Hips behavior blocking technology

Expert based behavior blockers include:
Cyberhawk/ThreatFire, Norton Antibot/Primary Response SafeConnect, Prevx and Safe n Sec.

Until recently I have used Prevx (for a the last 12 or so months). Prevx has been pretty good .... but is quite heavy on the system. I like the community db white/black listing ..... but the standard hips component is ok rather than great.


Threatfire on the otherhand is very light but my sense is that protection is not as full and the db operates in a different way..... rather than white/black listing. So I guess threatfire is better at real-time behavioral analysis.


I have tried them both ... they are difficult to test because of the way they treat test tools.

Which offers the best complement to KAV/ Outpost? What do you think of the way the community db?

 

Hi,

I have not used PrevX2, so I can not really say which is best. CB was a little better than PrevX1 in a very old test (CB missed 1 sample, PrevX1 4).

I have TF with sensitivity level on 4 running with no extra pop-ups. I think community DB enable suppliers to quickly react to zero day malware, so I always join.

Regards Kees

 

I can't use any of these behavior blockers. I think my frozen snapshot is responsible for this.

 

Hi,

Those listed by OP are good apps IMHO. How to choose them is a catch22 situation. Since it is very difficult to measure the relative strength of each candidate, I thought the foremost criteria is the product compatibility; to test each one of them and to see which one your system is willing to take it in.

I have tested them. And have since taken in Prevx2,PRSC.

Recent version(few days ago) of TF has frozen system during boot up (surprising enough, they still can not reproduce the same);while SafeN sac causes BSOD( driver conflict).

Generally speaking, an excellent app is not meant for everyone. You need to test it in a short-sleeve-style; taking reviewers' view only as a guide. after all, it is your system that has faced these apps days in and days out. When you want to cry over system failure, no one's shoulder will be kindly lent to you.

Take care.

 

Why not use the PDM of KAV? Its a behavior blocker.

If its too noisy for you, Id consider Threatfire.

 

Hi

Another alternative : a classical HIPS with a communauty database for trusted/untrusted progs like Online Armor

Regards,

MaB

 

Erik your frozen snapshot is getting very boring .... now

 

Indeed catch 22 how to decide at the moment I have a new main build and a test snapshot. THe test archive has

FD ISR
REturnil Beta
Outpost
KAV - PD off
Defensewall
Prosecurity
Prevx
and Threatfire

Rather surprising the performance is fine .... compatability at this point is not much of a problem. I just don't need them all

 

I like a white/Black list, a sandbox , and some sort of behavior analysis.... PDM is a compromise

PDM is not as good as Prosecurity or Threatfire in my opinion. Noise is not something that bothers me too much.


I like prosecurity but .... alerts are no problem giving the answer right can be an issue ....my knowledge is not limitless..... Judgement is what I need some help with ....

 

Thanks like many here I have beta tested OA at various points. I prefer playing with it to using it full time. Although given what I said above it should be ideal.

However I prefer outpost as a firewall and PS as a hips, defensewall as the sandbox

 

Adding my 3 cents worth to discussion will bring to attention EQSecure. It's the one i rely on daily and simply will not part from. It does more than enough to interrupt intrusions/scripts/files etc. and it's limitations are not a serious risk whatsoever so long as you employ some assistance from other security fallback protections.

Thats my choice, and it's proven itself well enough to earn my complete confidence.

 

Thanks .... I have never tried this. From the review below it offers nothing that PS can't do at least as well

https://www.wilderssecurity.com/showthread.php?t=170691


I'm more interested in the behavior/community based products for the purpose of this thread