Neoava Guard beta3

I forgot to post that I got some install failures too( I installed it many times- rolled back with windows steady state. The only way I was able to get through was to make all my security applications trusted in config wizard( before rebooting the system).

I just for got to mention this sorry. I will let the developer know about this issue via official forums.

 

It has a registry protection modul included which protect most important heaves and in the next version a lot more.

 

Thanks for the screenshots and testing aigle, very interesting. This app really looks promising

It looks like the popup were changed, compared to beta 2. Looks better now, good change.

 

Not customisable though.

 

Personally I use mainly start up reg protection alone( that is included in NG) so not a problem for me but I agree that a reg module is must but it must be easier to us, not confusing like SSM.

 

Thanks nicM, it,s not testing indeed( out of my scope). I really like the pop ups GUI.

 

Yes, nice work Aigle, I have to say that eventhough I am a bit negative about the GUI and ease of use, the protection seems to be quite strong, the filters really seem to work. The strange thing is that the outbound protection seems to function better than ZA Pro´s. And it has some unique features not found in a couple of other HIPS, I think I will probably install the new version on my real machine.

Also, don´t forget, you should make rules in other HIPS so that they won´t conflict, at the moment it´s running just fine together with SSM Pro and ZA Pro. On another virtual machine, it´s running fine with KAV 7 and SSM Pro. The funny thing is that all the HIPS still seem to be working correctly, with no slowdowns.

Also, it´s fun to see which HIPS alerts the first about any dangerous behavior, strangely enough, eventhough they monitor the same stuff, I often get only one alert from one of the tools, while the others stay quite. Of course this is just an experiment, I´m not saying that this is the way to go, but nice to see that it is possible to run all of these tools at the same time, without any side effects, at least for now.

 

Useless though.

Actually the fact that you are seeing sometimes only one alert from one tool but not the other, would imply that there are some side effects?? Even more worrying , are there certain situations where *both* don't alert because of side effects? It's hard to tell really.

I think one HIPS is complicated enough to risk adding another on top. You get more than twice the number of bugs...

 

Re-think yon generalization. Here's a specific: I run SSM + DSA on one image, & ProSec + SSM on another image.

DSA works splendidly on both images. REASON for DSA- I use it vice a FW. (Lemma- DSA is FW + HIPS)

 

It's more like a truism. say HIPS A and B have X bugs each.
Using both means you have at *least* 2X. Given the nature of HIPS, you are likely to have some interaction problems (though they won't always be apparent) so chances are high .so you will have > 2x.

QED

 

No HIPS is perfect but two standalone HIPS are not good in my opinion.

 

That's philosophy. It's kind of like saying that, aerodynamically, hummingbirds cannot fly. But fact is, they DO fly.

And fact is (per long EXPERIENCE) DSA does work just fine with PS or SSM. Undoubtedly many if not most if not all other combos of 2 will knock heads, but DSA is a superb fit with SSM or PS.

 

Aigle,

I am on holiday had some time to kill (Siem reap to Bangkok). Guess what read this nice review of Aigle, who got himself a compliment of NicM.

Typing on an asian keyboard is a bit difficult, but good work and compliments to developper.

regards Kees

 

That's mathematics... Though I suppose some would say mathematics is philosophy.

Real Philosophy would be talking analogies about motion scanners and guard dogs...

Long experience of DSA not bsoding SSM or PS yes.

I wonder what Castlecops Wiki (which you love to cite) says about using multiple combo of HIPS, I have a feeling it would not support the idea....

 

Yes, this is the question of course, you never know if they might start to malfunction at one point. But of course you may configure them in a way that none of the HIPS are watching for the same stuff, not sure if this would fix any conflicts though. And about the "some HIPS staying quite" issue, I guess it´s probably something like the "first come first serve" basis, the others simply don´t get a chance to respond.

 

Depends on what the conflict is a result of? It strikes me that even if you configure it not to "watch the same stuff" (and this isn't always clear because HIPS though similar aren't alike enough that you can always do a one to one correspondence), most probably it would still be hooked to the same functions, it is just staying quiet.

And if the unstability or conflict is due to the long chain of hooks (hand waving here, I have no idea what I'm talking about except i remember reading one HIPS or antimalware vendor talking about the problems of long chains), then telling your HIPS not to watch that area would not help since it still hooked.

It's just too bad I don't have one of those fancy titles in my signature, otherwise I would sure sound more convincing with talk about "SSDT displacements"...

 

Thanks Kees!

 

I tried Build 301 today and no majo glitches in install. Just wonder which build did u try 300 or 301?

Thanks

 

Btw, have others checked it out, and if so, what do you all think of it? And I still think that the configuration options are a bit confusing, seems like the developer has made it a bit more complex than it has to be. Any feedback?

 

After installation & reboot, I can't even get to the logon screen anymore, first I get a complete black screen for approx 4 minutes, then it hangs at the logon screen FOREVER. Only thing I could do is start in safe mode, and remove the darn thing.

 

Yes, I have been using this on a test box with XP, no real problems on my setup. There are reported problems with startup issues, but it should be expected on a beta.

It will not currently run on W2k, it has been reported and "Armen" is currently looking into this.

I do like this HIPS.

 

Two very nice features/ filters that I did not find/ noticed in any other HIPS:

- Detects if some process makes an exact copy of itself( worm behaviour)
- Detects if some process rapidly deletes files

 

Start up problems/ unable to install etc are known issues. Pls wait for next build!

 

Neoava Guard Beta 3 Build 302 is ready!

Download it from here:

http://www.neoava.com/NG-b3-PB-302.exe

The debug option is disabled for now as it was still buggy!

 

Thanks.
Will try it.
Any info about Locked system mode/ saving rules ?