An HIPS for Windows 10

I had to uninstall Comodo HIPS and Firewall from Windows 10, because it blocked Windows Update process. I'm used to have an HIPS from the time of System Safety Monitor, which one could I use in 10 without have problems ?

 

You don't need one. If you keep Windows current, and are not "click happy" on every unsolicited link, popup, attachment, and download you see, a separate HIPS program is totally unneeded. This is exactly why they have fallen out of popularity - not that they were ever widely used or recommended.

 

If you use Microsoft Defender as an AV, you can enable ASR rules, which Microsoft says replace 3rd-party HIPS: https://docs.microsoft.com/en-us/mi...point/migrating-asr-rules?view=o365-worldwide

The ASR rules work fine with non-enterprise Windows 10 and can be set conveniently with Configure Defender or Defender UI (both free).

 

DefenderUI, by the same creator(s) as the superb VoodooShield is definitely worth checking out. And with Sandboxie thrown into the mix makes a HIPS app feel clunky and antique.

 

Thank you for all your answers. Anyway, are Voodooshield and Secure Plus ( now CatchPulse ) compatible con 10 ?

 

OT for the Moderators: sorry for my posting in the wrong threads.

 

SpyShelter Free includes an excellent, time-tested HIPS.

 

Thank you, but here seems different: https://www.spyshelter.com/download-spyshelter/

 

The HIPS is in all 3 main versions of SpyShelter (Free, Premium, & Firewall versions) but that specific chart does't list it for some reason.

The HIPS component IS in the Free version. I know because I used the Free version for several weeks until I decided to upgrade to the Premium version. Also, the link I gave you shows the HIPS is in the Free version, even if the comparison table does not.

 

Thanks a lot bellgamin.

 

You are very welcome!

 

There are only two old skool HIPS that I know of, namely Comodo and SpyShelter. I'm not sure which AV's have HIPS modules that are configurable by user, I believe only Kaspersky but I might be wrong. And of course you also have tools like HitmanPro.Alert and OSArmor that have got certain HIPS features, but they are more about auto-blocking, so user input isn't always needed.

I think by now it should be clear that most of us think it's fun to use extra security tools, even if we can also stay safe with your advice, and it's true what you said of course. And the reason why they were never popular is because most people don't actually understand how to use them. It also depends a bit on the type of HIPS, some are ''set and forget'' while others rely more on user input and are less smart. But in case you're dealing with a more sophisticated attack, an old skool HIPS might actually save your bacon if you actually know how to operate them.

 

"Most of us"? Not hardly. A few, sure, and that's your choice. But no way do "most" users think bogging down our systems with extraneous programs is fun, or necessary.

 

100% agree!

SpyShelter's HIPS is not all that complex -- much more user-friendly than HIPS were in olden days. User is able to write rules, of course, using a simple format that walks you through the process. HOWEVER, user can ignore rule-writing altogether &, instead, rely on SpyShelter to write its own HIPS rules, as the user goes about his every day routines. There will be alerts for Allow/Block for 3-4 days & then it's set-it-forget-it (until a malware comes along).

In essence, a HIPS is mainly a teachable/configurable type of behavior blocker. It is useful against some types of zero-day, & also (if desired) can place some limitations on executables such as rundll32.exe without messing up legit usages.

BTW, ESET has a HIPS component which is both: (a) fairly competent, even if user chooses not to tweak it, AND (b) very competent if user does choose to tweak it & has the know-how to do so (or requests & obtains help from ESET's forum or experienced users here at Wilders).

I would say that a reasonably careful, low-risk user could well rely mainly on only the competent security that is built into Windows, abetted by frequent imaging of main drive to an external storage area.

