Whats New In EQSecure 3.41

Hey There,

EQSecure 3.41 has been released! Does anyone know whats new / what bugs were fixed?

http://www.eqsecure.com/

 

I was about to ask the same question. The google translation of the home page of EQS is #$%&$ed up:

Is the translation for 3.4 provided by solcroft compatible with 3.41? :
https://www.wilderssecurity.com/showthread.php?t=181576

 

Hi, folks: The d/l link provided by OP is although in Chinese, but the copy d/l is in English. Good luck.

 

Especially now with the news of the Chinese cybor attacks on the USA does it make you even kind of nervous?

 

Hi, folks: Nervous? not a bit, taking into consideration of ratio of attacks over population in China, that figure is just a drop in a bucket. There are quite few bright brains there, but that does not automatically translate into the notion that all are evil-minded. EQSecure is an excellent app, although I feel it is a bit too noisy.

 

Does anyone know if they are entertaining the idea of at least adding ENGLISH to their forum software so others of us can weigh in and/or contribute our thoughts, post bug reports, or otherwise make useful new suggestions to a wish list?

I tried registering on their forum but the server is slow as a snails trail and i got this.

 

I believe it means bug in protection against system shutdown. It is now intercepting shut down where previous version failed.

See this thread.

https://www.wilderssecurity.com/showthread.php?t=187831

Seems a nice feature also. See attached pic.

 

1. the bug not detect the system shutdown
2. add the detection of emulation of mouse and keyboard
3. only detect the write action on direct disk access now
4. the bug of registry protection module

I am not a user of EQsecure, so the translation may not be so proper, you know chinese expression can have different meaning at the same time if not consider the conversation.
There are more than one forum about EQsecure, you can also discuss it here, if your feature request is something special or not found in other users, I can help you to post there.

 

I dunno about the rest of you but i took the liberty of changing a lot of words in the EQSysSecure.xml document like adding Segoe UI fonts and changing Applications Protect to Program Shield and so so to suit the conscience and have it more informative at the same time. My View Log reads Review Report. I just can't leave well enough alone

I done the same with SSM with changing it's Log icons and made for a more attractive and easier-to-read log.

 

Hi, have a look here.

https://www.wilderssecurity.com/showthread.php?t=187839

BTW I know solcroft has promosed to convey it to the developers, very kind of him. I learnt a lot of things about EQS from him.

 

Thanks for the link aigle

This really is another great study now with EQsecure, just like it was when System Safety Monitor first surfaced, and i'm only just begininng to to make my way all the way around this great HIPS grounds, and everything i can find to better tweak rules for more security encourages me further & further along to complete satisfaction in it.

Like you, i'm also still learning the ins and outs and everything in between.

 

Thanks, Very Informative...

Yet for some reason (or is it just me) EQSecure 3.41 isnt stable. It stopped detecting some drivers being loaded and the registry protection isnt working properly for some keys.

Might go back to version 3.4....

 

Tried this version its cool but I don't think it's detecting low level access for one of my programs DVDFab. I don't get a prompt that its wanting low level access when I launch the program. DVDFab is one of the programs I use that tries to get low level access, when I was testing it with prosecurity I was able to allow execution of DVDFab and block low level access and still be able to use the program. With EQSecure I allow execution and thats all I get, no other prompts about it wanting low level access.
Think I'll have to go back to prosecurity.

 

Any examples where 3.41 fails while 3.4 not?

 

Ok. I am also noticing limitations in the registry protect area.

I mean i added just today this line in the Rules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

even checked Create File box to watch for KEYS being created and when i manually added a key, Zilch! Nothing, and yes i pressed APPLY after creating a new registry group. No notify, no nothing. I must have repeated this over and over several times and tried several different others all with the same results.

Anyone have an idea or do we just chalk this up as another bug now?

And dmenace, thanks for the note on it not recognizing when loading drivers. That i haven't tested yet on this version. I might have to revert backwards myself.

Also does anyone know where or if a setting exists to restart programs if terminated maliciously?

I seen the auto-start menu but that looks more like program coverage of it's modules and even then we have to wait a whole minute at best?

 

I'm still feverishly combing over everything i can possible do to get EQ to accept & save certain other registry issues, I dunno, it could be something i'm missing or it's just some things still left undone with it.

With all the ISR & Imaging apps that command so much of my attention these days, i still am extremely high on this HIPS. It;s as light as a feather, snappy quick to alert then notify with very good info most of the time, but i would prefer they open up more avenues for us to set in it to protect/monitor.

I been a loyal supporter of SSM for quite awhile but with all the latest releases i just can't get a handle on it anymore since they restructured the registry screen/settings (looks foreign to me), and added network that kills my internet everytime. Besides and since theres no time to take SSM 102 studies everyday, this EQSySecure is just the ticket to come along at just the right moment for me and is come on the scene like gangbusters with a much simpler design as well as i might mention more exciting GUI w/effects.

Plus it's solid. I hope they build into it more advantages for the end users because programs of this nature are as educational as they are security aware.

Any Thoughts?

 

Not tried reg module in v 4.1 but v 4 reg modules were not working fully.
Not sure they fixed the bug or not?

 

You've probably already done this but have you used wildcards (ie a *) for the key you wish to monitor. Also check your "per application" rules. May be you have allowed something such as regedit unlimited modifications.

EQSecure is a great HIPS performing well esp. under NicM tests etc.

I still prefer a classical HIPS to new behaviour blockers like Cyberhawk because they are definite: 99% of malware WILL add an autostart entry yet Cyberhawk doesn't alert the user for this unlike a classic HIPS.

EQSecure is a great piece of software but I am suprised that version 3.41 appears to become inconsistent. At start up for instance it doesn't fully protect you untill it has started up? May be it is a beta or perhaps it simply isn't tested thoroughly before release?

Love the File Protect too... if you have a say SFTP server and it is compromised this additional layer protects those precious files.

 

Hi dmenace!

1- I disagree that 99% of malware add an auto-start entery.
2- CH is now ThreatFire and it does alert about autostart reg enteries!( even when it was CH).

I am still waiting for ur example about driver loading not intecepted by EQS.

 

Ok give me some time

I meant CH only detects if several registry keys changed or something - Heuristics

 

Thanks.

No, no heuristics at all. It intercepts common auto-start reg enteries just like a classical HIPS but popups are more user friendly, lika a behav blocker.

 

On my PC setup, I have Winfox Display Drivers Installed.
Each time I start up my PC they are deleted and then created. Strange I know, but thats how it works.

EQSecure 3.4 would prompt me about this action to Install / Delete the driver.

EQSecure 3.41 however, totally misses this action...

Further Details:

Driver: WINFOXIO.SYS
Path: \system32\wf2k.exe

May be it is a service? Then why does it have a .SYS extension?
Could you perhaps clarify the distinction between a service and a driver?

 

Thanks for reminding me of the wild card asterisk. I missed it totally.

My own oversight i'm afraid, i now have EQSecure not only watching over personal registry KEYS/Values but also monitoring folders and other file extensions and interrupting immediately to pre-determined changes as built into it's rules. Still more to look into and modify though it's getting even better now.

In fact i've completely re-written the entire XML to reflect more logical terms (at least for me) to suit my needs. For example ALLOW/BLOCK instead of Allow and block and a myriad of other custom phrases. Makes it even more exciting IMO.

 

Thanks

May be delayed start of EQS!

What is this driver?

Sorry, no idea.

 

It fails GetKeyBoardState test by AKLT v2.