EQSecure 3.41 Settings

Hi

With Alcyons rules installed does it require any "tweaking" or can it be used as a "set it & forget it". I ask this question because there appear to be a lot of unticked rules in the ruleset?

Is the level of protection with Alcyons rules "as installed" better than Comodo Defense+ which is currently my HIPS?

Thanks

Terry

 

i use them both and i found defense+ easier to use

 

We have a new beta rules release for EQS from Alcyon [22.11.08].

http://drop.io/eqsecure

 

Too late, there's another beta ruleset

 

So there is, thanks Alcyon [definately a machine!]

[eqsecure.v3.41.winxp.rules.beta.v1.28.081123-exp.zip]

 

Mission: kill malwares, not humans

Here we go again:

eqsecure.v3.41.winxp.rules.beta.v1.29.081123-exp.zip

Fresh from the oven

 

Working like a charm Alcyon as always

EQS is never been a more excellent HIPS for PC Protection (Thanks to your rules) as well as the best darn SRP that even Microsoft can't beat, meaning no issues whatsoever.

I might not be posting for about a month but as soon as i'm able again i'll be right back in the thick of matters of course. I'm moving Up North in the COLD ZONE near the Canadian Border close to Thunder Bay, Canada. Wish me luck, will be enroute first week of December.

Looking forward to catching up on your new rules too. LoL

Stay Safe & WARM
EASTER

 

I should have been a bit more accurate: "My Mission is.... To Protect You [From Malware]".

Thanks Arnie, sorry Alcyon for the update. Giving this ruleset a spin now.

 

Alcyons ruleset can be tweaked well beyond his "default rules" as there are many entries unticked, and you can add your customised rules too. This gives a lot more control but requires more user intervention. You cannot have it both ways here. I prefer this approach rather than set and forget it.

Not sure if Comodos Defence+ would be better than Alcyons ruleset (tweaked or not) but his ruleset will definately allow for more control - [and more customisation] and hence more popup alerts than Comodo would ever do. I havent fired up Comodo for for many months now so cannot be completely sure however. Maybe someone who is using Comodo Defense+ will chime in and confirm it. But I suspect a true classical HIPS like EQS/SSM/MD etc will give tighter control with a good ruleset - default or customised than Comodo, but Comodo as a result is easier to use.

 

The dedicated windows xp beta ruleset i'm offering, in my opinion, will give you a pretty decent protection with its default enabled rules. I can't compare with Comodo D+ as I don't use it.

One thing i know for sure is that my beta rulesets are extremely better than my old v2008.10.08 one. Less popups, more protection, etc.

A final version will be released soon.

 

i am glad to see this.

 

Here's another update:

eqsecure.v3.41.winxp.rules.beta.v1.30.081125-exp

You can now leave comments too:

 

Thanks for the update, Alcyon. [You legend!]

 

Hello,

I've been trying to find Protection Mode configurations. Kees had some, but was for use in conjunction with OA.

What would be the usable locknut settings?

Are there any additional Mode names to add to this default list?

Protection type...........................................Action.........................Log
Execute Application
Load library file
Load driverv Access to physical memory
Low-level disk operation
Create remote thread
Modify memory of other processes
Terminate/suspend process
Shutdown/restart system
Terminate/suspend thread
Install global hook
Install service or driver
Log keystrokes
Modify system time
Debug at system level
Imitate a keyboard mouse

 

Here's another one for your pleasure:

eqsecure.v3.41.winxp.rules.beta.v1.32.081126-exp.zip

 

And yet another:

[eqsecure.v3.41.winxp.rules.beta.v1.32.081127-exp.zip]

Alcyons updating it so often now that he hasnt even got time to post it here. Your efforts are appreciated.

I think this is becoming some sort of Obsession.

 

eqsecure.v3.41.winxp.rules.v20081128-exp.zip

This is the final.

Enjoy,

~Alcyon~

 

Thank you for all your hard work on this project.

 

Rollin 'em out like a fine tuned assembly plant

As always: Many thanks Alcyon and more for all of your many many efforts. These rulesets are a true HIPS dream (EQS) and then throw in some of your own for the finale icing on the proverbial cake

Conclusion: MASSIVE SHIELDING!!


EASTER

 

I had to be conservative There's space for a lot more rules! Anyway, my goal is achieved and i'm pretty happy about what i've done I'll probably make an update in MANY weeks unless someone discover something that need to be fixed.

You can grab:

eqsecure.v3.41.winxp.rules.v20081129-exp

This is the red pill

 

Thanks Arnie!

 

Can anyone please post MD5/ SHA hash for EQS 3.41 installer?

Thanks

 

Is it ever O.K. for svchost.exe to modify in memory processes like explorer.exe?

Are the default Protection Modes O.K. to leave alone with Alcyons rule set installed?
I tried to track down command options coming from svchost.exe "-p 530 -s 00000AC2 -b C:". Hits are for Linux,Unix and Eclipse which is a Java IDE.
Any thoughts?

Thanks Alcyon for making the complex simpler.

 

Thanks Alcyon

If you have any idea please pass along your opinion or thoughts on this. Could it be something adjustable in the rulesets or is it something in EQS itself the way it handles alerts in your estimation that causes on executable launch alerts to always have to click TWICE to establish completion of either a run or block?

It's not really a issue per say, just a sometimes annoying extra stroke of the pointer to make it finally register my chosen command. I would love to click a single time instead of the alert box returning after the first command only to finally accept after the second press. This happens even when ticking a checkmark to make a rule under "additional options" at the "target" file.

As always your rules are Da Bomb!! As you mentioned times before, theres always even more rules to discover in this beauty of a solid strong HIPS!

EASTER

 

About svchost and explorer, yes, it's normal. What's not is the opposite. I'd say, you're good with the default settings but could be even better with few others rules. Study them or add your own

This problem, if really there is one, is related to EQS. It's not the ruleset. Same thing with MD aswell i think. Sometimes, you get same popups twice. I really doubt i could do something about it with additional rules. Praying the gods will not help too