What is the best HIPS out there ?

I've tried a few Hips:

Prevx seems to slow down my machine
OnlineArmor screwed w/ my start up list
ProcessGuard doesn't play nicely w/ FD-ISR

ProSecurity is very nice

SSM gets my vote

I was in way over my head when I first installed it. After reading the forums and asking questions. I think I've got a handle on it now. I'm not claiming to be any kinda expert... After running it in "Learning Mode" taking it out of learning mode and answering a few popups. (reading the DETAILS in popups) If you feel compelled: configuring all the Parent / Child relationships...

I feel I'm pretty well protected.

...screamer

 

Hi Screamer - if OA caused you a problem, please drop me a PM.. happy to help you with it.


Mike

 

Pete, my mistake, it was process guard. I corrected it.

...screamer

 

I vote for Cyberhawk (version 1.1.0.4), which is non-intrusive, has a decent foot print and I don't notice impact on performance.

 

I have voted for SSM,..
This I have done, not simply for its excellent protection, but also due to the fact I have found that the SSM team listen to its customers,.. they listen and impliment good ideas brought forward,.. and fix any bugs reported_ very quickly.

 

Online Armor with AV+ was amazing since the first stages of beta. Along with all the other features, it is amazing. And the support!

Prevx1 comes closely behind it with lesser feature offerings.

 

SSM... Simply perfect.

 

System Safety Monitor:

1.EVERY malware test I have thrown at it I've been able to block

2.great support and committed company

3. REAL zero-second protection (does not work with a signature/data base)

4.monitors all running processes and operating system activity in real time

5. extremely fine-grained control over apps

 

Prevx1 here

 

Hi guys,

Sorry for the off-topic but I have a question regarding HIPS... I'm currently using Winpatrol PLUS, which I don't know whether it qualifies as a HIPS or not. Do you think that's enough? Besides the standard protection of course (avast home, Kerio PF, Windows Defender)...

Anyways I tried PrevX and although it seems pretty good it was really heavy on my system (PXAgent ~25MB, PXConsole ~6MB).

Now I'm trying SSM. Should I set it to learning mode?

 

i personaly do consider winpatrol an HIPS but to each their own.

as for learning mode, its up to you. some people dont like it and prefer to validate each app themselves. i havent tried SSM but id use learning mode as i dont like having lots of alerts.

as for the poll, i already voted for online armor but i have just recently switched to prevx. its memory usage is heavy but its being worked on, and its quite powerful and thorough on its policies. plus running in ABC mode, i havent seen any alert yet except for two small notifications when it is authenticating a program or scanning it.

 

Hi
The way I use SSM is this:

After installing SSM on a clean system I trust (for instance, a newly installed and patched OS), I set SSM in learning mode ("connect the user interface" - SSM icon is green in the systray), and I open every app I currently use in turn, one after another.

Each time, of course, SSM would intercept it and ask me what I wanna do with it. Since they're all apps I just decided to open myself, I answer "allow to run each time" for those.

Once this is done, I right-click on SSM and "disconnect the user interface" (SSM icon is grey in the systray), which means that now, SSM won't ask me anymore when a new app will try and start: it will then simply block it. Only the apps I previously launched and instructed SSM to allow will be able to run in this new "disconnected-user" mode I just set.

It stays that way from then on. In the options of SSM, I check the option "start automatically at OS startup" and uncheck "connect user interface automatically". I also instruct SSM to monitor apps, processes, services, regkeys and so on, also by right-clicking in the systray.

That's it. Your system is now bulletproof against any leaktest or whatever bad app which would even try and install on your system.

This way, you don't have to always play questions and answers with SSM: it now knows what to do and what not to allow (which is anything it doesn't know or trust already).

Try it: it succeeds against any leaktest or whatever I ever throw at it. That's not a surprise once you set SSM up the proper way.

Cheers

 

Hi, I think learning mode is must with SSM otherwise u will waste ur time with pop ups.
Put it in learning mode and do watever u are doing normally every day. When u think it is over then go to normal mode.
About WinPatrol, if u use windows defender then I think it covers a lot of things covered by WinPatrol( new start up enteries, new services etc). I will personally remoeve it if I am using Ws Defender.

 

Thanks for the help guys!

 

I like to do like this but I want to ask, this way is it not going to cause any trouble with auto- updates of windows and Av etc? I put it in learning mode for many days but still it pops up some times( after AV and probably after windows auto-updates).

 

Also what of the HIPS is the less resource consuming? (but still a good one?)

 

of teh various HIPS ive tried, ProcessGuard is the lightest. Its no slouch either, it can block drivers, hooks, process modification/termination, etc...

 

Thanks and
How is SSM in resources usage?

 

SSM is quite light on resources, it uses about 8MB on my system (XP PRO SP2).

Max

 

Thanks, I will try SSM.

 

Online Armor - without a doubt.

 

+1
Cheers,
Hervé

 

@ dylanfan

I use SSM in the same way, however I´ve noticed that if I choose to use the "block everything paranoid mode" setting, some browsers will not work correctly. So that´s why I´ve installed Neoava Guard as a backup HIPS because SSM will not block everything when in "block process creation" mode.

 

DefenseWall deserved a place in this poll