http://www.zemana.com/keylogger_test.aspx

Threatfire: FAIL, on level 4 to boot (which recognized a fullscreen game as a potential keylogger).

GeSWall: FAIL, no notifications and no blocking of the fake keylogger.

GMER: FAIL of course. (I'm beginning to think GMER's HIPS functionality was never completed.)

Any other successes/failures? How do paid HIPS systems do? How about COMODO?

Update...

Wine under Debian: PASS. It never logs keystrokes at all, not even when focused.

geswall isnt exactly a hips, and how did you test geswall against this keylogger? if you just isolated it im not sure thats what its designed to protect from.
keyscrambler is my answer to protection against it, not catching it though.

Not too sure on your answer - look forward to seeing another's reply.

But I will vouch that Zemana is sensitive on the areas it says it targets, such as programs retrieving clipboard data. Received a popup from openoffice portable (right away) and faststone image viewer (only when copying and pasting filenames etc). Otherwise it's relatively quiet, set and forget.

211690

comodo defense plus with all options check

Prevx caught it. :)

-{ Quote: "Prevx caught it. :)" }-i was going to say this;)

-{ Quote: "http://www.zemana.com/keylogger_test.aspx

Threatfire: FAIL, on level 4 to boot (which recognized a fullscreen game as a potential keylogger).

GeSWall: FAIL, no notifications and no blocking of the fake keylogger.

GMER: FAIL of course. (I'm beginning to think GMER's HIPS functionality was never completed.)

Any other successes/failures? How do paid HIPS systems do? How about COMODO?" }-

Defencewall: PASS, Prevx: Pass

Outpose Firewall Pro: FAILED

Online Armor Premium: Pass
(Prevx flagged also)

Tried the test opened inside Sandboxie with no file or registry restrictions.

Online Armor Premium: Pass
Prevx: Pass

Sandboxie (rights restriction enabled): FAIL

-{ Quote: "http://www.zemana.com/keylogger_test.aspx

Threatfire: FAIL, on level 4 to boot (which recognized a fullscreen game as a potential keylogger).

GeSWall: FAIL, no notifications and no blocking of the fake keylogger.

GMER: FAIL of course. (I'm beginning to think GMER's HIPS functionality was never completed.)

Any other successes/failures? How do paid HIPS systems do? How about COMODO?" }-
GesWall deals it very well. What do u expect BTW?

211696
211697
211698
211699

101% agree with aigle.

Ah... I expected GeSWall to recognize and ask if I wanted to isolate the keylogger test even if it was run as trusted (as it would with a browser). Guess it doesn't have as much HIPS functionality as I thought. :-[

TESTING 4 REAL

You have to Allow this test, and any others like it, to run. Otherwise you are NOT testing at it/them ! In fact, all you are doing is blocking the initial launch .EXE from running.

The ACTUAL test itself Never runs, so that means your defences/security against Keylogging/Screen capture etc don't even get a chance to try and prevent this, or not.

DefenseWall / Pass

211702
211703

MalwareDefender / Pass

211704

-{ Quote: "Ah... I expected GeSWall to recognize and ask if I wanted to isolate the keylogger test even if it was run as trusted (as it would with a browser). Guess it doesn't have as much HIPS functionality as I thought. :-[" }-
U got it wrong. GesWall has nothing to do with trusted application execution.

-{ Quote: "Sandboxie (rights restriction enabled): FAIL" }-

Bear in mind Sandboxie isn't designed to stop this, especially if the user initiates it. But if I run it from any browser, then it never gets off the ground.

http://www.wilderssecurity.com/showthread.php?t=218451&highlight=Zemana

-{ Quote: "Ah... I expected GeSWall to recognize and ask if I wanted to isolate the keylogger test even if it was run as trusted (as it would with a browser). Guess it doesn't have as much HIPS functionality as I thought. :-[" }-
your right, it doesnt have much hips fuctionality, because it isnt really a hips, its a control policy for browsers or anything you want it to work on.
why would it ask to isolate a exe if you run it trusted? and if you downloaded it from a isolated browser, it would automatically run isolated unless labeled as trusted... it only does what you ask it to, its not a hips program.

ZoneAlarm Pro ver 9: Pass 8)

Nice to see ZA in action. It was my first ever HIPS to try and I was so much fascinated indeed. I blocked a nasty spyware while it was hooking IE. It was not cleaned by dozens of scanners and I was almost unable to connect to internet.

hmm i find it strange how for me Outpost Firewall Pro on Advanced mode didnt detect this test at all :/

-{ Quote: "Maybe post it on their support forums. Outpost's Classical HIPS should easily block these tests." }-

i thought it wuld, i just tried and even at maximum, not a peep... can anyone else confirm this?

FortiClient = Fails

Heuristics in real time enabled and set to deny access on detection. It does offer Keylogger detection so fails for moi.