are there more apps than the 2 popular ones threatfire and mamutu out there free or paid to evaluate?stand alone Behabiour blockers?thanks in advance;)

Prevx Edge. It uses very advanced Heuristic detection methods. I have been very pleased with prevx products, and they run great with almost any security product.

About Behabiour blocker?
it's behaviour

Give Prevx Edge a go. Fantastic program and support is A+.

:thumb: x 10

I failed to mention Zemana antilogger earlier. Its also an excellent behavioral blocker. Its known for its ability to block key loggers, screen logger, clip loggers, web loggers.. lol any kind of logger you want to throw at it. It appears to be capable of blocking any category of malware in the wild. I've been giving it a test run, and i really like what i see so far. It uses white listing from their own database as well so you want get a bunch of false positives like some products. I hope Zemana keeps up the good work. Just read about it on their website http://www.zemana.com/list/list.aspx

you could give DriveSentry a go, its my fav, except for the bugs it has.

woooo there is plenty out there i didnt know;)
thanks:thumb:

Drive Sentry
Mamutu
Norton Antibot
Prevx Edge
Sana Security Safe Connect
Threatfire
Zemana

IMO the best of the bunch is Drive Sentry,Mamutu,prevx Edge,Zemana.

-{ Quote: "Drive Sentry
Mamutu
Norton Antibot
Prevx Edge
Sana Security Safe Connect
Threatfire
Zemana

IMO the best of the bunch is Drive Sentry,Mamutu,prevx Edge,Zemana." }-hey john with your own experience which one will play nicer with defencewall zemana?mamutu?or edge?which one will you recomend?

is WinPatrol a behabiour blocker?

-{ Quote: "hey john with your own experience which one will play nicer with defencewall zemana?mamutu?or edge?which one will you recomend?" }-

I have not tested mamutu with DW but Zemana runs great with DW and compliment each other nicely.For Keyloggers protection IMHO Zemana is cream of the crop as far as behavior blocker goes.What Zemana is not a scanner per say nor a cleaner or community base.

-{ Quote: "is WinPatrol a behabiour blocker?" }-

winpatrol monitors changes and uses heuristics So IMO I consider it a behavior base or a very light hips,Of course many will disagree with the hips part.Windows Defender in advanced spy net many consider that to be a hips.Winpatrol does about the same and more.IMO at minimum Winpatrol is a behavior blocker or should say monitor.

-{ Quote: "winpatrol monitors changes and uses heuristics So IMO I consider it a behavior base or a very light hips,Of course many will disagree with the hips part.Windows Defender in advanced spy net many consider that to be a hips.Winpatrol does about the same and more.IMO at minimum Winpatrol is a behavior blocker or should say monitor." }-thanks buddy for explanation:thumb:

-{ Quote: "thanks buddy for explanation:thumb:" }-

your very welcome.

-{ Quote: "hey john with your own experience which one will play nicer with defencewall zemana?mamutu?or edge?which one will you recomend?" }-

Ive used mamutu with defencewall and it worked fine, not sure about prevx edge though

-{ Quote: "Ive used mamutu with defencewall and it worked fine, not sure about prevx edge though" }-which one is a closer to a good and strong bb drivesentry,prevx or winpatrol plus?thanks

WinPatrol is a poller. Even in the PLUS version, simply the polling interval is set at zero. But it doesn't use hooks. I usually can install Comodo, reboot and only after reboot Winpatrol Plus signals a new startup entry (a bit too late). It also has no serious ability to analyze behaviour. Behaviour analysis, is supposed to be able to merge info from various sources , so to generate an alert. Do a simple 1+1 = 2. Winpatrol can't do that. It is simply programmed to poll and thus monitor certain locations for changes. If it finds a change, you are asked to approve. That's it. It monitors your hosts file, startup, services, hidden processes, file associations, etc and alerts you. I don't consider this behaviour analysis. But i wouldn't bet anything serious that it could fend a trojan. I see it more as an alerter with probably use against spyware. You can see it here against real malware. At least in one case, judging from Twister's alert, registry modification is included. But WinPatrol doesn't see that either. Apparently it was a registry key that isn't monitoring.

http://youtube.com/watch?v=Y6J34qMtlZQ

-{ Quote: "which one is a closer to a good and strong bb drivesentry,prevx or winpatrol plus?thanks" }-

Definetely not Winpatrol plus. DriveSentry and PrevX are of similar concept and in an another level compared to Winpatrol Plus. I 'd say run both and see which suits you best. PrevX is probably better in behaviour analysis. But Drive Sentry has a free version and the paid version has lifetime license...

