Review EQSecure 3.3

I just lock modification of OS critical and executable like files in C:\, C:\Windows, C:\Windows\system32 and the driver sub directories, with the exception of LegitCheckControll.dll (modified by windows at legitimate XP check)

 

The question then would be: who gets to tell all our suggestions and bug reports to the official chinese forum?

 

Good question,

We are just trailling software in splendid isolation. My hopes are on CPCW and Solcroft.

Reg K

 

Ok, pls what u think of this rules set?

 

known bug simitted

although i cant translated the bugs that members posted here.but i tred to post bugs from the EQ forum that they already knowed and will do some improvement.hope that you can make some comparision on your own.i use google to translate.so it not 100% accurate.


Known bug


1.EQ pre-start service to the problem of the disappearing.

2. Introduction 3.3 version of the rules, or reproduced with the command line parameter of rules, After the introduction of rules and sticking to the rules of search command line parameters will become unknown figures, leading to incorrect rules .

3. Father of the process of "neglect" operational parameters of the implementation of the order wrong .

4. Through the "Ask the box" to establish rules, "Application of the rules of procedure" -- automatically generate a "shield EQSecure 2007 E. error" (the official version be revised)

5. If waiting for the 30S, EQ will automatically stop running! However, the interface is clearly shown in the "after 30 seconds to allow this operation." If the general pattern of all types of operation to protect the words "stop", interface still indicates "30 seconds later to allow this operation." (RC2 address)

6. Version 3.4 rc1 installation mode website. asked that two normal overall hook DLL will die away, asking frame die away, the general pattern did not die away Guo asked, other normal closing protection from further degree of EQ (formal version will be amended)

7. Add log by the rules of some of the problems (officially revised version)
Synopsis : / / www.eqsecure.com/bbs/read.php?tid=2814

8. Asked a password-protected window really enhance the safety, but for the closure of the window and stop operation also Protection (RC2 address)

9. Traditional English version of many small bug (RC3 will be updated in Spanish and English)

10.EQ3.4 start strengthening version of the system has only 2,000 c disk protection

11.fd and rehearsed conflict

12. Asked box will die away, so the next version will not be asked frames displayed in the service


[Patch was in 2007-06-08 21:06 sxingbai re-edit]



To be confirmed bug

1. Have the right to protect registry key twice to rename, there will be adding new items circumstances. I wonder if the bug is eq win or a bug or normal, after all, re-naming without success. Xiang no new rules. Wait for the version confirmed.
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=22 20 & page = e% EF% BD% BF

2. "Monitoring news translucent window" hook removed, and take the "show time" to "two seconds" Monitoring information window, but some time it will not display. I tested normal for a while. Wait for the version confirmed.
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=13 18 & page = e% EF% BD% BF

3. District unable to adjust successfully
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=27 98
Traditional English 4.rc2 tray model indicates that problems
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=29 46 & page = e% EF% BD% BF

5 .. eq procedures default folder can not prevent the expansion without documents
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=29 = 24 & fpage Herearesomewaysyoucanencourageyourchildtoread = 0 & & page = 3

6. Do is use Pinyin input method can input Chinese
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=26 63 & page = e% EF% BD% BF

7.RC2 on daemon Tools CD-switching
Synopsis : / / www.eqspywatch.com/bbs/read.php?tid=29 51

8. Log shows too slow, can sometimes be wrong Display (distortion missed mind rules the wrong name, etc.)

9. Update desktop when asked to stop related to the registry will Deadlock

10. Sometimes system will automatically restart


[Patch was in 2007-06-08 21:08 sxingbai re-edit]

 

susp0ected bugs

Some suspected bug solution summary

1. Computer Lists.
May be some protective functions of the software conflicts <br> specific reference : http : / / www.eqsecure.com/bbs/read.php?tid=2743

2. Rename the document, paste operation hints wrong.
Rename from the real, this is the disappearance of old documents and new documents to emerge. EQ will rename and delete divided into two new moves <br> paste operation, If the target file already exists is a change, there is no specific reference to the new <br> : http://www.eqsecure.com/bbs/read.php?tid=2807

