Aggressive HIPS recommendation needed

Hi Wilders,

I would like to install and use the most aggressive HIPS , HIPS which will popup at every single trivial action in my computer without any predefined rules at all even for windows processes and components, and without any trust of any kind of any process or file, a HIPS to tell me that the X process wants to do "bla bla" to the "bla bla" in the "bla bla" by making "bla bla"

HIPS to ask me every time and don't take any action by itself, HIPS to give me 5 options ALLOW ONCE, BLOCK ONCE, ALLOW ALWAYS, BLOCK ALWAYS, and LEARNING MODE.

I have tried comodo but hate the so many predefined rules and white list. Also tried SSM paid version but its obsolete and don't cover some areas. and Zemana but it is just an antilogger not a complete HIPS. I have a license for OA but I tried it 2 years ago and was not satisfied, I don't know if the latest version of OA is the aggressive HIPS I need or not .

Is such an aggressive HIPS really exist? any recommendation please ? WIN XP 32
and sorry for my English.

Thank you all dear friends

 

I'll resist asking why and just assume you know what you are doing . I'd suggest Malware Defender if you are on 32 bit systems. Unless you work with a fairly lengthy learning mode period it's pop-up tastic man!

You should do at least of couple of restarts in Learning mode though so MD knows what to allow during the start-up/shut down process. Just asking for frozen systems otherwise.

Cheers

 

Free (standalone):
- Spyware Terminator
- StormShield Personal Edition
- Malware Defender
- SpyShelter
- ThreatFire (Behaviour blocker)

 

Thanks Chris

may I have MD official site link, I goggled to find only a Chinese site is there any English info about MD?
P.S Free app is not essential ,I don't mind to buy the required HIPS

Thanks alot

 

I understand that you are using XP and don't want to have any predefined White Lists? I don't remember a standalone HIPS which is developed nowadays except Malware Defender...but it has WL. You can eventually remove all detected applications and processes from trusted list and try to start "at empty".
You can try also OA and after obligatory during installation "Safety Check Wizard" have to remove all detected progs/proces. You have to also uncheck perhaps all features like "automatic allow" and conection with OASIS. But there is one "but"...OA is a firewall with HIPS. I don't know you want to have firewall?
Third option is SpyShelter with setting in "options/security" on level "ask user"...but SS is mainly anti-logger

 

Latest version of Spyware Terminator has not probably the same hips-features so it hade in previous version. And TF is most efficient on "5 level" with additional advanced settings.

 

Use Comodo but don't use the white list and delete the built-in rules.

 

I have three versions of Malware Defender but I don't know of a way to get them to you. I used to upload these to rapidshare but they now require registration and I'd rather not do that.

Send me a PM and give me an e-mail address and I'll send them to you.

 

Simple...Online Solutions Security Suite. [http://www.online-solutions.ru/en/products/osss-security-suite.html]

 

Try Online Armor or Comodo again but make SURE to disable auto decisions (Specially in OA, get rid of auto decisions, same thing in Comodo), disable whitelist and i'm pretty sure it will get very very noisy because i use it that way
For Comodo also set everything to max

 

I don't think your able to find a product like you think
it will be very painful and hang alot

try watching the Huge Log Process monitor that will produce in 1 minute

you can have a pretty aggressive one but you can't monitor all the system
that is my opinion Please correct me if i'm wrong

 

most aggresive HIPS I've used is Malware Defender.

Official Site: http://labs.360.cn/malwaredefender/index.html
English Installer: http://dl.360safe.com/md_setup_en.exe

 

yes indeed konata..

 

i am currently running Malware Defender.

it is very agresive trust me on this one

 

But MD only works for x86 (32 bits) which could be an option killer.

To be honest, Comodo FW or OA could be as agressive as MD if you really disable all auto features. (No whitelist, no auto decision, no cloud, no trust signed files, no auto allow trusted programs to connect to the web etc.)

 

Comodo D+ in Paranoid Mode, in paranoid mode there is no whitelist or anything automatically configured for the HIPS, you will get tons of popups.
http://help.comodo.com/topic-72-1-155-1115-General-Settings.html

Take a look to this HIPS test.
https://www.wilderssecurity.com/showpost.php?p=1939784&postcount=404

 

Malware Defender is excellent, but hasn't been maintained or updated in many months.

The HIPS component of SpyShelter is very aggressive. Works for 32-bit AND 64-bit. Vigorously maintained & frequently upgraded by its proponent. It has a free version (I haven't used it) and a non-free version (that's the one I use). For the non-free, its license is a one-off cost of ~30 USD, ~29.95 Euro.

 

Yeah comodo in paranoid mode is very chatty. Way too much for me.

 

@Metting

Malware Defender. I've used it 24/7 for almost two years on an XP/SP3-32 system, currently v2.7.3.002.

In addition to popping up alerts for the most intricate minutia, the precise details presented in those alerts will teach you more about your OS than you might want to learn. Or not. MD is still alot of fun for me and I'll miss it when I buy myself that new system for Yule.

I've built 84 rules for non-OS Applications; another 33 are trusted. For svchost.exe there are 60 application rules and about a dozen others spread out for process permissions, the registry, files and network.

Explorer will want to confirm you want to open Notepad. And then to confirm your save to C:\aFolder. And next time if you want to save to C:\anotherFolder.

Wait until something wants to open an .msi file.

You will soon learn to use * in your rule paths, place apps in Trusted (i.e. CCleaner, zip and rar utils) or to just "Disable all protection" temporarily when doing some complicated otherwise safe process. Learning Mode may become your friend; often I'll use it and then go back and tweak the rules. If you think you've flubbed a rule set, there is a competent Find tool and all are easily deleted via context menus.

I have used/tried the other apps mentioned here and while some come close to the granularity of MD none actually approach it. From your #1 post, I am certain MD is exactly what you're looking for. There is nothing I have yet found that can't be built, edited (tweaked), disabled or deleted no matter how deep I've gone.

Hint: after you install it, make sure it's in Learning Mode and reboot. Trust me on this. Review the built rules and approve/tweak as needed and then turn off learning. (That's assuming you don't disable the default "Run MD when Windows starts.")

Good luck.

 

This is what you need! MD is a puppy compared to OSSS.
The ones who have tried it know what it is how it looks.

 

Want aggressive HIPS? I suggest you use COMODO under paranoid mode and disable autosandbox.

 

I would say most Classical HIPS are aggressive but all of them (except MD i guess) have some kind of pop up reducer. (Be it whitelist, automatic decisions, verified signed files, cloud etc.)
If you disable them all you might probably click on hundreds of pop ups for the first hours

 

Online Solution Security Suite!

 

The old members will remember the EQSecureera...
Then, the Malware Defender era...

Once upon a time (a few years back...),
Aggressive HIPS were very popular, here.

It's Not the same anymore...

 

Totally agree. I forgot that in the new version of OA, you can also disable the "auto trust" even though the programs are deemed safe by Emsisoft.