EQSecure 3.41

Discussion in 'other anti-malware software' started by TerryWood, Jul 11, 2008.

Thread Status:
Not open for further replies.
  1. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi All

    I am using Sandboxie configured to allow only the browser using process groups.

    Returnil Free, Comodo Defence+, Avast home, Keyscrambler plus two on demand Malware scanners MBAM & SAS

    I have read increasingly favourable reports about EQSecure plus Alcyons ruleset. I have played with EQSecure and it does seem to be reasonably intuitive, whereas with Comodo PF and Defence+ I just do not seem to be able to get to grips with it.

    Questions

    1) Would using EQSecure plus Alcyons ruleset allow me to dispense totally with Comodo PF & Defence +?

    2) Does EQSecure offer any defence against keyloggers. (Sandboxie in my set up does)

    3) When I imported Alcyons rulesets I noticed that many of the rules und each of the 3 sections are unticked. Is this as it should be?


    Thank you for your help

    Terry
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I'm probably not your everyday installation guru of all he latest apps but to answer #1 i did like it alright at first, but it wasn't nearly enough to supercede EQS Superior Protections/Alerts applying Alcyon's RuleSets which greatly enhance EQS's intervention abilities.

    As to #2, it's been reported some failures in the AKLT keylog test but then again i use 4.0 beta NOT 3.41 with the 112 driver. I think (i'll have to recheck) that 3.41's driver weighs in at 111 if i'm not mistaken, and that could be the difference for some, because my EQS version blocks ALL the AKLT tests with the slight exceptions of screenshot #2, screenshot #1 is easily manually blocked with this version. I've repeated this test numerous times with AKLT 3.0 and each time returned positive results w/Alcyon's Rules.

    On #3 i'm unclear what exactly is unchecked for you. Given some time and a little effort you can make the absolute most use of excellent protections with EQS using (Alycon's Rules) and add the Folder Guard he posted someplace, i can't find it right now, but that Folder Rule is the king of the crop for me since it can be used to thwart new folder creation for any directory.

    Hope this shed a little light on some of your concerns with EQS. I started with SSM and when EQS stepped in on the scene i transitioned over to it and immediately began realizing benefits from "LITE" energy use to formidable file protections and about everything else in-between including blocking/alerting to Device\Physical Memory which was added later, probably at the same time they made some provision against the AKLT test.

    I would love to see this 4.0 go final even in the face of Magic Shield just to get some closure here for everyone who turned to EQS at the start and really took to it with confidence like myself.

    Alcyon just added icing on the cake when he introduced his rulesets.

    EASTER
     
  3. Thiggy

    Thiggy Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    82
    I believe this is by default as the settings would be extremely restrictive if the rules were all checked. Unchecked rules were created and made available if you wish to use them.
     
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Yes I believe Alcyon has said many times that his rules are better not be taken literally, but are intended to be more of a template which you should set for your own system.
     
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I double checked today. The original or first EQS carried a driver of 75Kb. The next release i found was 111Kb, and finally the 4.0 Beta driver named EQSysSecure.sys is 112. The one with the new sandbox feature included.

    This is the one AKLT keylog tests fail ALL 7 in a roll real easy. Even the first screenshot is blocked but the second apparently is made but you can manually deny it, but then again it should IMO be blocked also.

    Haven't located a way to completely stop it yet.

    Hope that helps.
     
Thread Status:
Not open for further replies.