3. After allowing still relevant inquiry.
You have to pay attention to the goal of allowing what is specific. Some of the temporary document often name changes, such as ie. qq(chinese chat program similar to msn,yahoo,icq) windows and upgrading procedures for the creation and revision. Rules to use wildcards.
Perhaps you have scope than the goals of the rules, which has abolished the use of different operations, such as the use of inquiries and log establish rules, is there such a problem

4. Not in the system administrator's user group initiated.
3.3 does not support non-admin users, please use 3.4

5. E shield 3.4 reinstall after E. shield law without launching.
3.4 service after installation, the road can not change. To do otherwise would be a mistake to change trails first unloading services for the re-installation

6.3.4RC version of the USB mouse seemingly has some problems
As a driver update, will be reopened in force

7. Upgrade Beta mistakes.
In the best coverage before installation set eq not random start-up, shutdown protection coverage, then reboot the system automatically set.

8. Learning mode under the rules created by the sometimes ineffective.
Learning on fd rd and is non-functional. Through the log to see whether or fd blocked rd


[Patch was in 2007-05-26 12:11 sxingbai re-edit]

 

wishlist for v 3.4

【Everyone desires -- 3.4 release imminent, do you think the "official version" What needs to be amended place? (Update)



I first said it, in order to develop better EQ.

(Green said in the latest version of RC1 has been amended) USB mouse problem without testing, I do not know whether RC1 fully support USB mouse.


1. The deduced sequence of rules, there are still problems.

2. EQ program interface, which "Application" button, click on the success of the streets after it (should not use state).

3. EQ pre-start service to the problem of the disappearing.

4. USB mouse support issues.

5. Protected mode, no changes to the program interface problems.

6. Since the definition of pattern did not change color, propose to temporarily set the pattern of learning mode icons and the icons unity (they are temporarily scenario "other models" for the country ). (This one has no way)

7. When EQ closed all the time to protect the startup and shutdown, when the same two pictures for the content should be about. Can not say "EQ is to protect your system," and easily misunderstood.

8. Close to protect the corresponding boxes can not be closed.

9. Asked window "command line rolling" function.

10. EQ at the windows login emblems that background can become transparent.

11. Allow the parent process to amend its own built-in memory process.

12. Enter the password in the login process, If "E shield is to protect your computer" icon is emerging in the middle input, Password input box will lose focus.

13. Introduction 3.3 version of the rules, or reproduced with the command line parameter of rules, After the introduction of rules and sticking to the rules of search command line parameters will become unknown figures, leading to incorrect rules.

14. Father of the process of "neglect" operational parameters of the implementation of the order wrong.

15. Through the "Ask the box" to establish rules, "Application of the rules of procedure" -- automatically generate a "shield EQSecure 2007 E. wrong" group.

16. Since the definition tray selection rules of procedure is not the main window''

17. At this time only if it "allowed" or "stop", or directly point close button, will have password verification "need to customize password verification ..." (total that the next version will solve RC)

18. If waiting for the 30S, EQ will automatically stop running! However, the interface is clearly shown in the "after 30 seconds to allow this operation." If the general pattern of all types of operation to protect the words "stop", interface still indicates "30 seconds later to allow this operation." (Total that the next version will solve RC)

19. Version 3.4 rc1 installation mode website. asked that two normal overall hook DLL will die away, asking frame die away, the general pattern did not die away Guo asked, other normal closing the protection of the withdrawal from the EQ degree.

20. Study generated model rules, all automatically on the "learning mode" (Of course, The group is also generated by their EQ).

21. EQ3.3 version of the open, when the district can not adjust successfully, time can be adjusted. (Yet to be confirmed)

To the official version 3.4 released, the updating of the suspension.

