Aggressive HIPS recommendation needed

Discussion in 'other anti-malware software' started by Metting, Sep 21, 2011.

Thread Status:
Not open for further replies.
  1. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Hi Wilders,

    I would like to install and use the most aggressive HIPS , HIPS which will popup at every single trivial action in my computer without any predefined rules at all even for windows processes and components, and without any trust of any kind of any process or file, a HIPS to tell me that the X process wants to do "bla bla" to the "bla bla" in the "bla bla" by making "bla bla"

    HIPS to ask me every time and don't take any action by itself, HIPS to give me 5 options ALLOW ONCE, BLOCK ONCE, ALLOW ALWAYS, BLOCK ALWAYS, and LEARNING MODE.

    I have tried comodo but hate the so many predefined rules and white list. Also tried SSM paid version but its obsolete and don't cover some areas. and Zemana but it is just an antilogger not a complete HIPS. I have a license for OA but I tried it 2 years ago and was not satisfied, I don't know if the latest version of OA is the aggressive HIPS I need or not .

    Is such an aggressive HIPS really exist? any recommendation please ? WIN XP 32
    and sorry for my English.

    Thank you all dear friends
     
  2. chris1341

    chris1341 Guest

    I'll resist asking why and just assume you know what you are doing :). I'd suggest Malware Defender if you are on 32 bit systems. Unless you work with a fairly lengthy learning mode period it's pop-up tastic man!

    You should do at least of couple of restarts in Learning mode though so MD knows what to allow during the start-up/shut down process. Just asking for frozen systems otherwise.

    Cheers
     
  3. ocsi

    ocsi Registered Member

    Joined:
    Feb 8, 2011
    Posts:
    95
    Free (standalone):
    - Spyware Terminator
    - StormShield Personal Edition
    - Malware Defender
    - SpyShelter
    - ThreatFire (Behaviour blocker)
     
  4. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Thanks Chris

    may I have MD official site link, I goggled to find only a Chinese site is there any English info about MD?
    P.S Free app is not essential ,I don't mind to buy the required HIPS

    Thanks alot
     
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    I understand that you are using XP and don't want to have any predefined White Lists? I don't remember a standalone HIPS which is developed nowadays except Malware Defender...but it has WL. You can eventually remove all detected applications and processes from trusted list and try to start "at empty".
    You can try also OA and after obligatory during installation "Safety Check Wizard" have to remove all detected progs/proces. You have to also uncheck perhaps all features like "automatic allow" and conection with OASIS. But there is one "but"...OA is a firewall with HIPS. I don't know you want to have firewall?
    Third option is SpyShelter with setting in "options/security" on level "ask user"...but SS is mainly anti-logger:)
     
  6. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,485
    Location:
    Poland - Cracow
    Latest version of Spyware Terminator has not probably the same hips-features so it hade in previous version. And TF is most efficient on "5 level" with additional advanced settings.
     
  7. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Use Comodo but don't use the white list and delete the built-in rules.
     
  8. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    I have three versions of Malware Defender but I don't know of a way to get them to you. I used to upload these to rapidshare but they now require registration and I'd rather not do that.

    Send me a PM and give me an e-mail address and I'll send them to you.
     
  9. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Simple...Online Solutions Security Suite. [http://www.online-solutions.ru/en/products/osss-security-suite.html]
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Try Online Armor or Comodo again but make SURE to disable auto decisions (Specially in OA, get rid of auto decisions, same thing in Comodo), disable whitelist and i'm pretty sure it will get very very noisy because i use it that way ;)
    For Comodo also set everything to max
     
  11. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    I don't think your able to find a product like you think
    it will be very painful and hang alot

    try watching the Huge Log Process monitor that will produce in 1 minute

    you can have a pretty aggressive one but you can't monitor all the system
    that is my opinion Please correct me if i'm wrong
     
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
  13. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    yes indeed konata..:thumb:
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i am currently running Malware Defender.

    it is very agresive trust me on this one;)
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    But MD only works for x86 (32 bits) which could be an option killer.

