Termination Protection- How good is ur HIPS

I tried with Viguard Platinum (trial) which I did not use from much time (now it looks like more an av than an HIPS, and I have not found any version in English, French only ) and it fails miserable ... no popup is given ...
but, a curious error (?) appears when I launch Video Link Parser.
(It's on a fresh installation of winxp sp2 with ONLY Viguard installed)

 

Error seems from VLP rather than from ViGuard.

 

Yes, but I don't know from what it depends ... anyway the software then run.

----

I tried also with the last version of Winpooch (0.6.6) and it fails without any log

 

Any EQSecure user?

Thanks

 

Hi Aigle,

I have EQS configures as behavior blocker (allow execute, allow load library and allow process terminition), sorry can't help you

WinPooch killprocess protection failed by the way on the other machine (it stopped the create shortcut though).

Reg K

 

Thanks, Kees. No problems.

 

Ok, tried this with EQSucure and EQSecure failed. No popups from it and regmon was killed by VideoLinkParser.

 

Aigle,
I tried to download "Music Video Downloader 4.0", but Anti-Executable didn't allow it.
I guess my experiment was terminated too soon. Is this a good sign ?

 

This is exactly what AE is supposed to do. Good or bad doesn,t matter for AE.

 

That's what I thought too.
AE is even too good : today, Thunderbird updated itself automatically, AE didn't accept it and Thunderbird.exe didn't work anymore, but my boot-to-restore fixed it. So I turned Thunderbird's automatic update OFF.

 

With AE, may be there should be no update of anything on ur system or u wil get popups.
Very good for institutions.

 

Just for an update of this threa.
Neoava beta 3 and EQSecure 3.4 protect against this termination as well.

 

Thx Aigle for the update,

I am glad I could not answer your question, to test this. So you decided to give it a try yourself and are now on Wilders problably the most valueable power and providing Solcroft a lot of valueble feedback for EQSecure.

I stopped trying to set up a powerfull easy to use multi layer security package with classic HIPS (there was always one 'new' / ' updated' function that was quitely stopped which I had not foreseen in my classic HIPS set up) on one of our PC's.

I put my trust mainly in the sandboxes (DW and GW) with behavior blockers (A2 and CB) as a second net to catch shoot in the foot mistakes of the user

Please keep on posting your findings on NeoavaGuard and EQSecure

Regards Kees

 

Thanks for that but infact I must be thankful to Solcroft for reporting issues to EQS support on my request. I am really thankful to him.
I can,t imagine such a complete HIPS( EQSecure) to be free and "trouble free"( on my system at least). It doesn,t even need a reboot to install and unisntall- really wonderfull.

NG seems to has a great potential too. It cab be recommended for beginnrs as it has a config wizard and learning mode after which u will gwt very few pop ups. At the same time, it has much more options for advanced users to make complex rules. Every HIPS( including EQSecure) should have a default install with config wizard and brief learning mode to help beginers. Advanced users can always deny these options and make their own rules. Otherwise one should not expect too many users for a HIPS.

Sorry as I did not understand it.

Sandboxes and Behav blockers are great. However I was disappointed with a2.

 

Not much to add to this that would be of any great interest than is already been said, but so far SSM & EQSECURE seem to suit the common Termination Protection on this end.
In fact from my lurking the virus makers forums and such to peer into anything of concern, most still seem to concentrate their efforts on this form of intrusion mainly at AV's + Firewall's, and they are KEPT IN MEMORY so-to-speak with the features found in these HIPS. Besides, since IE is the likely hole of entry those crafts have an almost useless venture IMO given the WALL of defensive shields most users set up, at least those with some regular schedule of internet experience. Still it's another benefit for us in this ping-pong game of chance that Security has a very strong lead in right now.

You could almost go blind with the myriad of choices available to us as well as current shielding/protection features and those new developments yet to find their way into these arsenals.

So in essence, at least on this end, my HIPS of choice is SUPERIOR since "it" or "they" are heavily complimented and covered with everything from Sandboxes to Virtualization plus Rollback & Imaging.

But for the sake of this Topic, i must admit i haven't structured a great deal of effort or put much time into fashioning, or experimenting with every way to shut down a HIPS-Termination Protected App. I expect there are just too great a collection of hurdles for those to be of any serious consequence, at least in this direction like most others here.

 

I tried to set up a traditional HIPS like SSM Pro or EQS to protect in a silent manner (blocking irregularities in stead of asking). With this I came more closer to concept of behavior blocking than anti executabe. Out of the programs I tried SSM, ProSecurity, Antihook, ProcessGuard, NeoavaGuard, Appdefend I liked EQS best (with good old SSM second).