Need a Lite HIPS

Hello

I need a free HIPS to replace TF which doesn't like my set up.
(Some days I don't like it either)

I have SAS,NOd32 and Kerio 2.1.15, PG 2 at the moment.

Please make considered suggestions links would be usefull.

 

Try EQS. Is a superlight HIPS.
It can be configured in ways you could never dream of. (which is also considered bad by some members here, since you would need great knowledge to get tight protection)
There are many threads here in wilders about it.
The other problem, is that version 4.0 has been in beta for a long time. Last stable version, 3.41 is several months old.

 

Wow...lots of off-topic comments
I also believe, you can't judge software by its origin country.
Software is innocent until proven guilty

 

I,ve only thoroughly experienced long-term 2 HIPS, those being System Safety Monitor (which i also beta tested LoL) and EQSecure now at 4.0 Beta or 3.41

I'm somewhat biased as time & conditions dictate to lean on EQS exclusively, it's about as "Lite" as they get IMO, but SSM is a very formidable competitor and actually if i had my way i would meld the two into a single Super-HIPS!

You have to try the waters, and determine which one is suitable enough for your machine's/system needs as well as your attention, because they both demand user interactions at some point, but i found with EQS using Alcyon's RuleSets, the human factor can be dramatically reduced in comparison. Just my opinion from experience with them both, and i do run them both on different machines.

EASTER

 

You can have a light HIPS setup with strong protection

A) DROP PG and SAS (on demand only), keep NOD
B) Not free, but worth it trial GeSWall Pro or DefenseWall, see which one you like best


Nice goodies AVZ (rootkit scan) Anvir taskmanager free (run it from time to time to check any changed startup items)

 

Hi

Since you are using Process Guard (right?) then you can also add DriveSentry, which provides disk and registry and some buffer overflow protection.

 

I know it's off topic but I could not hold myself.

I like your new Avatar LowWaterMark.

 

Hello Easter and other technical posters:

TY, I never saw all the political posts by the time I logged back in the moderator had done his work! Good. Not intested in political opinion just technical facts.

I will try SSM first and see what trouble that gives me.

FWIW, I will not drop SAS, Nod 32 or PeerGuadian 2 ip blocker not process guard,

 

Good choice. Be sure to check out THIS on-going Wilder's thread -- to learn more about configuring SSM.

 

It was not strictly political. It was about giving low level system access to software whose developer is pretty much unknown and unreachable.
Apparently this is not considered a security issue here at Wilderssecurity..

 

I don't use behavior blockers anymore so I can't really comment on the lightness of any product. However you can check out

http://wiki.castlecops.com/Lists_of_freeware_behavior_blockers

for some of the other options available. There is some basic annotation on each product.

 

Try WinCleaner AntiSpyware. If you feel comfortable with your registry, then delete some or all of the registry shields and create your own. You end up with a lite app as good as or better than SSM. You can also create custom shields to act in a learning mode.

Dave

 

The topic pertains to HIPS. WinCleaner is NOT a HIPS.

HIPS is defined HERE, & current HIPS are listed HERE and HERE.

So... please stay on topic.

 

Bill,

Your a bit harsh in your judgement. It also has a configurable registry and file monitor. A member of wilders (i think Topak or something) was very positive about it, while on another download board someone nearly killed his machine trying to remove it.

When it monitors registry and file system, it is a light IDS, so your right. But when arrovax shield is called a behavior blocker in your third link, than Wincleaner qualifies also.

Regards Kees

 

Now I reserve the right to remain confused! WinCleaner is a ... ? Or not?

Dave

 

Light like Ivory Soap (so light that it floats).

As to Arovax Shield -- I had forgotten about that one. Arovax is a WinPatrol wanna-be -- a tad limited but better than nada...

By the way, Kees old bean (speaking of various & sundry HIPS)...

+++Whatever happened to your love affair with Sensive Guard (another *light* one)?

+++Have you tried DriveSentry (the new kid on the block)? If so, do you recommend it?

+++Lastly, what about Antihook? For some reason, AH gets very little press here at Wilders. I wonder why?

 

No hips is lite.

Try running Gmer on a before and after basis to see what it is doing to your system.

 

Initially I setup a layered defense covering everything and likes the combo fo file and network control. But malware got smarter and did not limit its playground to the obvious directories. When EQS and TF arrived there were many alternatives for file protection.

Next free version of DriveSentry makes a nice complementary combo with next free version of Online Armor. DriveSentry could be a little more quiet.

It was one of the best occording to Kareldjag's blogs/tests, It is so granular on parent-child/process control it takes quiet a while to setup, problably that is the reason for little attention (you have to know a lot to answer the pop-ups correctly)

Is not Avast's rootkit scan on startup created with GMER resources knowledge?

I will