EQSecure 3.4 released + non-official language file

Discussion in 'other anti-malware software' started by solcroft, Aug 1, 2007.

Thread Status:
Not open for further replies.
  1. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    EQSecure 3.4 is officially released. I see someone has already posted the official download link in the EQSecure discussion thread. It is however going very slowly (since its hosted on Chinese servers), so I'll try to get a Rapidshare or Megaupload download link up as soon as I can.

    OFFICIAL DOWNLOAD LINK: http://www.eqspywatch.com/download/EQSysSecureSetup.exe

    If you have an earlier version, please uninstall before upgrading. You can back up your rules prior to uninstall by making a copy of EQSysSecure.xml, which is found in your installation folder.

    In the meantime, here's my (non-official) English language XML file for the newest version. Rename the txt extension to xml after you download it. To apply it, exit EQSecure, browse to the Lang folder under the installation folder, and locate the en.zip file. Replace the EQSysSecure.xml file inside the zip file with the new one (you might want to make a backup of the original copy), and restart EQSecure. This is a non-official language file, use at your own risk. Do NOT replace the EQSysSecure.xml file in the INSTALLATION folder - that one is your ruleset file.

    EDIT: Megaupload link now up. For people who are experiencing horrendous download speeds from the official link (like I did), get it from here. It's the exact same, unmodified installation file.

    http://www.megaupload.com/?d=VP8G814A


    Changelog:
    • Monitor changes to system time (prevents malware from disabling Kaspersky, among other things)
    • Monitor system-level debugging (now passes all of nicM's unhooker tests)
    • Improved Learning Mode, now learns rules for data and registry protection as well
    • Runs as a service, supports LUA
    • Locked Mode (analogous to SSM's Disconnect User Interface)
    • Increased system performance
    • Improved Task Manager
    • New icon
     

    Attached Files:

    Last edited: Aug 3, 2007
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    OK thanks, I will check it out. And why not start an English forum, or is this HIPS mostly geared to China? It does seem like a cool tool, but it´s a bit annoying that there is no English version available, I mean without the workaround. :rolleyes:
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The developers of EQSecure are Chinese, so you can't really blame them for putting emphasis on the Chinese version first and foremost. There is an English version, I just took it upon myself to fix some of the more glaring grammatical and spelling errors in the translation.
     
  4. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Sigh..

    It looks really strange that the people here are supposed to be the most paranoid people on the planet and yet many are willing to download security software from untrustworthy sites or unknown sources..
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Ironic, isn't it? :D

    But hey, if the official links are working fine for you, by all means use them instead.
     
    Last edited: Aug 1, 2007
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    Well, if it manages to break out from my virtual machine, I guess I´m out of luck. :D
     
  7. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I already got it earlier from the official site. thank you very much. But that's not the point.

    And yes, I know you guys (or me for that matter) will be using disk imaging, backups, running in vms and all that, but it's the principle of the thing.

    Heck i even traded malware from someone here a few days ago... But I figure it's malware already, what's he going to do ?, make it even more malicious lol...


    :D
     
  8. xStylezx

    xStylezx Registered Member

    Joined:
    Aug 1, 2007
    Posts:
    11
    I cant seem to find a definitive answer but is this compatible with vista x86 yet?
     
  9. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    No not yet. It is slated for 3.5 though.
     
  10. xStylezx

    xStylezx Registered Member

    Joined:
    Aug 1, 2007
    Posts:
    11
    Awesome,thanks for the reply.Will keep an eye on this one.
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Thanks a ton for the new version link and english add-on.
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    With one single language you cover at least 25% of the world population. Imagine what a market that would be when they half of them have a PC.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    They do offer an English version, and they're currently working on getting English versions of the website and official support forum up and running.

    Updated the language file to fix some errors and inconsistencies.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    I tried to download the version from the official site but the link is dead. Also, I can´t make it run on any of my virtual machines, the service refuses to start up. I will wait for the official English version and see how things go, but I don´t have the feeling that this tool will actually make it onto my "real machine".
     
  15. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    EQSecure as Easter will tell you is amazing! But I'm convinced that it's UI is hard to understand, you have to have a certain kind of brain (nothing to do with being a manadarin speaker, since I speak the language) to really understand it... :D
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    This IS the official English version. All I did was patch up some of the translations.

    Per being unable to launch the program, would you happen to have any other security software blocking write access to your system32 folder?

    Also, the official link isn't dead. Since we're not from China, it's just very, VERY slow. That's what the Megaupload link is for, for what it's worth. ;)
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I used it for a while and like it. I noticed following improvements:

    1- GUI issues are fixed.
    2- No BSODs so far( I got few with previous version).
    3- Profiles( Modes- Normal and Behavior) now work as expected.
    4- Automatic rules creation during learning mode was a mess, that is fixed now.
    5- Locked down mode like SSM
    6- Option to disable watch messages( they were irritating for me)

    Problems/ issues I noticed:

    1- On shut down of EQS, all logs are cleared wlthough there is option to retain logs but it does not work I think.
    2- There is no option to enable MD5 globally for application execution defence module( I don,t know why it has not been implemented. It,s a pain to enable this option for all applications in the rules)
    3- They removed the option " Allow for the session" from popups, I don,t know why?
    4- Option to enable learning mode is hidden in the main GUI, rather than appearing in the tray icon options.
    5- If u enable MD5 check option in File Protection Application,s rules, concerned application will use lot of CPU and will become very very slow( this bug was there is previous version. Similar bug was there in Registry Protection rules in last version but I did not notice it now.( See the picture for explanation).

