EQSecure 3.4 released + non-official language file

Other programs from Asia, like Filseclab, are also free. There are not that many software vendors in Asia that I can recall.

 

Not sure if this has been asked before or not, but I've just started using EQSecure and I have had no problems with it so far. The only thing that bothers me is the fact that when the pop up appears asking whether to allow or deny, directly under that it says 'Allow this operation after ...' whatever number of seconds it is. Is there any way to turn this feature off because I dont want anything getting automatic permission if for example I'm away from the desk for a moment. Thanks

 

Sure u can!

 

I am waiting for the version in which u can enable MD5 check globally. It,s the only drawback so far for this application.

 

Thanks, that was the only problem I had with this great piece of software. Thanks again

 

I am having a trouble with EQS. I feel it slows down the PC at moments. Strangely when I write on these forums or elswhere online, some times text lags behind the keys I press. I mean sometimes I write a word(s) and it,s actually written after a pause( not in real time). I don,t get this problem without EQS. I thought File protection module may be the reason and turned it off. Problem decreased but still it persists to some extent. Anyone noticed such a thing?

Thanks

 

That´s not true, otherwise I wouldn´t be using SSM, and I´m even planning to run Neoava. And IMO, it´s not only about features, but also about GUI/look and feel/ease of use, and when it comes to this, most HIPS do a bad job IMO. As you know I´m even not that happy about Neoava, but the features are quite impressive, so I guess it´s good enough.

And I agree HIPS should protect the file system, I hope to see this feature in SSM soon, and this feature must be also improved in Neoava. Btw, I´m having a bit difficulty trying to understand how this file protection can protect your system without becoming annoying, I checked out SafeSystem, and it did work correctly, but started to become a huge pain. So to stay on topic, how does this feature work in EQSecure?

 

I like the good GUI but in case of HIPS stability and feaures are much more imp than GUI. I will prefer a powerfull HIPS with a bad GUIrather than a poor HIPS with very nice GUI.

Strict rules in file protection are always a pain. I learnt it and made rules flexible. A lot of processes in OS want to read and write in many areas, if u will restrict them, u will get pain. It,s like as if there is a big crowd on a road and u wish every person to put every step according to ur wish after ur approval( that is not possibel).
To be honest I really like to have simple execution control and start up registry defence with an option to disconect user interface/ systm lock down.
If u are so paranoid, don,t use windows, go for OSX or Linux.

 

One feature that I miss in EQS is that it does not differentiate between global hooks( global hooks are common) and hooks int a specific process( that are rare). I wish they can adjust it.

I had the same complaint from SSM. NeovaGuard does differentiate between the two.

 

Nice screenshots, thanks.

At this point in time i don't have any serious complaints with the latest 3.4 EQS release since it appears to now have some additional highly specialized improvements and runs stable on my units/snapshots.
I do occasionally notice a momentary "hesitation" upon opening some apps but i'm sure thats to be expected untill you LOCK IN THE RULES.

This is a really welcome new addition to this scene if you're a big supporter of HIPS like so many are now.

Sandboxie FINALLY works for this XP Pro too and that is made for an enormous boost in confidence on this end since it's in tandem with EQSecure 3.4

 

U need to disable autoverify MS digital signatures to avoid slow down of applications start for the first time.

 

Thats always the very "FIRST" thing i do in any app that tends to spawn an "outgoing connection attempt" unless it's a database update or registration verification.

The hesitation is really no more different then was with SSM and it's not disturbing at all, just wish there was a way to put some "snap" into the Alpha-Fade affect info box prompt, thats all.

 

Can anyone help me to make a rule? I want to allow update.exe to create/ delete avewin32.dll anywhere on my HD or C partition. I tried following rules but failed. I still get pop up!
Any help pls?'
Thanks

 

When i go to the site

http://secunia.com/software_inspector/

IE launches ( Java) jusched.exe but EQS gives no warning about it. I checked EQS and there are even no rules for jusched.exe? Seems a miss by EQS!

Can anyone confirm this?

Thanks

 

May be I found an irritating bug in EQS. Suppose u set MD5 check for an application X.EXE and then this application is updated. Now when u launch x.exe, EQS will give u warning about MD5 change. U make a rule always allow( rememer this) but EQs will not remember the rule. It will will give u always a popup( about changed MD5) on execution of x.exe, no matter how many times u make the rule via pop up. The only way is to turn off EQS and then turn on again, this way the newely made rule will be rememebered and there will be no more popup again.

Not sure if it,s a security measure or a bug?

 

I can't confirm, but it's not a big issue to me. Just switch it off as I did.
Best,

Gerard

 

I think it might be a security feature.

 

Seems I missed something. It,s java update checker that is loaded on start up in my system. I removed it,s autorun.
SSM has a nice feature that it has a process monitor that tell u if there are processing running without rules set or with changed MD5. It,s on to-do list for EQS though.

 

Interesting read that MD5 check is not reliable.

https://www.wilderssecurity.com/showpost.php?p=1052531&postcount=29
http://www.mscs.dal.ca/~selinger/md5collision/

So I wish if somebody can suggest EQSecure people to replace it with SHA1 hash. Anyone please.( I have tried so many times to post on their forums but no way).

Thanks

 

Well, SHA-1 has some flaws too
TrueCrypt docs

MD-5 is fast to compute.

 

But still more secure than MD5 as I understand.

 

Right

 

Anyone discover any new entries or ideas to add to EQSecure's configs which can help seal off other avenues of possible forced intrusions?

I have a question for the board.

With SSM (Full) the SSDT Table is fully listed with Safemon.sys on hundreds of hooks, whereas EQSecure on examination with both RKUnhooker (Latest) & IceSword (Latest) EQ only seems to set up on a much smaller group with their hooks.

Wouldn't that possibly lead to many other default ntoskrnel.exe entries open to malicious hooking overtaking those spots?

Curious to learn how these "hook" differences make one HIPS better suited for detection than the other.

Thanks Ya

 

Sorry for double post but like to *Bump this to attract some kind of response to these concerns.

Thnx

 

Just dumped SSM for EQSecure 3.4

In 2 words: very impressive.

Can someone quickly tell me what the Locked Mode is made for?
Thanks.