A higher-risk user could possibly use the added layer of security provided by a HIPS. (I am a higher-risk user, not because I go around using cracks or surfing the dark side of the net, but because I continue to keep using a Windows version that is no longer supported by Microsoft.)
~~~~~~~~~~~~~~~~~~~~~~~
P.S. SpyShelter is feather light on my aging, dual-cored laptop.

 

I definitely agree !

 

Excellent point! Now we are on the same page! I completely agree with this - not the use of obsolete, superseded and unsupported operating systems, but the use of an added layer of security on such systems to protect the user, and potentially the rest of us, from the bad guys.

 

Yes correct, SS can also run in ''auto allow'' mode which will reduce alerts, but will most likely also fail to protect against more advanced attacks. Think of the CCleaner ''supply chain'' attack, so that's why I have switched back to ''ask user'' mode. And I forgot about Eset, which also has HIPS.

I meant most of the people on this forum, especially the regular crowd. Telling them they don't need HIPS or any other tool besides AV will fall on deaf ears, because we like to use extra protection in case we get to encounter a more sophisticated attack, even if the chance is quite small. And it's fun to be able to get complete control over app behavior, without actually bogging down the system. Tools like HitmanPro.Alert, OSArmor, SpyShelter, AppCheck, we just love them!

 

What I said still applies. There are nearly 130,000 members of Wilders. No way do "most" of us think like you do about using unneeded protection. Go back and look at the threads this same subject keeps getting discussed. It is always pretty much the same handful of people promoting these products. Not 1000s. Not 100s. Not even 10s.

Yes, I agree it will fall on deaf ears - but that does not make it correct. If you try to tell me your red Chevy Silverado or your silver RAM 1500 is better than my blue Ford F150, that will fall on deaf ears too. Being someone who doesn't listen, or who buries their head in the sand is NOT a good character trait. It simply indicates a closed mind.

And that may be true too. In fact, I felt the same way 20 years ago when extra protection was needed with XP. I enjoyed the hands-on fight between good and evil. But that was then. This is now.

And that's fine too. But stop suggesting users who keep their systems current, and who avoid risky behaviors need those fun tools. They don't. And it is a disservice to other members here to suggest otherwise. If needed, then the 100s of millions of users of Microsoft Defender or the popular alternative solutions (Norton, McAfee, ESET, BitDefender, etc.) would all be infected. And they are not!

 

No correct, but what I meant is that most people who are into HIPS and behavior blockers, will take your advice with a salt of grain, since they already decided that they DO need these tools. It's the same with people who say you don't need Sandboxie because browsers already have a built-in sandbox, which should tackle 95% of most exploits. But guess what, for some people 95% isn't enough, so that's where HIPS and other tools like Sandboxie come into play.

The point is that whether people need those tools or not, is not up to you or me, although you are entitled to your opinion. And I do agree that most people probably don't need all of those extra tools to stay safe, but if you really don't want to take any risk at all, these fun tools may come in handy in case your AV fails to protect. So it's a disservice to other members to suggest otherwise, to borrow your words.

 

That's the deaf ears part. We already agreed on that.

That is not entirely true. It depends on your role in life as determined by your training, expertise, and responsibilities. As seen via the link in my sig, I have had a long professional career supporting secure IS/IT communications systems - some of the most secure in the world. I still do IT consulting. It is indeed my job to advise clients what they "need" and don't "need". As an experienced forum helper, I do the same here.

What I cannot and will not do is tell people what they "want".

You "want" to use those products because you find them to be "fun". That's fine. I am not suggesting you or anyone stop using tools they "want". I am just saying don't tell people they need them if they don't. And they don't. Neither do you - UNLESS you don't keep your system current and you do other tasks (correctly suggested by bellgamin above) that put your systems and fellow netizens at risk.

Now I am moving on.

 

Have you tried updating your Windows 10 after uninstalling Comodo and then reinstalling it again?

If it has worked for any length of time to your satisfaction OR you found the issue your describing after running Comodo a few times since installing to 10 (aborting your windows/updates). You can try to reinstall and see if the issue still persists.

I know some find certain Security Apps like Comodo to their liking and finding an equal alternative is not always satisfactory.

 

I have to check if I can validate my old AppGuard license: it's an anti exe, not a complete HIPS, but it's strong and reliable.

What about Windows Defender as av ? I read the AV-Comparatives test.

 

Hey Bill

and what is your personal conclusion?
i mean - you read it and still asking for defender?
it has all the protection other offers too, but with a limited not over-feature settings dialog, is performing slower on older machines due cpu power which ofc raises used cpu power.

as a long time windows user i tried a lot of security programs, also HIPS tools. it is "fun" not not very convenient. it took me too much time to support those extra tools with less gain of security because my overall security is at a high level - with only 3 programs. there exists tons of threads in this forum concernig pros and cons for this and that and it was explained a lot more which of those have really gain.

you found out that an additional security software broke your system. at any end of it all will break it with its extended features. this is a conlcusion on my side.

 

So far which i can recomend
use Comodo
use SpyShelter - my personal choice (use this amlost since relase)
use ReHIPS