    To be honest, Comodo FW or OA could be as agressive as MD if you really disable all auto features. (No whitelist, no auto decision, no cloud, no trust signed files, no auto allow trusted programs to connect to the web etc.) ;) :D
     
  16. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Comodo D+ in Paranoid Mode, in paranoid mode there is no whitelist or anything automatically configured for the HIPS, you will get tons of popups.
    http://help.comodo.com/topic-72-1-155-1115-General-Settings.html
    Take a look to this HIPS test.
    https://www.wilderssecurity.com/showpost.php?p=1939784&postcount=404
     
    Last edited: Sep 21, 2011
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Malware Defender is excellent, but hasn't been maintained or updated in many months.

    The HIPS component of SpyShelter is very aggressive. Works for 32-bit AND 64-bit. Vigorously maintained & frequently upgraded by its proponent. It has a free version (I haven't used it) and a non-free version (that's the one I use). For the non-free, its license is a one-off cost of ~30 USD, ~29.95 Euro.
     
  18. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Yeah comodo in paranoid mode is very chatty. Way too much for me.
     
  19. LODBROK

    LODBROK Guest

    @Metting

    Malware Defender. I've used it 24/7 for almost two years on an XP/SP3-32 system, currently v2.7.3.002.

    In addition to popping up alerts for the most intricate minutia, the precise details presented in those alerts will teach you more about your OS than you might want to learn. Or not. MD is still alot of fun for me and I'll miss it when I buy myself that new system for Yule.

    I've built 84 rules for non-OS Applications; another 33 are trusted. For svchost.exe there are 60 application rules and about a dozen others spread out for process permissions, the registry, files and network.

    Explorer will want to confirm you want to open Notepad. And then to confirm your save to C:\aFolder. And next time if you want to save to C:\anotherFolder.

    Wait until something wants to open an .msi file.

    You will soon learn to use * in your rule paths, place apps in Trusted (i.e. CCleaner, zip and rar utils) or to just "Disable all protection" temporarily when doing some complicated otherwise safe process. Learning Mode may become your friend; often I'll use it and then go back and tweak the rules. If you think you've flubbed a rule set, there is a competent Find tool and all are easily deleted via context menus.

    I have used/tried the other apps mentioned here and while some come close to the granularity of MD none actually approach it. From your #1 post, I am certain MD is exactly what you're looking for. There is nothing I have yet found that can't be built, edited (tweaked), disabled or deleted no matter how deep I've gone.

    Hint: after you install it, make sure it's in Learning Mode and reboot. Trust me on this. Review the built rules and approve/tweak as needed and then turn off learning. (That's assuming you don't disable the default "Run MD when Windows starts.")

    Good luck.
     
    Last edited by a moderator: Sep 21, 2011
  20. stevan4

    stevan4 Registered Member

    Joined:
    Feb 25, 2011
    Posts:
    85
  21. operamail

    operamail Registered Member

    Joined:
    Sep 14, 2011
    Posts:
    254
    Want aggressive HIPS? I suggest you use COMODO under paranoid mode and disable autosandbox.:)
     
  22. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    I would say most Classical HIPS are aggressive but all of them (except MD i guess) have some kind of pop up reducer. (Be it whitelist, automatic decisions, verified signed files, cloud etc.)
    If you disable them all you might probably click on hundreds of pop ups for the first hours :D
     
  23. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Online Solution Security Suite!
     
  24. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    The old members will remember the EQSecureera...
    Then, the Malware Defender era...

    Once upon a time (a few years back...),
    Aggressive HIPS were very popular, here.

    It's Not the same anymore...;)
     
  25. operamail

    operamail Registered Member

    Joined:
    Sep 14, 2011
    Posts:
    254
    Totally agree. I forgot that in the new version of OA, you can also disable the "auto trust" even though the programs are deemed safe by Emsisoft.:)
     
Loading...
Thread Status:
Not open for further replies.