EQSecure 3.41 Settings

Discussion in 'other anti-malware software' started by EASTER, Dec 8, 2007.

Thread Status:
Not open for further replies.
  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Greets.

    I been experimenting with a virtual floppy drive app and other artificial drive device apps.

    EQS as always ALERTS to drivers/services install, but i notice something which was always present in System Safety Monitor but so far i been unable to get EQS to alert to, and that's at the moment my driver is UnLoaded and/or Stopped. I tried adding Services to the EQS rule settings in both application AND registry list but it still does not respond when UnLoading and/or Stopping the driver.

    Am i just missing the proper entry needed or is this inherent in EQS to not bother on Driver/Services stopping or unloading?

    Working ATM to add *.sys to EQS File Associations watch list where at least when it's stopped or uninstalled, EQS should show an alert as "Deleted".

    For anyone who can be of some insight to this, thanks.

    EASTER
     
  2. R8y

    R8y Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    33
    Location:
    South Africa
    It seems like it only monitors the loading of driver and installation of drivers, not unloading.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I understand R8y, thanks. It would be a welcome addition to an updated version. I always relied on this with System Safety Monitor because it's useful knowledge to track & verify the moment any driver is stopped/removed IMHO.
     
  4. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    I've been trying EQSecure 3.41 during the Holiday and I would say that generally I like it. It plays nicely with all my applications. Nice GUI and easily configurable

    My only concern is the development and the future of this Software. Anyone has a idea about this?

    Thanks.
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    3.45 is currently in internal testing for privileged members only, and will include a sandbox feature similar to Sandboxie.
     
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thanks Solcroft, this seems good news, and the Sandbox is a good idea.:) (Using now ShadowDefender)

    Any idea when 3.45 it could be released?
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The usual: when it's ready. Software development cycles aren't really all that different in China, and developers refrain from giving release dates for the same typical reasons.
     
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Will it have Vista support?
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Where can I get an English version of EQSecure 3.41 without getting a website full of question marks ?
    I didn't try this one yet and I'm still looking for a software that stops the execution of malware or isn't that the job of EQSecure ?
     
  10. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    MikeNAS,
    Thanks, I got it and stored everything, so I don't need to ask it again. :)
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well EQSecure survived :
    - Anti-Executable and
    - the industrial frozen snapshot technology and
    - reboot
    which is a good omen.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Do I have to configure EQSecure or is installing enough to get a decent protection ?
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It's a classical HIPS, so it isn't "user-friendly"
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I noticed LOL. Not really my type of security.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Very interesting, so is this sandbox going to use virtualization? And will it only be for restricting tools, or will we be able to install tools "sandboxed"?
     
    Last edited: Jan 5, 2008
  17. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Erik

    I been indirectly throwing hints of EQS your way in the same manner you pushed so hard over FD-ISR.

    ANSWER: Configure, configure, then configure again. It's great out-of-the -box but you can make it virtually impenetrable by configuring the 3 settings, REGISTRY, FILES, PROGRAMS.

    Take especially note of the default settings configs. Then ADD to your heart's content and those rules stick better then crazy glue. I got ALL scripting extensions entered and what action EQS is to use. This is one MIGHTY (HIPS) IMO!
    Just follow along with it's progression when alert boxes raise, make your selective choices, and it will program your decisions for you, giving YOU complete control without annoying reputations like some.

    You have a wonderful opportunity with adding this shield to your overall strategy that will strengthen your defenses better then you might expect.
     
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Is there any chance you'd like to share your cofig set with us. That way it'd be easier to see what you mean. Plus, it save us (and me) from having to do a lot of work. Of course, I'd need to cutomize that set too.
     
    Last edited: Jan 6, 2008
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    It took me weeks to settle on perfect settings and i'm not yet finished if thats any indication of how formidable this HIPS really is and the help it can be for any windows users, but as time permits, i'll try to set aside enough effort to at least show a template of sorts of what my own config is when i can.

    In the meantime, STUDY IT CLOSELY!

    Registry, Program, and Files Protection settings are it's KEY elements that allow you to set RULES! At first look, it's overwhelming, but not really as some might suggest, and you will be thankful as well as much better protected as you move along, adding in my case for one example,
    %WinDir%\*.bat
    %WinDir%\*.com
    so on and so forth and under BLOCK OPERATIONS set your block type.

    I wish i could write up a relative HELP file on this, better yet, with EQS would do that.

    But you are in good company because some other members here are really sharp in managing just the right proportion of settings to protect your PC with the only pop-ups normally being either something unlisted or listed as ALERT then BLOCK or ALERT then ALLOW, or even READ.

    This HIPS is special IMO.

    I know this is not much help and i'm sorry but i not really taken the time just yet to document or sceenshot for view something useful for a new user to work from, others are faster and better at it then i and perhaps they will post in on your behalf.

    REGISTRY PROTECTION
    Files extensions.
    You click the + sign and open that branch in the registry and there i include vbs, reg, bat, com, etc. and under BLOCK OPERATION set them all to ALERT (first) then Allow, which prevents those extensions from changing so long as the CONFIGURATION/ALERTS in the main is set to -1 which equals unlimited or permanant aborting untill, YOU, the user makes some choice be it up or down, in the meantime this gives a user all the time indefinitely to read the data/info of what file (if any) has intention to disrupt them from what they should always normally be. This is also another way how i LOCK down scripts from being infected that have no business being tampered with.
     
  20. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Thanks Easter for your input and help, it's appreciate.:)

    You're the one who give me the taste to try out EQSecure on my testing box.It's actually totally different from working with SSM and I don't feel yet very comfortable with rules creation, so your guide line will help.
     
  21. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Hello!

    I tried EQSecure 3.41 short time ago but it was bit too much to configure...well at least for me. As a whole i did like it. It was very light and you hardly noticed it. Does it offer solid protection with the default settings?
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    If those in the know have some insight to EQS 3.45 release date or even a RC, by all means i would be thankful for a sample URL.

    EQS is by far the lightest HIPS i ever experienced, plus i take a lot of interest in it's expert settings, it captures/aborts exactly what the user configures it to watch.

    This one is well worth watching for future development.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    From EQSecure Forums latest request by member.

    I for one sure hope they get something out the door again soon, it's been a long time since any updated and growing longer each week/month that passes.
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: EQSecure 3.41 Settings REGISTRY PROTECTION

    Hi

    Could not resist using EQS for file, registry protection and warning for low level disk access, physical memory access and key loggers.

    Therefore I have additional protection for XP users for the registry. These are static registry items, only for restore and program (de)installation you might get a pop-up, then this extra protection should become quiet.

    How to use.
    Download file View attachment Extra static registry protection.txt Save it with the suffix .XML instead of TXT. Import it at the Global rules of the registry protection and select this filter.

    The list is based on Toni Kleins's work, with input of ZopZop and TopperID. It covers at least the items mentioned in A2 Hijack this and PC Tools Startup Explorer.

    Regards Kees
     
    Last edited: Jan 16, 2008
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Re: EQSecure 3.41 Settings FILE PROTECTION

    I like my registry protection (in XP) to be solid, but my file protection to be focussed and minimal.

    Therefor I have a XML filter set for file protection, which protects only the essential files of XP.

    How to use. Download View attachment System File only critical files.txt
    save with XML file extention. Import this filter in the Global file protection. Next select this imported filter and unselect the default System File protection filter.

    Have fun
     
Thread Status:
Not open for further replies.