Hi folks, I'm used to running HIPS on my PC, on XP it was Process Guard, on windows 7 I used Comodo firewall, on windows 8.1 I used Private Firewall. I can't get Comodo firewall to install on clean install of windows 10, Private firewall doesn't support windows 10, I emailed the dev & he basically said that it might not ever support it unless a good business model could be found. Can any of the knowledgeable users here recommend a good HIPS program that works well on windows 10?
You may have a look at Smart Object Blocker, it allows you to easily create your own rules to block (or allow) processes, dlls and drivers. Here is the thread here on Wilders: https://www.wilderssecurity.com/threads/smart-object-blocker-block-exe-dll-drivers.378369/ It supports Windows 10 32/64-bit.
Will check your app out, I'm looking for a full fledged HIPS program that is easy to use & has a learning mode.
Sorry to say but SOB is everything but easy to use, not gui and all config is done manually, so be advised. But to be fair SOB is the closest thing to a HIPS, according to experts so read that thread.
Not really, a HIPS should watch for more than driver loading and DLL injection. SpyShelter is compatible with Win 10, perhaps you will like it.
AFAIK Outpost doesn't support windows 10 as yet. I did use it back on XP for a while & it was fine till a update nuked my network interface & I had to reinstall windows.
Cheers. I liked Comodo firewall HIPS but found the software to be quite buggy at times, tried to install the windows 10 compatible version of Comodo firewall on a clean install of 10 but it gave a error code of 1603 & wouldn't install. On windows 8.1 with comodo firewall & bitdefender AV+ I had a lot of system slowdown issues etc.
Here are some thoughts to turn a plain, vanilla Windows 10 into a HIPS 1. Set UAC to only allow elevation to signed programs (you can still run unsigned programs, but they can't elevate to Admin), see picture below 2. Set Smartscreen to "require Administrator Approval" when running executables from the internet 3. Create a local user 4. Set family safety/parential control to only allow running installed applications (allow Edge, disable IE11) 5. Intall EMET (default) 6. Install StartupSentinal (default) 7. Use a DNS service with URL blacklisting checking (e.g. Norton) 8. Run as local user Fair chance of never getting infected, even when using Windows Defender, but the real malware show-stopper is: 9. Apply safe-hex habits (don't shoot yourself in the foot by downloading software from unknown sources, opening attachments in mails from strangers). Picture 1 setting UCA to allow only signed programs (set Validate Admin Code Signatures to 1)
Here is another useful tip for those that have not used it before. It is called God Mode. I find it quicker to find and change setting of many thing on your computer. To activate God Mode, right-click the desktop and select New > Folder. Highlight this folder, press F2 and name it: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
For Comodo see also: https://www.wilderssecurity.com/thre...ecurity-disable-windows-10-activation.378816/
Cheers for the post. 1. I always leave UAC on the default setting. 2. I have Smartscreen turned off in windows due to the fact it sends all URL's & downloaded files back to microsoft. 3 I always run a local user & would never use MS account in windows. 4. I'm the only user of the PC & I like to try out software so that setting would make things a bit more complicated. 5. I have never used EMET but will investigate it. 6. I always keep a eye on startup items with task manager & autoruns. 7. I use OpenDNS as I find it much faster than Virgin Media DNS servers. 8. I don't really want to limit what I can do as a user, just want to monitor anything new on the PC. 9. Always do. I have tried running as a limited user in the past but had quite a few issues with apps & windows due to that. I'm really just looking for a app like malware defender or the old process guard that I can put in learning mode for a couple of days then set it so it will alert me to anything new that wants to run. Something like the hips in comodo firewall or private firewall.
I have tried several times to install windows 10 compatible version of comodo firewall, it gets to 99% during the install then I get a error code 1603 & it doesn't install. I have even tried setting language for non unicode programs to US English but get the same error. Posted about it on the comodo forums twice but never got any replies. It's a clean install of windows 10 with Bitdefender AV+ 2015, MalwareBytes AntiMalware, Spyware Blaster & the MVPS hosts file. I could remove bitdefender then try installing comodo firewall to see if would install but when I install bitdefender again it will ask to remove comodo firewall.
Been testing out NoVirusThanks Exe Radar Pro & it seems to be doing the job after putting it in learning mode for a couple of days, it even alerts to all the rundll32 telemetry crap in windows 10. Will probably get the full version when the 30 day trial finishes.
Ended up having to remove Exe Radar Pro, the program was great but I was getting a lot of alerts for rundll32 appraiser & update etc. Couldn't really white list them as they had a different random code at the end of the command line. Search goes on I suppose.
try secureaplus ( I am) and set it to lockmode or interactive mode( mine is at lockmode) and thats it. You are safe and free to do what ever you want. Nothing will penetrate and install.