Winpatrol is very nice to get a picture of the changes made by software installations like autoruns, new services, extensions etc.

-{ Quote: "Definetely not Winpatrol plus. DriveSentry and PrevX are of similar concept and in an another level compared to Winpatrol Plus. I 'd say run both and see which suits you best. PrevX is probably better in behaviour analysis. But Drive Sentry has a free version and the paid version has lifetime license..." }-cool thanks and also thanks about the winpatrol explanation:thumb:

-{ Quote: "which one is a closer to a good and strong bb drivesentry,prevx or winpatrol plus?thanks" }-

IMO, i find DriveSentry to be a stronger BB, it protects folders that u can specify and auto monitors changes in system critical folders like a normal HIPS would and alerts u if something is changed there, plus it offer behavior blocking, that way it doesnt overload u with popups, it also has a large whitelist and blacklist as well to limit notifications.

Prevx Edge might be more versatile though since it has BB, and typical signaturs, although if u want u can run DS with its BB + its AV, i prefer not to as it sometimes conflicts with other AV's but Prevx Signatures dont.

-{ Quote: "cool thanks and also thanks about the winpatrol explanation:thumb:" }-

Winpatrol is cute and i have bought the plus version. But, IMHO, for someone with your setup, it's redundant. Nothing Malware Defender can't do. I myself don't run it, because Twister's FDD is much better and i also run RegProt that intervenes immediately for startup keys (faster than Winpatrol Plus). For me, Winpatrol is getting obsolete and more cpu-hungry as time passes. I saw the new features of the current beta and there is nothing of substantial improvement. If i were the author, i would turn it into a Mamutu-like behaviour blocker, if i could. Or at least make it a bit more robust. Some alerts come too late.
Plus, the last time i ran the 2008.15 (?) version, it was eating as much cpu time as Threatfire almost. So, why not run TF instead, which is much better... I mean, it won't tell you like TF "malware!". It will tell you that this changed , keep the change or not? So, a bit like classical hips, only much weaker. That's why i don't run it anymore.

-{ Quote: "Winpatrol is cute and i have bought the plus version. But, IMHO, for someone with your setup, it's redundant. Nothing Malware Defender can't do. I myself don't run it, because Twister's FDD is much better and i also run RegProt that intervenes immediately for startup keys (faster than Winpatrol Plus). For me, Winpatrol is getting obsolete and more cpu-hungry as time passes. I saw the new features of the current beta and there is nothing of substantial improvement. If i were the author, i would turn it into a Mamutu-like behaviour blocker, if i could. Or at least make it a bit more robust. Some alerts come too late.
Plus, the last time i ran the 2008.15 (?) version, it was eating as much cpu time as Threatfire almost. So, why not run TF instead, which is much better... I mean, it won't tell you like TF "malware!". It will tell you that this changed , keep the change or not? So, a bit like classical hips, only much weaker. That's why i don't run it anymore." }-manny thanks and yes i noticed the delay of pop ups also

-{ Quote: "IMO, i find DriveSentry to be a stronger BB, it protects folders that u can specify and auto monitors changes in system critical folders like a normal HIPS would and alerts u if something is changed there, plus it offer behavior blocking, that way it doesnt overload u with popups, it also has a large whitelist and blacklist as well to limit notifications.

