I wasn't sure what thread this belonged in; the 3.3 thread or the 3.21 changes thread, so I just made a new one. Now that NeoavaGuard's production has been suspended, do you think it is adequate enough to use given that it is a beta. Or, should I use something else?
I was looking at EQSecure. I like the NG interface better, it is cleaner and not nearly as complicated. Bit there is no possibility with EQSecure. It seems to be a lot more powerful. I think I must have done something wrong when I tested ur because I was getting multiple dll prompts (60+) for every app.

I was not able to get this (http://www.wilderssecurity.com/showpost.php?p=978792&postcount=21) rulset to work. But I have used this (http://www.wilderssecurity.com/showpost.php?p=1019973&postcount=114) one. Any help would be appreciated.

NG is easier to set up and should give enough protection. Main adavantage of EQS will be its file protection but it,s not easy to make trouble free rules for it.
Also EQS is much more chatty. Whiuch verion of EQS you have used, latest is 3.41. I will not suggest to use some other person,s rules. Make ur own.

Which type of alert u get so often? Can u post a screenshot of it?

I actualy really like EQSecure. It seems to be the only HIPS I've tried, with the right ruleset that can protect services. I have tried using this (http://www.wilderssecurity.com/showpost.php?p=1019973&postcount=114) rulset. I have gotten the dll popups I mentioned to stop, by using the above set minus the 'auto group' rules.
I am using the latest version of EQSecure. I understand what you're saying about the custom ruleset, but that seems too hard and way too complicated. I think it would be best for me to use a precompiled set.

This rule set doesn,t work on my system.

- Which version of EQS you r using?

- Have u allowed "load library file" globally?

{QUOTE-> This rule set doesn,t work on my system.

- Which version of EQS you r using? <-QUOTE}

I answered that already. I'm using 3.41.

{QUOTE-> - Have u allowed "load library file" globally? <-QUOTE}

I have changed that seeing to 'prompt and block.'

But I am having trouble with a rule that will allow my system to go into standby mode. I put EQSecure on learning mode then went into standby mode, everything went fine. Then I returned EQSecure to normail and tried again and it didn't work; my monitor turned off but not my system.

{QUOTE->
I have changed that seeing to 'prompt and block.' <-QUOTE}
Then u should only blame urself for the popups.;D Pls change it to allow with no logging.{QUOTE->
But I am having trouble with a rule that will allow my system to go into standby mode. I put EQSecure on learning mode then went into standby mode, everything went fine. Then I returned EQSecure to normail and tried again and it didn't work; my monitor turned off but not my system. <-QUOTE}
Ur file protection rules are the probable cause. U can confirm it in this way. Turn off file protection but keep Application and Reg protect enabled, now try to go in Standby and Hibernation mode. Does it work OK now?

{QUOTE-> Then u should only blame urself for the popups.;D Pls change it to allow. <-QUOTE}

Nice try, but I changed that option after all my program had EQSecure rules. What stopped the popups was getiing rid of the 'auto group' rules.

{QUOTE-> Ur file protection rules are the probable cause. U can confirm it in this way. Turn off file protection but keep Application and Reg protect enabled, now try to go in Standby and Hibernation mode. Does it work OK now? <-QUOTE}

Yes, they are the problem. How do I correct this? What rule needs to be in place?

{QUOTE-> Nice try, but I changed that option after all my program had EQSecure rules. <-QUOTE}These rules are not needed. Just keep it Allow for all( it,s the defualt setting as well). I am sure u have not got all the rules for loading library files and it might cause troubles later.{QUOTE-> What stopped the popups was getiing rid of the 'auto group' rules. <-QUOTE}
Couldn,t understand what u mean?

{QUOTE->
Yes, they are the problem. How do I correct this? What rule needs to be in place? <-QUOTE}
Try putting this rule on top of all file protection rules. Make sure there is no block rule for hiberfil.sys.

{QUOTE-> I actualy really like EQSecure. It seems to be the only HIPS I've tried, with the right ruleset that can protect services. I have tried using this (http://www.wilderssecurity.com/showpost.php?p=1019973&postcount=114) rulset. I have gotten the dll popups I mentioned to stop, by using the above set minus the 'auto group' rules.
I am using the latest version of EQSecure. I understand what you're saying about the custom ruleset, but that seems too hard and way too complicated. I think it would be best for me to use a precompiled set. <-QUOTE}

EQSecure "IS" a very worthy contender in the HIPS circles, so much i began to migrate my snapshots & systems to it as opposed to SSM. It's really cleverly lightweight to hold such a capacity to monitor AND block as well as Log all that it does, and yes the file protection is a HUGE bonus.

