EQSecure 3.41 Settings

Hi Aigle,

Using the freeware program Hash My Files the MD5/SHA hashes for EQSysSecureSetup.exe are shown in the screenshot.

 

Hi Rickster100, thanks a lot.

 

AWESOME!

Glad you found the match up equal!

EASTER

EQS THRILLED!!!

 

I know it's probably a false positive, but here it is.

1.29 and 1.32, File protections-Global Rules.xml, both are detected by Dr. Web as Macro Script batch virus. Verified at Virus Total, a 1/37 detection.

 

Yes this is a VERY dangerous xml, especially when coupled with EQSecure

 

Thank you for your work much apreciated. I have been using your rules since I came across this thread but now I cannot access your webpage. Looks like my Ip is banned, I don't know why, because I can get to it through a proxy.

That said can you post MD5 hash of your final rules thank you

 

@cooljoe, it must be your ISP. Everything is normal on my side.
No problems for the MD5, I'll post it with the next release.

 

Anytime you finish with your next set of marvellous EQS rules, we'll be anxiously waiting to hear from you again.

I have to say in all honesty that any and all of us EQS supporters/user owe you ALCYON a huge round of applause and many warm thanks for taking your time & the generosity to see to it that this app doesn't end up like so many other abandoned programs where the developers just tease us for awhile snd don't even offer their craft commercially attainable, but leave users who relied on them ignored.

On the contrary, on behalf of us and your own satisfaction with the power and protection of EQS, you've been every bit of a Champion throughout all of this and have greatly helped your fellow users/followers by your kind and may i say ACCURATE generosity in taking up this torch and running with it with Brilliant results.


EASTER

 

easter do you have a link to get processguard 3.5,i only have the 3.4 version and i can not find the latest

 

Let me check and i be sure to get back to you as when i can since i'm on another different system this next week. I will say this, 3.5 is a pressure cooker, ya gotta luv the way that app buddys up with EQS.

 

thats cool and impresive thanks easter i will wait and thanks

 

For all you hash junkies out there, here are the hash details for Alcyons latest ruleset.

 

I think i collected them all, even the beta's he asked us to try and relay back to him if anything extra was needed or if all was working well.

Trouble is, in all this excitement i have them scattered in all sorts of systems (HD's), so i'm gonna have to try to categorize them in some order whenever i can get time to.

These rules are AMAZING! You can be imaginative and choose one set or any number of others as well as add to them. Truly Amazing and extraordinary technical effort i seen with careful attention to detail i seen for rules in any app of this type. Very detailed work indeed.

I wonder if it's been an easy task

 

New EQSecure Rules Update; 7th December 2008. Thank you once again Alcyon for your dedication in getting these rulesets as close to perfection as possible.

eqsecure.v3.41.winxp.rules.v20081207-exp

http://drop.io/eqsecure

 

Now that i'm not working on Malware Defender rules anymore, let's concentrate on an even better EQS ruleset. Suggestions are welcome. Don't be shy
What would you like to see added, removed or modified ? Plenty of things can be done.

 

Keep those programming tools good & WARM

I'm looking at some other demographic areas to apply even better POSITIVE COVERAGE to for your upcoming new rules.

 

Hi Alcyon,

I had a hit with Prevx Edge for a possible MBR rootkit.

I have a large drive and had some unallocated space I decided to format. It was during the end of this procedure that Prevx Edge alerted. I know that MBRrootkit likes to drop stuff at the end of a drive.

The EQSecure alert at the same time was about "\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{CLSID}\Shell\Autoplay\DropTarget" but there is no entry in the logs for this alert.

What would stop EQSecure from logging the action?

P.S.
I know you don't work for EQS but if you have any thoughts on this it would be helpful.
They should make you their US rep.

 

In the global rules of registry protection settings, expand "MountPoints2" and enable logging for "*\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\*"
. Logging for this event isn't enabled by default.

 

I see said the blind man.

Thank you Alcyon.

I was in S.O.S mode. Stuck on Stupid.

 

You were in Alert mode. Not the same thing

 

BRIDGE TO SOMEWHERE

 

Here's another little rule for Macromedia Flash Cookies:

Code:

<EQSysSecureDat Version="2">
    <Rule Type="WatchApp">
        <Rule Data0="*" Type="1" />
        <Rule SubType="65535" IncludeSub="1" Action="65535" Log="65279" Ask="65279" Data0="*" Type="2" />
    </Rule>
    <Rule Type="WatchReg">
        <Rule Data0="*" Type="1" />
        <Rule SubType="7" IncludeSub="1" Action="7" Log="0" Ask="0" Data0="*" Type="2" />
    </Rule>
    <Rule Type="WatchFile">
        <Rule Data0="*" Type="1" />
        <Rule SubType="15" IncludeSub="1" Action="15" Log="0" Ask="0" Data0="*" Type="2">
            <Group Name="Macromedia Flash Cookie" ModeID="1">
                <Rule SubType="1" IncludeSub="0" Action="14" Log="1" Ask="13" ExcludeDirectory="0" Enabled="0" MD5Check="0" MD5Value="" Desc="" Data0="%SystemDrive%\Documents and Settings\*\Application Data\Macromedia\Flash Player\#SharedObjects\*\*.*" />
                <Rule SubType="1" IncludeSub="0" Action="14" Log="1" Ask="13" ExcludeDirectory="0" Enabled="0" MD5Check="0" MD5Value="" Desc="" Data0="%SystemDrive%\Documents and Settings\*\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#*.*" />
            </Group>
        </Rule>
    </Rule>
</EQSysSecureDat>

You need to copy/paste the code inside a text editor, save it as an xml and import it in the global rules section of file protection settings.
This is not activated by default and if you're using my ruleset, this should be placed below the 55th separator.

 

Nice one. Running flash vids right now. Talk about coincidence (TELEPATHY! )

I pull both YouTubes & swf files that land in the TIF folder and edit them as PC start up shows or just blend them into security alerts with ShelExec & autorun.inf

This should ward off those flash cookies

THANKS AGAIN ALCYON

EASTER

 

QUESTION:

Anyone hold to an opinion of starting EQS in the BOOT sequence as opposed to SYSTEM to get an early jump on matters in case. It appears simple enough, i'll experiment with this a bit myself and see if it's stable and safe to use at that system level.

EASTER

 

and another question from me was thinking of giving EQS a spin on Vista..are those rules in your sig link effective for vista as well dear Alcyon?