分性能

• 模板

  • 添加内置规则模板

  • 添加高级模板（内核模式）支持

  • 添加文件隐藏模板

  • 添加轻量级沙箱模板

  • 添加域名查询模板

• 增强防御

  • 添加模拟鼠标键盘监控
  • 添加访问剪切板监控
  • 添加修改系统时间监控
  • 添加关键事件监控
  • 添加修改桌面背景监控
  • 添加磁盘控制监控

• 询问弹框

  • 添加签名信息显示
  • 添加事件自定义
  • 弹框响应记录支持缓存（默认1分钟相同事件不提醒，可以设置里面修改）

• 拦截记录

  • 添加分页支持

• 信任列表

  • 支持参数组

• 优化

  • 优化规则参数设置
  • 废弃部分过期的模板
  • 优化内核进程列表性能
  • 添加Image挟持保护
  • 增强自保护逻辑
  • 添加远程调用溯源（服务创建、驱动加载、任务计划、用户创建、DNS查询等可以定位到来源）
  • 添加内核级别的规则设置
  • 添加WMI进程创建监控
  • 规则组支持剪切板导入
  • 参数支持拖曳移动位置

• 修复

  • 添加网络过滤驱动的兼容性
  • 优化HKEY_CLASSES_ROOT重定向问题
  • 修复端口防火墙弹框信任错误

软件下载： https://trustsing.com/idefender/#_4-0-0-0