Behavior Blockers

Ok there's..........
Norton AntiBot
Primary Response Safe Connect
Threat Fire
and I believe Drive Sentry is one.....

Are there other decent behavior blockers around? (not HIPS)
Got the HIPS area covered,kinda liking GeSWall (Policy based HIPS)
or is GeSWall covering this already?

 

Prevx is one of them and not all of them are purely behaviour blockers. CH,Sana,etc also depend on signatures. I consider them all hips anti malware wich mix several kinds of technology.

 

I would say there's a lot of choices between HIPS these days. Does Threatfire and Prevx offer the same protection between each other? I know they both gather feedback from their users and all.

I rarely had a response from TF and if so it was usually a false positive. Prevx is like the complete opposite.

 

As I understand it...
Behavior blocker is a subset of HIPS is a subset of anti-malware. Ergo, every behavior blocker is a HIPS, but not every HIPS is a behavior blocker.

Try THIS link -- a bit old, but still a fairly good list.

 

Old list? What exactly is old about it?

 

Drive Sentry...
Mmm, It does not have strong self-protection.
modest resource usage and a little fishy...

 

DriveSentry is just HIPS with only the data protection. It does come with wizards to help you get started, but it can't really distinguish between valid and malicious activity, nor does it try - I wouldn't really call it a behavior blocker.

Add Micropoint to the list. It's an intelligent behavior blocker from China that admittedly doesn't get much exposure here, but the product is solid. They've recently released an English beta, btw.

 

Solcroft,

Have you tried it? I was pretty impressed by PowerShadow and EQSecure, so am curious about Micropoint.
Regards Kees

 

I do try it sporadically every now and then, but I do keep a constant eye on its performance (people post daily reports of its and other AVs' effectiveness against malware), and it's rather impressive, to say the least.

I'll try to write a basic introduction on it sometime, time permitting.

 

I tried micropoint, and it works very well.
only thing am not sure about it now is which category it fits in, in antivirus or behaviour blocker?
Bcause i have an archive which have 5 malwares and when i try to extract that archive it shows the warning message that malwares have been found(its warning window is somwhat similar to bitdefender 200 and asks me to delete them.
i think AVs does this job when u have realtime protection on. behaviour blockers just blocks the malware when they try to execute.
so which category does micropoint fits in?
Anyway its a good program.

 

I am one of the longterm users of MP.
During my test,I found that MP is a AV software, not a HIPS. MP can deal with viruses,trojans and malwares.MP has its own virus library and normal program library,so it can use the data to kill the virus.
Meanwhile,HIPS can only block the API behaviors.
In some degree, MP has the same idea with kapasky’ proactive defense.
They are both based on the idea of HIPS,but they also have the feature of AV.So MP has less false alarminng messages and the missed alarming message.
So MP’s whole name is Micropoint Proactive Defense Software.

 

i believe a squared anti malware and threatfire are considered behavioral hips, but are they really the same as far as their behavior analysis? if not could these two be used together?

 

Although I have never used the two so called "behavioral hips", I have tested many other AVs.And I found that the AVs often conflict each other when they exist at the same time.The AVs often have their own ways of working.

 

Hi, folks: As far as Behavior Blockers are concerned, I am currently using two of them together and no problems. They are PrimaryResponse SafeConnect and ThreatFire free. Folks, You may want to look at PRSC very seriously, an app sadly missed by majority of security gurus until Norton licenses its clone and makes a big splash.

 

Wordward,

A2's IDS with Intelligent False Positive Reduction OFF and Paranoid mode ON provides more or less the same protection as ThreatFire free, onlu its messages are more clearer. Be sure to also select the riskware check ar the on execution malware check (for key loggers).

They can run together but it does not provide much additional protection. When you run XP, you can better download teh free WinPooch and use the filter posted here https://www.wilderssecurity.com/showpost.php?p=1091240&postcount=35 Open the filter with notepad and safe as ansi file with .WPF suffix. Then go to winpooch's configuration and import this file.

 

thank you. I have false reduction off. does paranoid mode use much more resources? what can I expect to see different with it on?

 

I think Emsisofts Mamutu would qualify and is working very well for me.

 

Hey,I tell sth about Micropoint:
Many people regarded MP as the hips.BUT
Microprint proactive defense software is totally different with the hips. Micropoint will judge the application which is virus or not by a series of the API actions, and the library of the virus logical actions. The Artificial intelligence analyze will judge the virus accurately, and avoid the useless information which more suit to use by the common user. As the application add one registry item (one API action), the hips will alerts the user this is the suspicious action, and inquiry the user whether execute this. Especially when the normal application has been bind with the virus , The user will make the wrong choice.

 

Indeed!

Written and no doubt maintained by the elusive expert-LU

Great work!!

http://wiki.castlecops.com/Lists_of_Freeware_Security_Software

Edit-am trying Micropoint now-really interesting!

 

Depends on your definition of Host-Based Intrusion Prevention System. If the emphasis on Host-based, even a black listing AV can be considered HIPS.

Sounds like MP is a behavior blocker or a 'smart' HIPS.

 

If i had my choice, and i won't, i would preferred Novatix kept developing CYBERHAWK. At one time it was a masterful behavioral blocker and a one-of-a-kind.

I just don't see ThreatFire is the same light unfortunately, so hopefully more developers will produce a new version of Behavioral Blockers along those same lines with an equally smaller installer not to exceed 6 or 7 MB. Anything larger then that i seen cause nothing but issues for both users and developers.

EASTER

 

MICROPOINT : HD : 57 Mo . Heavy artillery ... too much of a good thing ...

 

Ok i'll bite.

An excellent as can be behavioral blocker plus EQS final when it lands plus AE along with Returnil and Tiny Watcher, and i would be satisfied of that Lite layered approach.

I still want every line in the SSDT Table/Win32 covered and smothered with self-protection as well. LoL

No way that i can see to defeat a file infector unless some clever soul surfaces with a way to patch every file to block the PE's header or whatever change, but it's still offers exciting interest. Cypting by the way is not for me.