'Easy setup for starters' HIPS combo

Hi,

A few members asked me to give them an easy HIPS setup with few pop-ups.

On vista32 it would be

1. Basic HIPS = use build in UAC,
Some complain about the number of pop-ups they are getting. Never run without UAC, When you want less pop-ups use teh queit setting. Use regedit to set UAC parms as follows:
https://www.wilderssecurity.com/archive/index.php/t-185220.html

When on Vista 32 bits add ThreatFire out of the box.

2. Firewall
Use freeware Vista Firewall Control 1.2 (uses the Vista Fire Wall kernel, but adds outbound control).

On Windows XP it would be

HIPS + FireWall, https://www.wilderssecurity.com/showpost.php?p=1164171&postcount=29

Now for some reason this setup will cause your PC to hang when shutting down. In that case this would be a good alternative

File filter = https://www.wilderssecurity.com/showpost.php?p=1162455&postcount=25
Registry Filter = https://www.wilderssecurity.com/showpost.php?p=1162446&postcount=24

Set application filter to see pic

Now set EQS in learning mode

Download PC Tools firewall, go to settings and select Enable protection against code injection: Having this enabled will automatically prevent any code injection/hook setting (this PCTOOLS FW setting correspondenses with EQS "Modify memory of other process" and "Install global hook"). PCTools code injection is pretty good, try it with TrojDemo.

Next download drop my rights http://cybercoyote.org/security/drop.shtml and set it up for all your internet facing aps (alternative is using virtualisation = SafeSpace Personal = https://www.wilderssecurity.com/showthread.php?t=199167)

Startup all your internet facing aps (and allow the pop-ups and injection thing). Advantage of PCTools FW is that it comes in many languages. When you want to change a rule for an application, click applications tab and double click a application listed, a pop-up will show what the application is allowed to inject or set a hook.

EQS will take care of the intrusions which are really suspicious. Code injection/hook setting is done a lot by XP applications, so the most common are dealt with PCTOOLS FW+ The real nasties are dealt with EQS, which are not common so EQS should be reasonably quiet.

With those two (EQS + OA) or (EQS + PCTools FW) you are protected by the worst things by EQS and the common (als legitemate) intrusions are dealt with by OA or PC TOols. You will notice that OA is a lot more intelligent due its blacklist. On the other hand PCTool FireWall is light and has excellent code injection detection/hook setting detection (


Regards Kees

 

great job mate...maybe it would be nice to add a link for the thread "online armor learn-a-thread" from firewall section so people can almo set it on auto pilot.great opportunity for novice users to start protecting themselves more effeciently (we all are after all)

 

There are several applications I have to test in my hunt for the security setup I want to use. When time for it I test EQS+OA+possibly one more (AV or Threatfire).

Kees when you refer to this as easy HIPS setup I guess EQS is easier to use/learn than SSM or Prosecurity? With same good protection, at least in combo with OA.

I have to try this

Edit. Sorry, forgot you already answered here: https://www.wilderssecurity.com/showpost.php?p=1170841&postcount=15