EQSecure V4 Beta, Morc calling Orson, come in Solcroft

Discussion in 'other anti-malware software' started by Kees1958, Mar 2, 2008.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Many thanks Kees1958 for the really useful "tip", very Kool!

    The EQS improvements in security coverages are welcome indeed. The Sandbox is like a nice bonus because tightening of protections that were expected are finally coming to light too.

    On the missing box Xuesisi so politely provided us the details for, anyone have an idea just exactly where in the configurations to place it so it will show the english?

    More to come...............
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I know many of you already practice it but just in case it escapes anyone else (like it did me, duh), after overwriting your 3.41 EQS version with this beta, and also a good idea after following Kees1958 nice tip to restore policy aka:EQSysSecure.xml, you might want to be sure to "restart your engines" as in reboot.

    I was experiencing some no responses from EQS untill i reset after making those changes myself. It's easy to get carried away (if you're like me) and expect to run 4.0 right over 3.41 without rebooting. That way the system can flush out the old and then bring up the new with everything responding as it should.
     
  3. xuesisi

    xuesisi Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    71
    OK, the update.

    Rename en.zip.txt to en.zip & copy to EQSecure\Lang ,too

    Enjoy.
     

    Attached Files:

  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Xuesisi,

    Thanks, I now understand what the auto switch to lock mode means. I was fooling with an ap not knowing what i did (previous unreadable characters on the screen you posted). Selected the option and it works.

    This is called trial on error :), yep EQS does not allow to be uninstalled when not all protections are disabled. Found out the hard way. Writing this from my Comodo, Avast, DefenseWall image, waiting for EQS comes final.

    Never Beta with out a decent fallback option
     
    Last edited: Mar 9, 2008
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks for that.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Busy week here followed by a BLIZZARD weekend of over a foot of white powder, nice Winter decided to drop in for a day or two with a couple weeks left before Spring.

    So, anyone have a drop on when to expect the next beta? This one so far is really great, even in spite of the fact that it's Task Manager crashes for me instantly but i'll accept the new features and especially the added protections any day for that. LoL
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I have checked it out, and it does have potential, but I´m not satisfied. It gave me a lot of stupid alerts about memory modification and COM access, and I´m not sure about the sandbox either. Well, I might as well say it, overall I don´t really like the app and it´s unlikely that I will ever put it on my real machine, but nice to see that they at least are trying to improve the product. :)
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Most HIPS will include COM/COM+ protection, so be prepared Rasheed187 :D
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Must admit that D+ is the most user friendly one, because it has the option to select which COM objects to monitor (considering the fact that monitoring COM objects is NOT user friendly by nature, due to the barrage of pop-ups it generates)
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Thanks xuesisi for the update and all the traslation efforts, that really helps us.

    4.0 Beta is a very welcome change/improvement in POWER! and anxiously looking forward to the next releases is building excitement.

    EASTER
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, but it´s obvious that you simply won´t be able to make a good decision about it (not sure if these alerts are that common) so I guess it makes sense to only alert about COM/OLE/DDE, if it´s being used to make an outbound connection. Surely there must be a way to implement this kind of "intelligence" inside HIPS? :rolleyes:
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    HIPS are not meant to be smart. They're designed to intercept events and receive imput from you. If this degree of control is too much for you, move on to a behaviour blocker or a sandbox.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    But this doesn´t mean that they can´t be made less noisy and also a bit smarter (without advanced algorithms). I have my own ideas about how HIPS should work, perhaps I will open a thread about it. Of course, expect to see some exotic ideas. :D
     
    Last edited: Mar 22, 2008
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Exotic ideas are what it's all about. Take Alcyon's recent RuleSets for example, i dunno if even i could have probed that amount of coverages for protections requiring just a ALLOW/BLOCK process as time went along let alone the BlackLists included.

    I think it's the BlackList RuleSets that have me abuzz the most because they effectively eliminate answering any prompts whatsoever on them, and if a user needs to install a good program, theres always the Disable All Protections feature for however long is needed, in this case 1 to 5 to 10 etc.
     
  15. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Are there any good EQS rulesets out there for those of us that don't habve XP SP2? And no, I don't want to install it. I have an anti bloatware policy...:D
     
  16. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    994
    Will Alycon's ruleset work with EQSecure v4.0 beta?
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I have a question:
    Why do you use a pre-made ruleset for a classical HIPS when you have free behaviour blockers? o_O
    A pre-made ruleset should only be used as a template for your own ruleset, IMO.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I wil not use some one else, rules for a classical HIPS on my system.
     
    Last edited: Mar 25, 2008
  19. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    One could learn from the rule structure, couldn't one? Unless of course one already knows it all. ;).

    Later...
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Of course :)
    But if you want a pre-made ruleset because you don't want to get your hands dirty with learning the HIPS and OS internals, you should give up on classical HIPS and move onto behaviour blockers.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Put the HIPS in learning mode, it will create rules and u can learn by examining these rules. Also try it against some POCs, malware etc and u will leran even more.
     
  22. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    I like the total control you have with a classical HIPs like EQS. You can start with a given rule set and you have the flexibility to adapt as required.

    I will not simply plug in somebody else's rule set and use it. I like to see how somebody else has structured their rules and perhaps learn from it.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Well, i gone overboard today and installed COMODO D+ with EQS and man oh man i don't care if it's overkill or not, but the two are PERFECT compliments from what i tested with them so far.

    Oh, also using Alcyon's RuleSets which is definitely tightened the CONTROL of EQS well beyond it's defaults or any other rules i run across so far.
     
  24. InVitroVeritas

    InVitroVeritas Registered Member

    Joined:
    Mar 5, 2008
    Posts:
    64
    As long as your PC is broad shouldered enough so that it doesn't care. ;-)
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Hi InVitroVeritas

    They seem to run flawless together, and the overlap expected is really been surprisingly minimum at most. Yes there is "some" overlap but fortunately COMODO covers some ground that EQS doesn't, and vice-versa, so i think now that this duo is struck a pretty good balance all in all.

    I had no idea that COMODO'S (HIPS) was this comprehensive, but it definitely is just that.

    You see, theres all sorts of fallback measures available now to support front line defense where another security app might fall short, like Sandoxes, Virtuals, ISR's etc.

    My quest is to drastically limit that fallback measure to a single lone virtual system OR a sandbox and not both.

    IF! IMO, 2 HIPS can successfully offset and eliminate totally that margin for error (miss), whereby the other cannot be bypassed or terminated, THATS what i'm looking for. Untill then, Returnil and/or SandboxIE seems a neccessity as an emergency recovery function.

    I'm trying to eliminate even the need for dependency on an ISR or Image Restore as last resort, and i feel like HIPS are eventually going to make that a reality.

    DefenseWall + COMODO, or DW + EQS, etc. and so on.

    Don't get me wrong though, Virtual Systems & ISR's are very much forefront and a dependable quality assurance preservation method that i think can never completely go out of style, i'm just looking to severely limit dependency on their use as little as possible where concerns that 0day potential invasion of some malicious attacking file invasion on a system.

    For example: Enter FD-ISR, that single lone ISR program has dramatically limited my dependency on having to turn to an Image Restore when in trouble from file system corruptions or malware. A quick Archive restore back over the affected snapshot and Wallah!! No need to do an Image Restore to return system state & programs back in perfect working order again. No data loss, no more headaches.

    If the same result can surface by implimenting the perfect pair of HIPS, in affect, warding off corruption or malware altogether from the front line of attack, think of the confidence and safety users could finally enjoy for a change.

    I know thats a tall order, but HIPS developers seem to be gradually working toward that end IMO.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.