'Easy setup for starters' HIPS combo

Discussion in 'other anti-malware software' started by Kees1958, Feb 3, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    A few members asked me to give them an easy HIPS setup with few pop-ups.

    On vista32 it would be

    1. Basic HIPS = use build in UAC,
    Some complain about the number of pop-ups they are getting. Never run without UAC, When you want less pop-ups use teh queit setting. Use regedit to set UAC parms as follows:
    https://www.wilderssecurity.com/archive/index.php/t-185220.html

    When on Vista 32 bits add ThreatFire out of the box.

    2. Firewall
    Use freeware Vista Firewall Control 1.2 (uses the Vista Fire Wall kernel, but adds outbound control).

    On Windows XP it would be

    HIPS + FireWall, https://www.wilderssecurity.com/showpost.php?p=1164171&postcount=29

    Now for some reason this setup will cause your PC to hang when shutting down. In that case this would be a good alternative

    File filter = https://www.wilderssecurity.com/showpost.php?p=1162455&postcount=25
    Registry Filter = https://www.wilderssecurity.com/showpost.php?p=1162446&postcount=24

    Set application filter to see pic PCtools EQS.JPG

    Now set EQS in learning mode

    Download PC Tools firewall, go to settings and select Enable protection against code injection: Having this enabled will automatically prevent any code injection/hook setting (this PCTOOLS FW setting correspondenses with EQS "Modify memory of other process" and "Install global hook"). PCTools code injection is pretty good, try it with TrojDemo.

    Next download drop my rights http://cybercoyote.org/security/drop.shtml and set it up for all your internet facing aps (alternative is using virtualisation = SafeSpace Personal = https://www.wilderssecurity.com/showthread.php?t=199167)

    Startup all your internet facing aps (and allow the pop-ups and injection thing). Advantage of PCTools FW is that it comes in many languages. When you want to change a rule for an application, click applications tab and double click a application listed, a pop-up will show what the application is allowed to inject or set a hook.

    EQS will take care of the intrusions which are really suspicious. Code injection/hook setting is done a lot by XP applications, so the most common are dealt with PCTOOLS FW+ The real nasties are dealt with EQS, which are not common so EQS should be reasonably quiet.

    With those two (EQS + OA) or (EQS + PCTools FW) you are protected by the worst things by EQS and the common (als legitemate) intrusions are dealt with by OA or PC TOols. You will notice that OA is a lot more intelligent due its blacklist. On the other hand PCTool FireWall is light and has excellent code injection detection/hook setting detection (


    Regards Kees
     
    Last edited: Feb 4, 2008
  2. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    great job mate...maybe it would be nice to add a link for the thread "online armor learn-a-thread" from firewall section so people can almo set it on auto pilot.great opportunity for novice users to start protecting themselves more effeciently :) (we all are after all)
     
  3. tepe2

    tepe2 Registered Member

    Joined:
    Jan 18, 2006
    Posts:
    539
    :thumb: :thumb:
    There are several applications I have to test in my hunt for the security setup I want to use. When time for it I test EQS+OA+possibly one more (AV or Threatfire).

    Kees when you refer to this as easy HIPS setup I guess EQS is easier to use/learn than SSM or Prosecurity? With same good protection, at least in combo with OA.

    I have to try this :)

    Edit. Sorry, forgot you already answered here: https://www.wilderssecurity.com/showpost.php?p=1170841&postcount=15


     
    Last edited: Feb 3, 2008
Loading...
Thread Status:
Not open for further replies.