EQSecure Questions/Help

Discussion in 'other anti-malware software' started by n8chavez, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I wasn't sure what thread this belonged in; the 3.3 thread or the 3.21 changes thread, so I just made a new one. Now that NeoavaGuard's production has been suspended, do you think it is adequate enough to use given that it is a beta. Or, should I use something else?
    I was looking at EQSecure. I like the NG interface better, it is cleaner and not nearly as complicated. Bit there is no possibility with EQSecure. It seems to be a lot more powerful. I think I must have done something wrong when I tested ur because I was getting multiple dll prompts (60+) for every app.

    I was not able to get this rulset to work. But I have used this one. Any help would be appreciated.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    NG is easier to set up and should give enough protection. Main adavantage of EQS will be its file protection but it,s not easy to make trouble free rules for it.
    Also EQS is much more chatty. Whiuch verion of EQS you have used, latest is 3.41. I will not suggest to use some other person,s rules. Make ur own.

    Which type of alert u get so often? Can u post a screenshot of it?
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I actualy really like EQSecure. It seems to be the only HIPS I've tried, with the right ruleset that can protect services. I have tried using this rulset. I have gotten the dll popups I mentioned to stop, by using the above set minus the 'auto group' rules.
    I am using the latest version of EQSecure. I understand what you're saying about the custom ruleset, but that seems too hard and way too complicated. I think it would be best for me to use a precompiled set.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    This rule set doesn,t work on my system.

    - Which version of EQS you r using?

    - Have u allowed "load library file" globally?
     

    Attached Files:

  5. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I answered that already. I'm using 3.41.

    I have changed that seeing to 'prompt and block.'

    But I am having trouble with a rule that will allow my system to go into standby mode. I put EQSecure on learning mode then went into standby mode, everything went fine. Then I returned EQSecure to normail and tried again and it didn't work; my monitor turned off but not my system.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Then u should only blame urself for the popups.:D Pls change it to allow with no logging.
    Ur file protection rules are the probable cause. U can confirm it in this way. Turn off file protection but keep Application and Reg protect enabled, now try to go in Standby and Hibernation mode. Does it work OK now?
     
  7. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Nice try, but I changed that option after all my program had EQSecure rules. What stopped the popups was getiing rid of the 'auto group' rules.

    Yes, they are the problem. How do I correct this? What rule needs to be in place?
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    These rules are not needed. Just keep it Allow for all( it,s the defualt setting as well). I am sure u have not got all the rules for loading library files and it might cause troubles later.
    Couldn,t understand what u mean?

    Try putting this rule on top of all file protection rules. Make sure there is no block rule for hiberfil.sys.
     

    Attached Files:

  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    EQSecure "IS" a very worthy contender in the HIPS circles, so much i began to migrate my snapshots & systems to it as opposed to SSM. It's really cleverly lightweight to hold such a capacity to monitor AND block as well as Log all that it does, and yes the file protection is a HUGE bonus.

    Don't be too daunted or perplexed by it, it's only complicated untill you spend enough time to set your own custom rules and it does help to have a template to work from, thanks out to aigle for sharing his.

    It'll be interesting to see what they do with the next version of EQS which by the way should be about time again isn't it?

    This has got to be one of the tightest HIPS i've run and i thought there was nothing to match SSM, but IMO it's exceeded SSM in many ways and is why i don't have a problem transitioning over to it exclusively now.

    Rarely does a freeware app trump it's commercial competitors in certain arenas but even with EQS's complexity i think you'll be very pleased with the results. It's highly configurable as you already found out.

    All The Best.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    N8chavez,

    It is a long time ago I wrote these rules and I have not been using EQS any more on our home PC's.

    Try looking for a ruleset which includes the C:\*.sys entry in the global rule set. When it is part of a set of values, remove it and create a new rule with option prompt + allow for create write and delete (just for the time being).

    Save and try to go into hibernation. And allow the proces writing the C:\hiberfile.sys.

    Check afterwards whether there is a rule for the process allowed in the Application rules tab. Change prompt + allow into allow. Next go the global rules and enter an allow (all) for C:\hiberfile.sys and change the C:\*.sys in the value you like.

    Hope this helps.

    Backup tip (plan B when that failes). The file protection mechanism I had set together is a bit paranoid. The set described under the TF post https://www.wilderssecurity.com/showpost.php?p=1101838&postcount=46
    is sufficient for file protection. So you could also consider changing the file protection of EQS to just the ones mentioned in this post.

    Just enter these values in the global rules with prompt + block as protecting option. When you use EQS in silent mode it will use the block. This prompt + block is easier for trouble shooting.

    I am not using EQS, not because it did fail in some way, but because a behavioral blocker behind a policy sandbox made more sense. Policy sandbox prtection is directed to keeps things stable (like a classical HIPS), when installing a new program you open defenses. In this situation an intelligent behavior blocker gives more protection, so my overall protection increased by replacing a less rigid protective program (like TF) with a very strong protector (liek EQS). What Ilya says is true: programs like DefenseWall/GesWall Pro will protect you from 95% of the risk your AV does not tackle.