Don't be too daunted or perplexed by it, it's only complicated untill you spend enough time to set your own custom rules and it does help to have a template to work from, thanks out to aigle for sharing his.

It'll be interesting to see what they do with the next version of EQS which by the way should be about time again isn't it?

This has got to be one of the tightest HIPS i've run and i thought there was nothing to match SSM, but IMO it's exceeded SSM in many ways and is why i don't have a problem transitioning over to it exclusively now.

Rarely does a freeware app trump it's commercial competitors in certain arenas but even with EQS's complexity i think you'll be very pleased with the results. It's highly configurable as you already found out.

All The Best.

N8chavez,

It is a long time ago I wrote these rules and I have not been using EQS any more on our home PC's.

Try looking for a ruleset which includes the C:\*.sys entry in the global rule set. When it is part of a set of values, remove it and create a new rule with option prompt + allow for create write and delete (just for the time being).

Save and try to go into hibernation. And allow the proces writing the C:\hiberfile.sys.

Check afterwards whether there is a rule for the process allowed in the Application rules tab. Change prompt + allow into allow. Next go the global rules and enter an allow (all) for C:\hiberfile.sys and change the C:\*.sys in the value you like.

Hope this helps.

Backup tip (plan B when that failes). The file protection mechanism I had set together is a bit paranoid. The set described under the TF post http://www.wilderssecurity.com/showpost.php?p=1101838&postcount=46
is sufficient for file protection. So you could also consider changing the file protection of EQS to just the ones mentioned in this post.

Just enter these values in the global rules with prompt + block as protecting option. When you use EQS in silent mode it will use the block. This prompt + block is easier for trouble shooting.

I am not using EQS, not because it did fail in some way, but because a behavioral blocker behind a policy sandbox made more sense. Policy sandbox prtection is directed to keeps things stable (like a classical HIPS), when installing a new program you open defenses. In this situation an intelligent behavior blocker gives more protection, so my overall protection increased by replacing a less rigid protective program (like TF) with a very strong protector (liek EQS). What Ilya says is true: programs like DefenseWall/GesWall Pro will protect you from 95% of the risk your AV does not tackle.


Also after years of saying GW and DW are more or less equal, I must say that DW is the better program, because it never caused problems. With GW I had to make specific setup changes (allowing music files to start playing by clicking them in explorer, allowing printing from untrusted programs (spool was virtualised), once we lost licenses of paid music (= falls positive on the sanbox protection. DW never gave any problems).
Regards Kees

Where can I find aigle's ruleset then. If that is a "better" base set then I should use that. Also, this is one major thing that Neoava Guard has over EQS, is there a way to make the default action 'block'? That way it would take a lot less time to configure the rules for each application.

I PMed you.

{QUOTE-> Also, this is one major thing that Neoava Guard has over EQS, is there a way to make the default action 'block'? That way it would take a lot less time to configure the rules for each application. <-QUOTE}Not sure u are talking of NG or EQS here?
Both have this function though not full in case of NG.

Hi, EASTER

In reply to your request posted on DeepFreeze's thread RE EQsecure:

I checked its web site:
There is no indication when the newer version will be released, no trace of any activity at all. The mostly recent one is 3.41 released on 2007.09.26

There is an English Forum on its web site; after the main page opened, look at the far right TAB or use this link. http://www.eqsecure.com/bbs/ . then you will find it. Good luck.

Bug fixes, vista support, some sandbox and more features...
He's forum ID = 流氓兔, very active in bug report in his forum.

I suppose theres no benefit or interest for EQsecurity to open an English forum with either Europian or States servers to discuss their program. Their forum is plain lousy in that their server is slow as last years molasses just getting to the one little English Forum. :(

Not only that but theres not even any posts for November there yet that i could find. Looks like they are content to let things lay with that last version they released regardless of the attention it's received by other countries who find it a really worthy HIPS in a lot of ways.

So looks like it's stuck in the mud as-is and without an real english forum/english servers, theres little to be found out or discussed with it's developers/supporters from it's originating country.

