Experience EQSecure

Hi,

I have been using EQSecure V 3.3 for some time now. It is an amzing application. Only down side is that they have not thought well on their application hierarchy and inheritage. They offer so many options it is confusing. I have a tip for the developers have a look at Appdefend and use the same rules scheme setup.

Program setup flaws at the moment:

1. The default application rules are defined in SYSTEM PROTECT, protect mode.
Problems:
A) When after an "ask" or "Ask and Allow" a specific program rule is created, it inherates the default EQSecure rules in stead of the default rule set for all applications you just specified in SYSTEM PROTECT, protect mode.
Solution manually change this.
B) The program specific rule set is created in ALL APPLICATIONS in stead of in the second tab (1) APPLICATION'S RULES.
Solution cut and paste entry from the first tab to the second tab. Any parent - child relations/exceptions are also defined in this second tab.

2. Registry protect and File protect rules
In the second tab (APPLICATION'S RULES) you also have to specify general rules for this program. By doing so you allow them for the entrire registry or named file protection. You should only define a per registry or per file exception per application. This is a real problem.

Regards K

 

The beta version of 3.4 is in the works. From what the devs have leaked, there seems to be considerable rethought of this area, and some much-needed improvements to its application defense to bring it (somewhat) on par with SSM.

I've just submitted a request to the devs to let me help with the craptacular English translations. Let's see how that goes...

 

Solcroft

Thx for the info. Korb mentioned that they promised end of may as a release fate of version 3.4. Any info on the date?

Regards K

 

Likewise, thanks for the update notice. I'm still high on this HIPS and see it's potential & future is very good. This should encourage CyberHawk to get on the ball because add System Safety Monitor and these only 3 right now are my most favored HIPS/Behavioral Blockers.

 

according to their forum.v3.4 is almost done.now their are still working on some API 'mouse event' .something like that.

 

Looking forward to a really stable and feature rich release. Let's see just how much they have perfected this program.

 

I would like to see this run as a service so that it catches processes at startup.

 

solcroft: Look in the lang subfolder of the EQSecure directory. The English translation is stored there as a xml file.

 

I tell you what A_T, even if they don't i still think that it CAN be done that way and safely. I run across a program someplace not long ago, forget where exactly, and i know i have it someplace in a folder. It makes it so you can run any program as a Service.

I been studying EQSecure very very closely these past few days and watching every single prompt and the info it offers and I AM HIGHLY IMPRESSED! to say the least.

I notice on some processes of mine that it reviews, it delays by a momentary action of a second or two longer than it might otherwise take but this is good.
Most users would't notice it or even need to, but i know by heart & sight exactly how long a program should launch from the time i click it to the time it opens, and this delay i'm speaking of is when NO RULES have been applied.

SO, this clearly indicates to me EQSecure is intently focusing and examining paths, name, action, etc. COMPLETELY before raising it's information prompt.

The more i study it's coverage ability and see how well it's working the more excited i get. My kind of excitement equates with confidence BTW.

Anyone else getting these same dependable results?

 

Major improvements in this area in the soon-to-be-released new version.

This is silly. All it has to do is to match the process path with its rules database and decide whether to block it or not. By today's hardware standards, two seconds is way too long, and praising it as a thorough examination is nothing but fanboyish enthusiasm. In fact, the developers have affirmed this as a bug in the Registry Protect module and fixed it in the 3.4 beta.

 

That statement and reply borders on nothing but pure criticism on your part and frankly i find it odd you would use another members encouraging interest and results of a security program's features "silly".

No matter though because if one thing i have learned thoughout the years here is that each and everytime a very good NEW program of any type is highly spoken of, the critics are fast to try to dowse down quickly the enthusiasm for it.

Also to be clear here, 2 seconds is not very long at all when you're measuring your dial-up connection with it's dependencies. That is the only delay noticed and what i referred to. Otherwise reaction is always immediate.

 

I don't find it odd at all. What I do find odd, on the other hand, is that there are people who're surprised that their misplaced enthusiasm in praising what is clearly a bug as a feature should get pointed out by other people.

I'm simply pointing out what should be an obvious fact. Even the developers have acknowledged that this is a problem and went to work fixing it. Ethusiasm is all fine and good, but it's all too easy to cross the line into fanboyism. I'm not a critic. Far from it, to be honest. It's just a label you need to attach on me to justify your misplaced enthusiasm.

