currently i know of three HIPS that offer this functionality: AppDefend (part of GSS) ProSecurity (not sure) SSM (paid version) for AppDefend, it lets u allow/block always or once. what about the other two? how does their memory usage compare?
SSM: will control access to a trusted zone (user config) or untrusted (all internet), I do not think this blocks inbound. Prosecurity: will control inbound/outbound TCP: control UDP / RAWIP Both will allow/block once/always(remember) Memory usage: (I have PS currently installed, so can only give mem usage for that at the moment) 2 process:- current total:- Mem:7,900k VM:6,900k