EQSecure v3.41 questions

Discussion in 'other anti-malware software' started by Alcyon, Jan 28, 2008.

Thread Status:
Not open for further replies.
  1. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    EQSecure v3.41 is a SUPERB HIPS and making file or registry protection rules is easy but making application protection rules is completely another story as there's no english documentation and, by default, there's only one rule which is for the temporary internet files. So my questions are:

    1- Is it a good idea to put rundll32.exe and svchost.exe in the global rules of "application protection settings" and if yes, what could be the best type of protection for each of those files?

    2- What other system files should I protect and what kind of protection should I apply to them?

    3- On the EQsecure forum, there's new additional rulesets http://www.eqsecure.com/bbs/read.php?tid=5634 but i don't speak Japanese or Korean so I can't register and download them. Could someone make them accessible via another link?
     
  2. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    BTW, it is chinese. not Japanese or Korean.:D
    The download link is only available for the member in that forums.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Yeah :doubt:

    And i been trying to find my way on there myself. It's almost time to release the next version i think if i read some of it right, sure would be nice if they drop us a surprise. :)

    I'm sold, lock stock and barrel on this EQS. It's just as much a delight as it can be a chore to add your rules to it. Great idea though for them to design it at all, even with some nifty imagination thrown it for extra appeal. :thumb:
     
  4. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
  5. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    @ subset - Thanks for the link but I already know pretty much how to makes file and registry protection rules and configuring this pure jewel. The only thing I don't quite master yet is the protection types like create remote thread, terminate/suspend thread plus some others and what specific windows xp system files to put in the application protection settings to be more protected.

    So nobody speak Chinese here? ;) I'd really like to have those new additional rulesets.

    This HIPS is so good that it it truely derserve it's own forum section here on Wilder Security.
     
    Last edited: Jan 29, 2008
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    mmmmh! could be a good idea, but will be difficult to convince Paul (Wilders):D :D
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Alcyon,

    Version 3.4 does not have the strange hierarchy of rules. EQS now has a straightforward rules logic. What I specially like is that triggering an ask on intrusion for instance direct disk access, sets the other intrusions to ignore. Which is great because you only create a rule for that application on that specific intrusion.

    When you look at D+ of Comodo in Clean PC mode, triggering an intrusion on one fi direct disk access, sets the others to ask, no matter what rule set you were using (e.g . limited). So D+ always falls back to custom (or factory default).

    The HIPS of EQS is ahead of D+, only area on which D+ is better in my opinion is the elevation checks of D+ on COM objects, which is broader than EQS ( = only system date). The other reassuring thing of EQS is its early startup (only equalled by Appdefend and NeoavaGuard). Because hidden code is changing the battle ground from running opertions to early log on and late log-off I really like this EQS feature.

    Regards Kees
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    If i recall, depending on which version of SSM had it default, if you happened to make a mistake or slip of the finger and click DENY/ALLOW, the ensuing next prompt would be pre-set with that previous answer which i found inconvenient, not a serious issue, just inconvenience.

    With EQS that never happens thank goodness, so is flexible in that respect, the prompt answer you apply is completely independent from repeating the same alert prompt before, so affords users yet another added convenience.
     
  9. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    does anybody know how to sort the rule lists in EQS
    and if not, is there a recommended XML editor to sort them easily?

    Cheers
     
  10. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Lots of us do.
     
Thread Status:
Not open for further replies.