List of FW/HIPS with default deny modes?

Since discovering the virtues of learning mode in various HIPS, I've come to appreciate the capabilities of such software a bit more. However, even with learning mode, HIPS often strike me as having a serious flaw... They rely too much on user input. Click the wrong button -> bam, infected.

So, what HIPS software out there can be configured to ignore user input?

i.e.

Normal behavior: You're browsing somewhere in Firefox, and something tries to hijack your browser to run an evil payload. The HIPS asks if you want to proceed, and you click "Yes" without thinking. Much wailing and gnashing of teeth follows.

Default deny: Something tries to run an evil payload through your browser, and the HIPS immediately denies it, then gives you a popup notification about the denial. This way, the only way you could get infected is if you went to the hostile site while in learning mode.

---

Failing that... What HIPS incur some sort of delay when allowing an event? e.g.
- Requiring the user to click through an extra popup
- Having a countdown before the event can be allowed
- Requiring a selection from a drop-down menu, or a check box to be clicked
- Making the "Allow" button smaller and less visible than the "Deny" one

I know this sounds simple and probably stupid, but I suspect it's A Good Thing.

[a256886572008]

comodo with the configuration enabled,

internet security

[0strodamus]

Malware Defender has a "Silent Mode" that will disable all prompting.

[Blues7]

From the Comodo site fwiw...you'd need to research further to see if it meets your needs:

Quote:

Comodo Firewall uses a defaut-deny protection paradigm to make sure only known PC-safe applications are allowed to run. Auto Sandbox Technology™, a virtual operating environment for untrusted programs, means the default deny protection paradigm can be executed without disrupting the workflow of the user. Cloud based Behavior Analysis bolsters this proctection by helping to identify zero-day malware.

Also, PrivateFirewall requires (in manual mode / no auto-response) that you respond to and approve any pop-ups. If you don't respond to an alert, it's denied via policy.

[Dark Shadow]

AppGuard Just Install and set in lock down mode thats it,no learning Apps,No user decisions to be made,Excutables are Denied.

[Blues7]

Quote:

Originally Posted by djohn

AppGuard Just Install and set in lock down mode thats it,no learning Apps,No user decisions to be made,Excutables are Denied.

In line with that...NoVirusThanks Exe Radar Free (or Pro) should be able to take care of the default deny aspect of keeping a process from running without your explicit say so.

I tested the free version and it's a very small (meg or two) install and has some nice features and options and is very user friendly.

Of course you'd have to have you firewall as a separate app.

(If the payload is coming via the browser I prefer to just stop it dead with Sandboxie with its auto-delete function upon closing the browser.)

Thanks... Though Appguard and ExeRadar are "just" executable blockers, no? i.e. they won't stop a friendly process from being hijacked for malicious purposes? Or do they incorporate mechanisms to help reduce the risk of that?

[Blues7]

Quote:

Originally Posted by Gullible Jones

Thanks... Though Appguard and ExeRadar are "just" executable blockers, no? i.e. they won't stop a friendly process from being hijacked for malicious purposes? Or do they incorporate mechanisms to help reduce the risk of that?

I'd check with kjdemuth on the capabilities of Exe Radar Pro since he's been running it for some time now and can give you the lowdown on its capabilities in that regard. Also, the developer has posted regularly in the forums. I wouldn't want to misspeak since I no longer have it installed.

[Dark Shadow]

Quote:

Originally Posted by Gullible Jones

Thanks... Though Appguard and ExeRadar are "just" executable blockers, no? i.e. they won't stop a friendly process from being hijacked for malicious purposes? Or do they incorporate mechanisms to help reduce the risk of that?

See here in Lock Down.

[Dark Shadow]

Quote:

Originally Posted by Blues7

In line with that...NoVirusThanks Exe Radar Free (or Pro) should be able to take care of the default deny aspect of keeping a process from running without your explicit say so.

I tested the free version and it's a very small (meg or two) install and has some nice features and options and is very user friendly.

Of course you'd have to have you firewall as a separate app.

(If the payload is coming via the browser I prefer to just stop it dead with Sandboxie with its auto-delete function upon closing the browser.)

No argument from me Sandboxie is fantastic.