Light Weight HIPS for 64 bit OS

[Athletic]

Did someone tested WinPatrol Plus against malware ?

I just expect real-time alert, i don't expect that WinPatrol blocks malware.
Is it effective in that alerts, does it gives alert when most of the malwares penetrate in system ?
Unfortunately i can't find that kind of tests on Youtube.

[lordraiden]

Quote:

Originally Posted by Athletic

Did someone tested WinPatrol Plus against malware ?

I just expect real-time alert, i don't expect that WinPatrol blocks malware.
Is it effective in that alerts, does it gives alert when most of the malwares penetrate in system ?
Unfortunately i can't find that kind of tests on Youtube.

Don't lose your time testing WinPatrol against malware because is not going to block anything, the best info your will get from it is that something is going on...

[Athletic]

Quote:

Originally Posted by lordraiden

Don't lose your time testing WinPatrol against malware because is not going to block anything, the best info your will get from it is that something is going on...

I wrote that i don't expect blocking malware, and i don't need that.

I want real time alert !
Did someone test it and get that alerts, barking ?

I hope that now is brightly clear.

[lordraiden]

Quote:

Originally Posted by Athletic

I wrote that i don't expect blocking malware, and i don't need that.

I want real time alert !
Did someone test it and get that alerts, barking ?

I hope that now is brightly clear.

I know, but reading you seems that you have never use it.
Just read the name of the tabs in the program and you will know against what kind of stuff winpatrol will alert you. No need to ask here something so obvious.
http://www.winpatrol.com/mediakit/wpstartup640.jpg
If you are lucky with the samples used it will alert you for the 20% of the files, for things like an exe was added to the start menu... anyway winpatrol is useless to detect modern malware because it uses simple and old methods.

[Athletic]

Quote:

Originally Posted by lordraiden

I know, but reading you seems that you have never use it.

Wrong. Someone who never use it will expect blocking from Plus version.

Quote:

Just read the name of the tabs in the program and you will know against what kind of stuff winpatrol will alert you. No need to ask here something so obvious.
http://www.winpatrol.com/mediakit/wpstartup640.jpg
If you are lucky with the samples used it will alert you for the 20% of the files, for things like an exe was added to the start menu... anyway winpatrol is useless to detect modern malware because it uses simple and old methods.

Did you tested it or you talk just feeling that ? Where does modern malware goes if not into the: hidden files, services, host files, startup entry, (some registry monitoring also has)?

[lordraiden]

Quote:

Originally Posted by Athletic

Wrong. Someone who never use it will expect blocking from Plus version.

Wrong. Someone who never use it will expect a pink horse from Plus version. Unless they know how to read because is explained the their website.

Quote:

Originally Posted by Athletic

Did you tested it or you talk just feeling that ? Where does modern malware goes if not into the: hidden files, services, host files, startup entry, (some registry monitoring also has)?

Just try and you will see. Don't you have a VM? go to MDL and get some samples.
I tested a year ago and I didn't like the results, miss a lot of stuff and the stuff that detects is so obvious that you don't need WP, i mean if you execute malware, and you get your computer blocked or a weird screen, or new tray icons, new addons in ie... it's so clear that something has happened that you don't need WP to tell you... there is a new icon... yes I see it...
Also if you are installing something it's because you thing is good and WP tell you that is trying to start on every reboot why will you block it? a real HIPS will tell you more, even if you think is a good software you can start to think that is bad because of the kind of things that the program is trying to do.
Maybe if you are interested you can tested it and post the results here.

[Athletic]

I remember now the reason why many stuff pass without alert...it's because it detect and alerts only modifications from third party. No alerts for modifications started from user, that autor wrote many times. So maybe it has better results alerting some drive-by downloads, malicious scripts that pages executes etc...Starting (double click - executing) files by user will not be detected.

That's why we need more tests, not in the way you done it (because you executed them).

[Flexigav]

Quote:

Originally Posted by mattbiernat

PW froze my system the moment I installed it.
No a real fan of Comodo after their time machine made my system unbootable

I don't mind paying for sotware but I am not looking for a yearly basis subscribtion. I want to own, not rent.... just a personal bias.

Here my set up:

Rollback Rx
MSE
TinyWall blocking outgoing traffic
Malwarebytes Antimalware

Any suggestions? I think HIPS would fit in well for added extra security.

Private Firewall also froze my Win 7 64 system upon initial start up, however I just left the machine sitting there frozen for about 5 minutes and it suddenly came to life again and ran fine after that. I believe it froze my system while in a learning or system discovery phase during initialisation. IMO, it is a great program for users who just want to run their regular applications with security piece-of-mind against 0 hr attacks etc and not continuously load and unload new programs all the time as it has a learning curve that will never stop if you do this!

[Flexigav]

Quote:

Originally Posted by Noob

WinPatrol is more like a system change notifier for me.
I don't really like it because it is not as granular as a real HIPS and because depending on what happens it only alerts you of the changes but does not prevents it.

This sounds like a great companion to a sandbox or light virtual program that works the opposite...Great for remedying unwanted changes to your system, but lousy at detection and notification!

[AMIGA500]

I would highly recommend Comodo internet security.It has a very strong HIPS and is incredibly light on the system.Plus you get an excellent firewall too.
You will not find a lighter program anywhere.

I would not recommend privatefirewall as it has frozen many computers and you will see this in this forum.The program itself looks cheap and tacky.

Online armor is an excellent choice also and is on a par with comodo in my opinion.

Best of luck with whatever you choose.

[umbrapolaris]

CIS v5 HIPS must be tweaked for countering some ransomwares.
Since CIS v6 is on public beta stage, with some issues, the real BB implemented only on v6.1
i will suggest OA, it gives you full protection out of the box.

[Espresso]

Quote:

Originally Posted by mattbiernat

PW froze my system the moment I installed it.
No a real fan of Comodo after their time machine made my system unbootable
[...]
Rollback Rx

Funny that you run RollbackRX which uses the same type of inherently risky technology (IMO) that Comodo Time Machine was using. I wouldn't touch any of those MBR based rollback programs.

Comodo is a lightweight and solid choice for firewall and HIPS. It would be shortsighted to not consider it because of your experience with some unrelated (beta?) program.

[AMIGA500]

Quote:

Originally Posted by Espresso

Funny that you run RollbackRX which uses the same type of inherently risky technology (IMO) that Comodo Time Machine was using. I wouldn't touch any of those MBR based rollback programs.

Comodo is a lightweight and solid choice for firewall and HIPS. It would be shortsighted to not consider it because of your experience with some unrelated (beta?) program.

The problem with comodo time machine was actually uninstalling it.but the issues were thankfully a minority and i dont think comodo should be judged just on this one program,As a whole there products are pretty good in my opinion for being free.

[Techwiz]

Quote:

Originally Posted by Beethoven1770

The problem with comodo time machine was actually uninstalling it.but the issues were thankfully a minority and i dont think comodo should be judged just on this one program,As a whole there products are pretty good in my opinion for being free.

I had trouble in the past running CTM, but the free firewall is perfect for my needs.

[Noob]

OA is not really that light but pretty strong.