Prevx Edge might be more versatile though since it has BB, and typical signaturs, although if u want u can run DS with its BB + its AV, i prefer not to as it sometimes conflicts with other AV's but Prevx Signatures dont." }-
i will give both a try again and see the difference i will let you know thanks:thumb:

-{ Quote: "i will give both a try again and see the difference i will let you know thanks:thumb:" }-

np, 1 thing i will say is, prevx edge is probably a bit lighter and user friendly. but i didnt notice much performance impact with DS (while using the little patch provided in the Katie DriveSentry thread)

-{ Quote: "np, 1 thing i will say is, prevx edge is probably a bit lighter and user friendly. but i didnt notice much performance impact with DS (while using the little patch provided in the Katie DriveSentry thread)" }-ok i see thanks again

-{ Quote: "Prevx Edge. It uses very advanced Heuristic detection methods. I have been very pleased with prevx products, and they run great with almost any security product." }-OP asked for "behavior blockers" (BB) such as Threatfire & Mamutu. Many of the replies are listing apps which are NOT BBs, & are not comparable to TF or Mamu.

For definitions of BB, see Hither (http://www.eset.com/threat-center/blog/?p=16), Thither (http://www.securityfocus.com/infocus/1557), and Yon (http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm).

By the way, "heuristics" & "behavior blocker" are NOT synonymous terms.

The other apps listed in prior comments, such as Prevx Edge & Drive Sentry, have some BB attributes, but with a LOT more capabilities tacked onto them.

Threatfire & Mamutu are relatively "pure" behavior blockers. The only other "pure" stand-alone BB (AFAIK) is Primary Response SafeConnect.

Totally agree. :thumb: :thumb:

DS, Zemana, WP.. are being called as Behav blockers.....ok, then any thing can be called a behav blocker.

Behav blockers are:

1- TF
2- PRSC, Norton Antibot
3- Mamutu
4- SONAR but it is not standalone, it,s part of NIS
5- MicrPoint - also not standalone( has lot of signatures also I think)
6- ZAP HIPS( they work more like a behav blocker rather than a classical HIPS)
7- There was something like NovaShield but it was very poor
8- Another one I once read was only for Vista but I never heard about it later and don,t remember the name even

hmmm..... wat else... may be we see more of such applications in future.

Good reading. Thanks for asking jmonge and thanks for links too bellgamin. This stuff is starting to sink in a little now.:)

Uh-huh, well, I can see from working bellgamin's homework assignment that HIPS is intended to give you a much more thorough/detailed picture and degree of control and can see how it can be educational AND I can see how a sophisticated behavior blocker can alert you more thoroughly to risky changes going on, BUT I can see that their utility certainly depends on the sophistication of the user.

I might could dabble with some of these and learn more but I will say that WP Plus has been a good aid to me at my level of knowledge (or ignorance, if you wish). The things I don't have a steel trap granular grasp of in the system, I must rely on NIS and TrojanHunter (more recently DS and Mamutu on different machines) to protect me from. Maybe it's just the way that WPPlus's info is organized all under that one little doggie that makes the system overview more intuitive for me.

Yes, WPPlus is not in the same class as many of these other softwares but, then again, my knowledge level and time I can spend grunting out all the details is not in the same class as some of you, I'm sure.

I'll probably just stick with little Scotty until I run him into the ground like all my other dogs and cars I've owned. LOL

In the meantime, I'll keep on reading....

-{ Quote: "Good reading. Thanks for asking jmonge and thanks for links too bellgamin. This stuff is starting to sink in a little now.:)" }-you are welcome;D

Only Threatfire and WinPatrol offer a free version, am I right? ::)

threatfire does and winpatrol isnt a BB anyways.

-{ Quote: "threatfire does and winpatrol isnt a BB anyways." }-
i am confuse now??? ;D what is winpatrol plus?;D

mmm...sorta an IDS

-{ Quote: "mmm...sorta an IDS" }-intrution detention system?close to hips then?

one guy tested winpatrol but i dont know if he tested the free or the plus version,any way winpatrol fail the test cause i think he used virus samples insted of spyware samples and winpatrol is not antivirus it is not but may be close to protect againts spywares:)

WP belongs in the categories of "Light HIPS" n 3d party "Taskmanagers" so its a hybrid really

-{ Quote: "i am confuse now??? ;D what is winpatrol plus?;D" }-

Why not just try it out? The free version gives you the core functionality. The Plus version is not dramatically different/better.

