EQSecure 3.4 released + non-official language file

New version is very impressive and very nice. It has a complete protection, anti-executable, registry defence and file protection.I wonder why it,s still free.

I tried Prueba malware discused here and once allowed to execute i get exploere.exe memory modification pop up. After this message form prueba that it will not run due to system monitor software( probably EQS). Result is same whether u allow memoy modification or not?

Also this version is able to protect against a special type of termination method discussed here.

https://www.wilderssecurity.com/showthread.php?t=172653&highlight=termination

BTW there is an outbound connection alert from Comodo( I have disbaled autoupdate of EQS), should I allow this connection or not( I think it,s checking for MS signatures)?

 

1. I can confirm this crash on my end. I'll report it.

2. I'm not sure how clearer it can be, as the type of action is stated in no uncertain terms on the prompt windows. Do you want different fonts, colors etc. for each different event?

3. This is going to introduce a very big leak in your defenses since some malware will masquerade under filenames of system files like svchost.exe or explorer.exe, unless you have MD5 verification enabled. However, to have EQSecure not check the path of files, simply write the rule so that it points to *\filename.exe. The rule will then match all files named filename.exe, and then you can do whatever you want with it.

4. EQSecure will by default automatically create rules for programs digitally signed by Microsoft. There was a discussion once IIRC whether to follow ProSecurity's example and enable Learning Mode by default, but I think the decision was made in the end not to.

Lastly, prueba is actually a variant of the Bifrose trojan, as tested by nicM in his kernel unhookers tests. EQSecure now blocks it with the following prompt window.

 

Thanks Solcroft.

I mean they can make this text bold with a background color different than the rest of popup to make it more prominant.

I never plan to enable it without MD5 checksum. In that case it will not be risky. Anyway I suggested it just as an option( not the deafult setting).

Strange that I don,t get such an alert. See the pop ups I get in my last message. Anyway I will try to check it later sometime.

 

Here is the outbound alert I get with updates disabled.

 

A ping of this IP resolves it to a Microsoft URL. Apparently EQSecure does this to verify the signatures of digitally-signed programs from Microsoft.

 

Might be some a problem related to my virtual machine since I have experimented quite a lot, but still I don´t see why it can´t run, other HIPS don´t have any problems.

Well, it looks very dead to me, can you give me a link to the latest official English version?

 

I downloaded from the link above and it,s installed in English.

http://www.eqspywatch.com/download/EQSysSecureSetup.exe

 

Thanks. It was my guess too but I did not check for IP.

 

I shut down CH and Antivir services and was able to run Prueba and got the popups as posted by Solcroft.

 

Rasheed,

That IS the link to the official English version, as I've already mentioned earlier. It detects your OS language and runs the install in either English or Chinese depending on your system. You can also switch the interface language in the program options.

 

Interesting. Did Cyberhawk get updated lately? I remember one of the developers saying they'd block access to the undocumented APIs in a coming release - maybe that's what happened?

 

No, it,s same older version. Only prueba denied to run saying of some monitor program running( not sure which one, I have encountered it once before with prueba). I have run pruebe before with CH. CH was blind to it and I notified it to CH support.

 

Thanks for the link Aigle, I finally got EQSecure to work on one of my machines, and it offers some nice protection, but I´m not really impressed and do not like the GUI/ease of use, so it´s not for me.

 

Seems as u need to develop ur own HIPS as u don,t like any HIPS. I am not sure what sort of protection u need, probably one that never exists.
EQS is free and seems to offer same or more protection as SSM Pro.

 

To some extent, I'll say that EQSecure does offer better protection than SSM due to file protection. I remember a trojan that once modified svchost.exe as part of its payload, and all SSM could do was notify me that the MD5 had changed. That was when I started using Winpooch in tandem with SSM.

There are also some USB worms that, once allowed to execute, bypass SSM completely as they involve no further process activity - only overwriting all exe files on the hard disk and creating copies of itself on removable drives.

 

LOL, my thoughts exactly.

 

I agree!

BTW can you please suggest them an option for assigning two hotkeys, just to answer a popup in Yes or No via keybaord.
Pls check ur PM box.

 

It's already there. A (allow) and D (deny).

 

Sorry as I overlooked but can u change them urself( assuning these are single keys)? In my opinion, single hotkey is never a good idea. Atleast two or three key( I use Ctrl+Alt+ any othr key). Single hotkey can be pressed by mistake, double/triple can,t.

 

The prompt hotkeys can't be changed AFAIK. I'll drop it to the devs and see what they think.

 

Thanks a lot.

 

And a lot faster than SSM Pro

 

I like and regularly use System Safety Monitor (older version) on several snapshots (FD-ISR), but i've rapidly adopted a great fondness and RESPECT in EQSecure 3.4

I remember throwing a flurry of malware at it on it's first 3.3 beta and was pleasantly impressed with the results at the time. Since then i've occasionally alternated using one or the other. I was somewhat reluctant to actually fully impliment the released 3.4 since several tries of (ALL) the 3.4 betas proved a bit daunting but then i realize that was more a driver issue and the developers seem to have definitely fine tuned & stabalized it.

So far so good. I still need to run it thru some local tests but i don't have any reservations about EQ standing up to those challenges. Now that Sandboxie finally runs stable now also after many failed tries, combined with the rollback abilities of FD-ISR and the always dependable Power Shadow, EQSecure for me really rounds out my complete shielding strategy.

Can only expect even better (more security) improvements for the future of this one. It sure is come out swinging nicely at the start and packs a nice wallop against most intruders in this it's relatively early life. It's quite the formidable REPELLANT!!

 

My wife knows Mandarin. Maybe I will have her take a look at the program.

 

Those transoceanic transmissions will make it feel like dialup.