Review EQSecure 3.3

The EQSecure English language forums are up.

To read and post, browse to

http://www.eqspywatch.com/bbs

and refer to the screenshots for instructions for how to register (pics 1 and 2) and login (pic 3).

EDIT: The pictures refuse to be posted in the correct order, for some reason; read them in the sequence of 2, 3, 1.

 

I have 2 wishes:


Remember in my post, I changed the rules to prompt + block instead of prompt + allow. After an rompt of EQS, you woul dthink the newly acceptec program would get your own modified default rules. In stead the newly generated exception rule in Application's rules (second tab) gets the system 1default values.

When allowing certaing parent child processes to execute, you would like the default (in my case) prompt + ask, to be set to allow (when remember choice was selected). This is indeed the case, but it again gets all the default rules of the system protect mode (called Normal) in stead of teh ones you made/changed yourself.

Regards Kees

 

1)which setting to EQSecure i must to create that,for example,when i visit some malicious web site EQSecure will alert me,that \"some exe is trying to execute:allow/deny\"?
2)which is the latest version?v 3.4 RC2?
3)is it free of charge?any limitations of trial?
thanks a lot.await reply

 

I'm starting to fall asleep waiting on final release version

The expectations are high enough to keep most interested in what to expect though, i just hope it pans out alright.

The 3.3 version is been really exciting and fun to work with.

 

Same here ,

I tried 3.4 and on start up and close down EQS triggered to guard with my ruleset (same rule set I used with 3.3, .............., so protection of 3.4 is better).

Only problem was that the remember/allow always option did not work at system close down. I reported this to EQS.

I think they have to find a delayed update of rules (at system close down). Well programmed code always responds in the same way when triggered. Now they have to program two sets of logic for the same trigger, with the only difference being the context (normal operation or close down). So besides the technological diificulty to establish a forced disk save at system shutdown, the programmer problably wants a better architectural design for this additional code.

Off course this is only speculation, but sometimes you find big bugs in release candidates, which require to go back to drawing board.

Maybe it takes some time for 3.4 to be releases as final. Then again, it is better for the quality of the program to take your time to solve these kind of difficult issues.

Regards Kees

 

I just D/L'd EQSecure to a clean machine. Is it possible to just run it in Learning Mode (running all my applications & re-booting) for a while and then change to Normal or Behaviour Mode.

I read about as much as I can and I'm not really sure I fully understand how to set up this app manually.

tia,

...screamer

 

As nice as this HIPS started out to be it seems they might be over their head with getting it straightened out enough to be a viable alternative, some recent SSDT Tble unhooking tests seem to bare that out.

They desparately would benefit from a strickly ENGLISH forum, seems many were even turned off by the really nice app Power Shadow because of the language barrier.

AFAIK EQSecure currently appears in limbo. Like to see them get improvements underway and give equal attention to the english speaking cultures too.

Otherwise, it's just a flash in the pan to fade into oblivion IMO.

 

@Easter

you may want to check out this post :
https://www.wilderssecurity.com/showpost.php?p=1049665&postcount=63

it seems eqsecure 3.4 (but not 3.3) passes all the unhooking tests that nicM used.

 

I'm confused is EQSecure 3.4 out or not?

Never mind i figured it out already. LOL you would think someone who could read chinese wouldn't be so confused.

 

zopzop

If you have a link to the latest EQSecure please post it. I don't see it anyplace on the link you offered

Thanks

Plus your link points only to SSM test.

Also is it in English or chineee?

 

@easter

i don't have a link to eqsecure 3.4. i was only pointing out that nicM reran the unhooking tests vs an updated SSM and eqsecure (3.4 not 3.3) and they both passed all 7 tests. sorry for the confusion

 

Thanks and no problem zopzop, thanks to bring this to our attention. My chief interest lies in IF the latest 3.4 is been fashioned well enough to protect it's SSDT Table positions and not so easily displaced by another invader and thus render it's security useless.

 

Actually there is a link on the forum. I haven't installed it yet, but when i run the installer it says 3.4. No idea if it's rc or not.