 

interesting test on EQ

http://64.233.179.104/translate_c?h...ThreadID=2&prev=/search?q=eqsecure&hl=en&sa=G

it from chinese forum using a virus called'panda' to test the strength of EQ

they refer the application protection to AP

registry protection to RD

file protection to FD


the tester was playing the role on an average pc user.so the first 2 promt from EQ,he choose to allow not knowing 'panda' was a virus.he switch off his antivirus,even his firewall was promting the virus wanted to connect out.

he is testing how many times and how much can EQ withstand the nonsense of that virus.after so many promting from EQ,i guess any pc dummy would surely press the 'deny' buttom for once.and the final result is it stop and end the process.

from hipsfans
http://www.hipsfans.com/Default.asp

 

Installed in a VM where only Sandboxie is installed.

Seems to show a bit of promise but when I tried Scoundrel Simulator EQ showed it had denied regedit from being disabled but it was still disabled.
Scoundrel

 

You need to work on your ruleset. Block the Policies key from being modified in both HKLM and HKCU.

 

Thanks for that Solcroft.

Will install again in a VM a bit later.

 

How can I give explorer.exe full access in files rules?

 

Aigle,

There is a way

Go to File Protect settings,

Select tab Application's rule

Add process -> Explorer.exe

Set all Block operations to allow, choose other settings and
- uncheck "Search all program rule"
- check "Verify program with MD5"

Regards K

 

i found that when i boot in shadow mode or limited account,eq cannot be start .

 

Thanks Kees!
BTW what does "search all program rule" option means. If u uncheck it, that means the said process will be exempted from all program rules. Am I right?

 

I works OK with ShadowSurfer,s shadow mode.

 

Sort of, but is simpler. Rember the first tab All Programs Rules? When you unselect this is not checked (so you will exclude it from the general limitations set to programs).

 

Thanks, never knew this before.

 

i was refering to powershadow

 

Hi Kees! I am not able to understand this post of yours. I always thought that application execution control of EQS is just like all other HIPS. Can u explain it more? Thanks

 

I know, just added the info about another shadow!

 

EQsecure 3.4 (RC3)

don't see this post before.

easter(author of EQ) said if this release is stable,it can be regard as RC3. but this is some days ago.


6.4更新(测试)V3.4自动启动功能

该功能去掉服务,采用其它形式运行EQService.exe,设置成自动运行后,可以在登录窗口前运行。
有问题请即时反馈。- auto start of EQ service change to starting EQ service during logon instead of during booting.

安装说明:
1:关闭所有保护然后退出- disable all protection and closed EQ)

2:运行sc delete eqservice -i think this is terminate EQ service in ??

3:复制所有文件到安装目录,如果是设置成自动运行,还需要将EQSysSecure.sys复制到system32\drivers下面-copy EQSysSecure.sys to system32\drivers

4:运行一次EQSysSecure.exe,可能会出错,不用理会。- restart EQ,may have error but it ok.

5:如果是设置成自动运行,运行regedit.exe,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EQSysSecure\Start修改为1-if setting is auto start or run when window start,change registry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EQSysSecure\Start value to '1'

6:重新启动-restart window.


very sorry ,poor translation.

下载地址:
http://www.eqsecure.com/download/V3.4.rar

6.4:
1:解决不能保护C盘以外的问题-solved protection outside drive :C

2:解决自动登录可能会导致explorer不能显示桌面的问题。-solved explorer not showing desktop after logon.

不能自动运行的问题,还需要请大家多多测试,目前我们还没有重现这个bug.still need more testing for this release but no big bugs atm.


[ 此贴被流氓兔在2007-06-04 21:12重新编辑 ]

 

I just inserted a Western Digital drive for testing purposes so thanks Korb for the EQ note & url.

Will give it a whirl and post my early opinions soon.

 

SSEQ3.4

SS of the new alert window for coming 3.4

http://www.eqspywatch.com/bbs/attachment/17_553_67e57afc99025c0.gif

parent and child process

log activities buttom now change to left hand side

the allow/deny always buttom now stay at center for more obvious reason.

now from 30 sec change to 283 second

 

Hi Kees! I am waiting for ur response! Thanks