Since when did dial-up connections have anything to do with system response speed?

 

Solcroft,

Do you understand Chinese, how are getting this info?

Regards K

 

Yes, I understand Chinese. I read the official forums and another unofficial (yet nonetheless very active) fan forum on a daily basis.

 

On my system (others will differ obviously) Please take note this is common when connecting as well as disconnecting my dial-up connection: 2 seconds is relative up or down depending on what other processes are running at the time ahead of this action.

Modify The Memory Of Other Processes:
Action: ALLOW

Services and Controller app
Microsoft Corporation

Process Path:C:\windows\System32\svchost.exe
Target Process:C:\windows\Explorer.exe

I don't recall favoring any known or unknown "bugs", only offering some of my simple observations and expressing high enthusiasm from the results i experienced so far, mostly because there just so happens to be a great deal of POSITIVE potential with EQSecure as another new HIPS on the scene. So i find your criticism and references to "fanboy" an honor as well as some of the jealousy expressed. You're really addressing the wrong party for those emotions to have any real substance here. What works WORKS! and what doesn't needs brought up to the author's attention not mine.

 

All I can say is that I find it most perplexing indeed, that when other people are treating bugs in the program in a positive manner and contributing feedback to the developers, some people who fawn over the aforementioned bugs as a positive feature expect that others are, for some reason, jealous of them.

Over-enthusiasm into the realm of praising bugs as features helps no one, least of all the software that you worship. A proper attitude and correct stance when taking into account the flaws and shortcomings of the software does, and is an attitude which would be wise to adopt in place of mindless bootlicking.

 

Okay I am impressed. Next release (3.4) I hope you will take the challenge to post a introduction (it took me quite some time to figger out the current ruleset, due to the strange rules hierarchy and inheritage of the default rules).

You also said that there was a place to share EQSecure rules (brilliant to make them XML based). Are the exchanged rule sets all in chinese or are they 'translatable' with some sort of software?

I guess only five or so members of Wilders are using EQSecure, PowerShadow has a higher degree of adoption.

Thx for the info

 

solcroft? Exactly what bugs and/or issues are putting you in such a flurry of contempt? Maybe i missed something important to take note of in one of your many replies you're driving at, because i simply don't experience any serious ills from what i been able to determine so far.

So if you would be so kind as to repeat if need be EXACTLY which "bugs" you are making such a fuss over besides my personal enthusiasm i have in EQSecure right now.

Thnx

 

The custom rules are usually released by the more established members of the community, and yes, they are in Chinese. However, only the descriptions are - the filenames, regpaths etc are all in standard computer-speak English, so it should be easy enough to figure out what they do, if you keep yourself at it.

3.4 hasn't been fully translated into English yet, due to some new settings and options. If they don't finish the language xml by the official release, I'll take it upon myself to perform a rough translation, I guess

 

BTW, it's possible there lies some confusion regarding versions here so to clear this up to i'll state for the record i am using EQSecure 2007 .3.18.15

I found the first beta release compatible on another of my main units whereas the next one i did not particularly like as well due to some issues, "bugs" if you will.

 

Contempt? Merely offering a few words of advice. Of course, you're free to continue as you see fit; at the end of the day, it's none of my business, really.

 

Well you have to admit from an earlier reply, some of the statements can easily be interpreted as such when resorting to expressions such as "fanboy" or "misplaced enthusiasm" but i don't harbor any of the same in return because i been at this long enough to take some ribbing here and there. LoL

In fact it's very noble of you to bring attention to EQSecure present & temporary (we hope) limitations and that info is useful for everyone interested to learn of the one's you mentioned as well as others we might not found yet.

 

2007.5.12 EQSecure E盾 Beta3提供下载

2007.5.12 EQSecure E盾 Beta3提供下载

1:调整询问框界面,记录日志选项使用规则的设置
2:询问框增加md5
3:进程管理器结束任务支持多个同时操作,支持del键
4:询问框现在不支持键盘操作.
5:询问框能正确区分模拟或者是硬件鼠标操作
6:询问框由服务程序显示,能够拦截关机时的动作.
7:修改其它其它一些问题

http://www.eqsecure.com/download/V3.4Beta.rar

 

Right on it. Thanks Korb.