1) The HIPS must be able to prevent executables from running 2) It must be possible to turn auto-allow based on digital signatures off, because there is malware now that comes with a valid-looking digital signature (and never mind stuff like the Sony BMG rootkit) 3. Most importantly, it must be possible to update the whitelist en masse; i.e. to allow individual files in batches, rather than one at a time. I'm not talking about allowing everything in a given directory, which is grossly insecure, but rather the mass creation of hash rules. Are there any HIPS or HIPS/firewall combos like this? Freeware would be a bonus, but IMO such a piece of software would be well worth paying for.