 

Here's a link to the download of version 3.4. It was posted 8-1-07. I'm pretty sure it's the latest version and not a rc. Mine says 3.4 and nothing about a rc. http://www.eqspywatch.com/bbs/read.php?tid=5634

 

Many thanks guys. Got it onboard and in process of taking it around awhile for a field sobriety test. LoL

 

Dear Easter,

Would you be so kind to run the test Aigle did on NeoavaGuard newest beta?

Thanks in advance

Kees

 

I can't promise it real soon but i will when i have time take it for a spin and see what develops for us with posted results that i find.

 

I know there is another thread about EQSecure 3.41, but I wanted to post here because it seems more comprehensive and related to my queries. I currently use SSM, but because it is no longer being developed, and indeed seems dead, I was looking at switching to EQSecure. How comparable it EQSecure to SSM Pro? Does it have the ability to block termination and restart processes? Also, how to I import the rules/setting that are listed in the first page of this thread? Thanks.

Nate

 

The rule setting is overhauled and a lot better structured and easier to do. EQS is as strong as SSM pro (may be even better). I stopped using a paid SSM Pro and started to use (the more difficult to set up 3.3. version). Aigle and Solcroft will help you, since I changed my security from classical HIPS to Behavior blocking and Policy Sandboxes on all our machines.

A strong freeware alternative to EQSecure could be:
- OA Free (SSM like HIPS but easier to use and strong Firewall)
- ThreatFire free (intelligent behavior blocker).

Regards Kees

 

- Why u think SSM is dead? It,s development is slow but it,s not dead I think.

- I have not used SSM pro so can,t compare it with EQS.

- EQS hasvery strong termination protection. Restart option is not there I think( not sure).

- For importing/ exporting all rules I just shutdown EQs and manually copy/ paste a single or two xml files from its profgram files folder.

Best way is to install it and try, only then u can know if it suits u or not.

 

I for one hold a FULL license to SSM and it's adequate and effective of course as expected. The only reason i begin to migrate away is because of 2 changes SSM made that i don't like one iota and is why i only use (on another snapshot), and older version. The modified registry screen is a total wreck compared to it's earlier versions IMO only, and confusing to say the least. I'm not into relearning a completely different look on a HIPS that took awhile to get a grip on in the first place, and i consider myself pretty advanced in these type programs, but that was a complete stopper for me.

The other is the network addition or semi-firewall if you will. IMO that was not needed in SSM and is even killed my internet consistently, eventually forcing me to disable it entirely, so why have a program where you need to leave componants turned off?

Anyway, those are my disappointments in SSM to date, and yes i even undated to the latest version recently and i am still turned off. At least they have boned up the prompt GUI box, it is been so Windows 98 looking material Of course substance rules over appearance i know, but in EQSecure you can have the best of both without sacrificing function or looks, and with it's nice fade-in alert boxes & configurable delay settings it does show off a more 21st century New-Age approach.

 

Very curious user of 3.41 of this EQS and so far it's held it's own fairly well enough but wondering if Kees1958 or any other users of it before have any news on another version release or additions being considered if not already.

It's been a long absence from my point of view from any news with substance in all HIPS camps ATM.

 

Eastern,

Sorry, we are on sandboxes (DefenseWall, GeSWall, HauteSecure+LUA) and behavior blockers (ThreatFire, Mamuto, PRSC) on all PC's now.

You might give Comodo V3 a spin. It is really a feat they were able to let it worl with Vista64. Current version to talkative for a gaming PC, may be later version will be used on obe of our PC's.

Regards Kees

 

I see, ok thanks.

I still rely on layered security and EQS is a great educational as well as efficient addition to my wall of defense shielding. Was curious if anyone else was still tooting that horn or not.

Right now i only employ during normal web site reading EQS + SandboxIE + either Power Shadow or AE in an FD-ISR snapshot, followed at reboot with Tiny Watcher. Rather trim defense compared to some.

EQS really fills the bill as goes a classical HIPS.

To ramp up defense shielding for more riskier probing other alternatives are listed in my sig.

 

Re: Review EQSecure 3.3/now 3.4.1

Look for updated filers

File and registry protection https://www.wilderssecurity.com/showpost.php?p=1175673&postcount=37

And some errors corrected in the standard filter: View attachment 197507

rename filters as XML then import


Consider this as a combo https://www.wilderssecurity.com/showpost.php?p=1175760&postcount=39