This reminds me of yet another Chinese tease session just like with Power Shadow
They produce a few pretty good reliable programs only to allow them to remain in oblivion and turn a blind eye to the rest of the world who might would take great interest in them to their credit & reputation.

{QUOTE-> I suppose theres no benefit or interest for EQsecurity to open an English forum with either Europian or States servers to discuss their program. Their forum is plain lousy in that their server is slow as last years molasses just getting to the one little English Forum. :(

Not only that but theres not even any posts for November there yet that i could find. Looks like they are content to let things lay with that last version they released regardless of the attention it's received by other countries who find it a really worthy HIPS in a lot of ways.

So looks like it's stuck in the mud as-is and without an real english forum/english servers, theres little to be found out or discussed with it's developers/supporters from it's originating country.

This reminds me of yet another Chinese tease session just like with Power Shadow
They produce a few pretty good reliable programs only to allow them to remain in oblivion and turn a blind eye to the rest of the world who might would take great interest in them to their credit & reputation. <-QUOTE}
If you really have as many things to discuss about the latest version as you claim, why not actually make a post there first BEFORE moaning and groaning that they're not paying you any attention?

{QUOTE-> If you really have as many things to discuss about the latest version as you claim, why not actually make a post there first BEFORE moaning and groaning that they're not paying you any attention? <-QUOTE}

solcroft. You don't seem to understand when theres a real problem with Chinese servers, everyone in most countries experience it every single day and most eventually just give up and dismiss them.

As far as making a post, that could take better than an hour. The website progress bar just goes round and around and you get that "Install Chinese Language Pack" prompt every refresh.

Listen, it's no big deal to me, EQSecure is perfectly fine just as it is if that's all it's ever going to be released. And theres no moaning or groaning, it's simply a fact that if ANY product's developers/supporters make at least some kind of effort to accommadate other languages, or extend an english ONLY forum, who is going to benefit the most? It's creators of course, as well as attract & draw an equally loyal audience as well as a marketing following at some point.

It's a shame but Power Shadow falls in that same category as IceSword. I do realize though due to their national/government contraints it's probably not possible for them to make such provisions on a global scale or else it would already been done some time ago.

{QUOTE-> solcroft. You don't seem to understand when theres a real problem with Chinese servers, everyone in most countries experience it every single day and most eventually just give up and dismiss them.

As far as making a post, that could take better than an hour. The website progress bar just goes round and around and you get that "Install Chinese Language Pack" prompt every refresh. <-QUOTE}
I don't know, the reason for that might be the same one as for the FPs you get with ThreatFire on explorer.exe and Notepad - inexplicable, irreproduceable maladies that only you seem to suffer from.

I wonder if anyone will volunteer about their experiences with taking "better than an hour" to post on the EQSecure forum.

Sorry that i don't care to cater in some engagement of useless arguement of non-effect & interest. I'm merely stating a fact and it's certainly never been limited to EQSecure's forums. I've run into the same snail-pace loadings with strickly Chinese sites time and again so theres really no sense in making waves because their servers ARE restrained either by bandwidth restrictions or else the language barrier prevents equal opportunity to access.

Russina sites are of a very different dialect too but they seem to load just as well as english sites.

{QUOTE-> I don't know, the reason for that might be the same one as for the FPs you get with ThreatFire on explorer.exe and Notepad - inexplicable, irreproduceable maladies that only you seem to suffer from.

I wonder if anyone will volunteer about their experiences with taking "better than an hour" to post on the EQSecure forum. <-QUOTE}
I tried my best and was never able to post- from Saudi Arabia. I gave up in the end. I still have forum ID but it,s useless.

Well no matter any chance of getting anything on the forums let alone discussions, i just hold out some hope that they ramp EQS up a bit more yet with another next version because they are pretty darn close to drawing a tight ship with this invention and it would be a shame to see yet another useful security app stall out right in the middle of building it up to something no one would want to be without, if HIPS is your cup-a-tea.

Right now i've teamed up OnlineArmor (free) with the latest EQS and am reasonably satisfied with the results so far.

Can anyone post MD5 value of EQSecure v 3.41.

Thanks

EQSysSecureSetup.exe 3.41 md5 :78262C3A5DE83588940D1C6A752207DC
EQSysSecure 3.41 md5 :88999A34D1BF86E8B45713F57E03EB25

Thanks Meriadoc! much appreciated.