    Features I think are imporatnt to be added:

    1- Outbound FireWall functionality
    2- Option to enable MD5 globally for application execution defence module
    3- A process monitor like SSM that informs u if there are any processes running without rules set or with changed MD5
    4- Option to enable learning mode from tray icon
    5- Tray icon color should be changed in Lock up mode
    6- Vista support
     

    Attached Files:

    • EQ1.jpg
      EQ1.jpg
      File size:
      111.6 KB
      Views:
      2,643
    • EQ2.jpg
      EQ2.jpg
      File size:
      117.9 KB
      Views:
      35
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    1. The logfiles are retained in the logs folder, it's just that the entries aren't visible in the inbuilt log viewer anymore. You can easily view the logs using any text editor. I'll pass this point on to the developers.
    2. Already in the wishlist. As a temporary workaround, you can use the File Protect module to monitor changes to files, as very few programs (apart from explorer.exe or your antivirus scanner) will have valid reasons to modify executable files anyway.
    3. The option is still there. Refer to the attached screenshot.
    4. This is a minor error in the English language file, which has since been rectified. This option will appear if you download and apply the language file from the first post in this thread.
    5. Will pass this on to the developers.

    Will pass this on to the developers. There was a poll in the official forums regarding outbound fw functionality once, so it may be slated for a future release. Vista support is planned for the 3.5 release.
     

    Attached Files:

    • eqs.PNG
      eqs.PNG
      File size:
      18.7 KB
      Views:
      2,577
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks a lot, Solcroft.
    I tried to post it on their forums but failed. I am happy and thankful for u to convey this to them.
     
  20. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Incidentally, why would you be unable to post at the official forums?
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s not totally English.
     
  22. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    aigle,

    I've got a response from the main developer regarding your suggestions. The MD5 issues (unable to globally enable and sluggish response) are being resolved. An SSM-like process monitor, Locked Mode icon and Vista support are planned for the next release. An outbound firewall (with advanced rules control) is currently under consideration and MIGHT be included in the next release.

    If you want to post on the official forums, there is a dedicated English-language forum at http://www.eqspywatch.com/bbs/thread.php?fid=26, where one of the stickied topics will show you how to register for an account and post.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I already tried there and registered but cn,t login. It doesn,t accept my password and there are some chineese words still even the login option etc. ( It says user not exists). I used Opera. Will try with IE.

    Thanks for ur effort. Can you convey them one more thing? There is no way to select more than one rule at a time to delete them. Sometimes I delete many rules and have to do it one by one that makes it difficult.

    2- Logging during lock up mode( atleast for blocked events) so that one can see what events have been blocked.

    Also is there an option for special permissions for an executable, like allowed to execute any specified child processes etc( without pop up) like in SSM?
     
  24. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I'll pass your comments regarding the forum and Locked Mode logging along.

    You can delete multiple rules in EQSecure. Just hold down Ctrl while clicking on the rules you want to delete, then click the Delete button when you're done selecting.

    As for allowing a process to execute any unclassified program, go to the relevent process rule in the Application Protect settings, then set Execute Application to Allow as shown in the screenshot (in this case, explorer.exe will be allowed to execute all programs with no prompts, unless you specifically create any exceptions for this rule using the "Add subprocess" button).

    Similarly, you can set any action to be automatically allowed for any process you want. Or, if you want EQSecure to allow ALL processes to execute programs without prompts by default, click on Protect Mode on the left side in the main window, then set Execute Application to Allow.
     

    Attached Files:

    • eq.PNG
      eq.PNG
      File size:
      13.5 KB
      Views:
      2,516
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Solcroft, thanks for all the tips.

    Please if possible just convey few more things to the developers, I will be thankful.

    1- When I get a popup and instead of replying the popup, I close EQS via tray icon, I get folowing crash message from EQS. Seems a bug.

    2- It will be nice if they change the GUI of popups to make top message on the popups( informing about the trigger event- registry access, execution or global hook etc) is more clear like it is in SSM, Neoava Guard etc.

    3- If u have allow rules for an application and u change location of this apliaction, EQSecure gives a popupon on its execution due to change in location/ path of executable. Sometimes it is annoying as there are some standalone executables/ tools on my system. I change their location off and on and get new popups each time. In my opinion there should be an option to disable the "location filter" globaly in execution rules.

    I am recently convinced that as long as an executable is trusted, it sholuld be allowed to run irrespective of its location on my system. Currently NeovaGuard latest beta does not monitor location of executables and I feel comfortable with less popups with it.

    4- On installation it should give an option to make rules automatically and put EQS in learning mode. Also via a popup, while user should be advice to reboot system once or twice with EQS in learning mode to avoid system lockup/ freeze. It will make it user friendly with less popups for new users. Advanced users can always deny such options and make their own rules/ configurations as they want.
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.