-{ Quote: "Why not just try it out? The free version gives you the core functionality. The Plus version is not dramatically different/better." }-but they say that with the paid version you'll get the benefit of real time infiltration detection system in real time;)

-{ Quote: "WP belongs in the categories of "Light HIPS" n 3d party "Taskmanagers" so its a hybrid really" }-"Light HIPS" cool:thumb: cause i love hips;D

-{ Quote: ""Light HIPS" cool:thumb: cause i love hips;D" }-

I know you do and in that case its not for you. I think youd be best of with at least 3 classical HIPS ;D

-{ Quote: ""Light HIPS" cool:thumb: cause i love hips;D" }-
lol :P tricky

-{ Quote: "lol :P tricky" }-yeap:)

-{ Quote: "I know you do and in that case its not for you. I think youd be best of with at least 3 classical HIPS ;D" }-i will never get a hips program in my wife computer cause she'll go nuts;D :) i got her easy stuff like defensewall and or AppRanger:thumb: and for mua malware defender which give alot and i mean alot of pop ups;D (normal mode)and mamutu or drivesentry:thumb: no problem;) as long wife is happy and has a quiet pc i am happy too;)

-{ Quote: "threatfire does and winpatrol isnt a BB anyways." }-

I tested threatfire a few days ago but my machine was getting slow like a snail :-[

-{ Quote: "
Drive Sentry
Prevx Edge
Zemana
" }-

Are there any free versions available? :doubt:

Edit: What about EdgeGuard Solo (http://www.blueridgenetworks.com/solutions/edgeguardsolo/)?

-{ Quote: "



Are there any free versions available? :doubt:

Edit: What about EdgeGuard Solo (http://www.blueridgenetworks.com/solutions/edgeguardsolo/)?" }-

Drivesentry is free, prevx edge has an unlimited trial (doesnt clean infections, just detects) and i dont think zemana has any free version.

edgeguard is NOT a BB.

Thank you firzen :thumb:

-{ Quote: "Thank you firzen :thumb:" }-

no problem :)

take a look here



http://freeware.wikia.com/wiki/Lists_of_freeware_behavior_blockers

-{ Quote: "take a look here



http://freeware.wikia.com/wiki/Lists_of_freeware_behavior_blockers" }-

that list is FAR from being only BB's...

Judging from past products and what they were able to accomplish or not, Behavioral Blockers run fairly close to being a spinoff of a full blown HIPS in my opinion, maybe someone could better give a more accurate description, but to me they seem to perform as a portion of a HIPS in some ways.

CyberHawk now ThreatFire seemed to break some good ground in this respect but soon after many versions of trying to perfect it's code seemed just too much time & resources to put into a program that likely wasn't going to give them at least equal returns that they invested in it in time, effort, and hourly wages. So it was passed over to PCTools as we already know. Now they HAVE done some IMO better advancements in this special field of programs but like Novatix before them seem to have hit a snag too.

I dunno what it is about what few BB's are available but with the exception IMO of Mamutu, they must be a heck of a chore to perfect up to user's/customer's expectations and just plain abilities.

AS far as MAMUTU, i chalk that company up as having the advantage of being around since way back in Windows 98 days as A2Squared AS, and likely have a long experienced seasoned staff of programmers who are pretty good.

Returning again to TF, to me, they seem so very close to finally bringing TF all the way up to a marketable & maybe profitable product but unknowns to me seem to have come to a screeching halt just like back when Novatix had just about made it a desirable Behavioral Blocker.

All i can conclude at this point, again, is that, it must really take some fine line DIFFICULT programming to fashion a satisfactory and profitable BB, so remains to be seen what the future holds for the rest of them.

In the meantime, and feel free to contest my own choice at your pleasure, i find no other BB as well made and reliable as MAMUTU and i think EMSI is done a great service of even getting involved in Behavioral Blockers to begin with.

EASTER