    Also after years of saying GW and DW are more or less equal, I must say that DW is the better program, because it never caused problems. With GW I had to make specific setup changes (allowing music files to start playing by clicking them in explorer, allowing printing from untrusted programs (spool was virtualised), once we lost licenses of paid music (= falls positive on the sanbox protection. DW never gave any problems).
    Regards Kees
     
  11. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    Where can I find aigle's ruleset then. If that is a "better" base set then I should use that. Also, this is one major thing that Neoava Guard has over EQS, is there a way to make the default action 'block'? That way it would take a lot less time to configure the rules for each application.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I PMed you.
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Not sure u are talking of NG or EQS here?
    Both have this function though not full in case of NG.
     
  14. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, EASTER

    In reply to your request posted on DeepFreeze's thread RE EQsecure:

    I checked its web site:
    There is no indication when the newer version will be released, no trace of any activity at all. The mostly recent one is 3.41 released on 2007.09.26

    There is an English Forum on its web site; after the main page opened, look at the far right TAB or use this link. http://www.eqsecure.com/bbs/ . then you will find it. Good luck.
     
  15. idle.newbie

    idle.newbie Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    10
    Bug fixes, vista support, some sandbox and more features...
    He's forum ID = 流氓兔, very active in bug report in his forum.
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    I suppose theres no benefit or interest for EQsecurity to open an English forum with either Europian or States servers to discuss their program. Their forum is plain lousy in that their server is slow as last years molasses just getting to the one little English Forum. :(

    Not only that but theres not even any posts for November there yet that i could find. Looks like they are content to let things lay with that last version they released regardless of the attention it's received by other countries who find it a really worthy HIPS in a lot of ways.

    So looks like it's stuck in the mud as-is and without an real english forum/english servers, theres little to be found out or discussed with it's developers/supporters from it's originating country.

    This reminds me of yet another Chinese tease session just like with Power Shadow
    They produce a few pretty good reliable programs only to allow them to remain in oblivion and turn a blind eye to the rest of the world who might would take great interest in them to their credit & reputation.
     
  17. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    If you really have as many things to discuss about the latest version as you claim, why not actually make a post there first BEFORE moaning and groaning that they're not paying you any attention?
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    solcroft. You don't seem to understand when theres a real problem with Chinese servers, everyone in most countries experience it every single day and most eventually just give up and dismiss them.

    As far as making a post, that could take better than an hour. The website progress bar just goes round and around and you get that "Install Chinese Language Pack" prompt every refresh.

    Listen, it's no big deal to me, EQSecure is perfectly fine just as it is if that's all it's ever going to be released. And theres no moaning or groaning, it's simply a fact that if ANY product's developers/supporters make at least some kind of effort to accommadate other languages, or extend an english ONLY forum, who is going to benefit the most? It's creators of course, as well as attract & draw an equally loyal audience as well as a marketing following at some point.

    It's a shame but Power Shadow falls in that same category as IceSword. I do realize though due to their national/government contraints it's probably not possible for them to make such provisions on a global scale or else it would already been done some time ago.
     
  19. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I don't know, the reason for that might be the same one as for the FPs you get with ThreatFire on explorer.exe and Notepad - inexplicable, irreproduceable maladies that only you seem to suffer from.

    I wonder if anyone will volunteer about their experiences with taking "better than an hour" to post on the EQSecure forum.
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Sorry that i don't care to cater in some engagement of useless arguement of non-effect & interest. I'm merely stating a fact and it's certainly never been limited to EQSecure's forums. I've run into the same snail-pace loadings with strickly Chinese sites time and again so theres really no sense in making waves because their servers ARE restrained either by bandwidth restrictions or else the language barrier prevents equal opportunity to access.

    Russina sites are of a very different dialect too but they seem to load just as well as english sites.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I tried my best and was never able to post- from Saudi Arabia. I gave up in the end. I still have forum ID but it,s useless.
     
  22. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Well no matter any chance of getting anything on the forums let alone discussions, i just hold out some hope that they ramp EQS up a bit more yet with another next version because they are pretty darn close to drawing a tight ship with this invention and it would be a shame to see yet another useful security app stall out right in the middle of building it up to something no one would want to be without, if HIPS is your cup-a-tea.

    Right now i've teamed up OnlineArmor (free) with the latest EQS and am reasonably satisfied with the results so far.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Can anyone post MD5 value of EQSecure v 3.41.

    Thanks
     
  24. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    EQSysSecureSetup.exe 3.41 md5 :78262C3A5DE83588940D1C6A752207DC
    EQSysSecure 3.41 md5 :88999A34D1BF86E8B45713F57E03EB25
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks Meriadoc! much appreciated.
     
Loading...
Thread Status:
Not open for further replies.