Orbitech

A new version of Hazard Shield is now available, 2.2.0.275.

You can download it here. Existing users can update using the built in updater.

Changelog:
Added registry monitoring capabilities to real-time protection
Drastically improved new scanning engine
Removed old MD5 scanning engine
Enumeration of files and folders can now be done by the driver
Improved hosts file scanning
Items under status section of main screen are now working
Driver now supports unicode
Real-time protection now reloads database after an update
Improved ignore list
Several minor improvements in the driver
Fixed several small bugs in the ADS scanner
Fixed several synchronization issues with real-time protection
Fixed small bug when adding directories to custom scan
Fixed problem expanding environment variables on 64-bit systems
Fixed driver bug when starting executables with long file names
Fixed program updater crashing with real-time protection enabled

This is a pretty big update. First off this the new registry monitor. This greatly improves the protection Hazard Shield's real-time protection can offer, as it can monitor keys and values commonly used by malware. Currently this feature is very basic, and will provide a notification any time a value is added or changed under HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Run. We plan on greatly expanding this feature to include more monitored values and scan values as they are added.

Next is the new scanning engine. It has now fully replaced the old engine, and is just about completed. This new engine allows Hazard Shield to detect morphed varients of malware, as well as generic detections.

Next is the file and folder enumeration done by the kernel driver. This is the first part, the second part will be the actual reading of files done by the kernel driver. This feature allows Hazard Shield to better deal with rootkits, as well as threats like Conficker, which modify the permissions of their files to prevent security programs from scanning them.

Finally there are the bugfixes and improvements. Both the hosts file scanner and ignore list have been improved quite a bit. The kernel driver now fully supports unicode for the process guard, registry monitor, and file/folder enumeration. Basically it allows the driver to handle objects with Chinese, Russian, Japanese, etc. characters. Also, after a database update (manual or automatic) the real-time protection will reload the database, providing immediate protection against the new threats in the database update. The rest of the updates are pretty self-explanatory.

Known issues:
1. You MUST uninstall the real-time protection before updating!
2. Still no real-time protection on 64-bit systems
3. File/folder enumeration in driver has a massive memory leak