Firewall with Execution Protection

PLZ give me the names of firewall with execution protection.

 

Private firewall
Online Armour
Comodo Firewall
Webroot

 

thanks.
Any other products??
what about Outpost?

 

Yes, it also has execution protection.

 

Sunbelt Firewall 4.6.1861.0
http://www.sunbeltsoftware.com/home-home-office/sunbelt-personal-firewall/
they call it "Application launch control"

 

Thanks SPF paid version has HIPS. going to try it.

 

Only Application launch control is working correctly. No HIPS

 

FWIW Application Launch Control is available in the free version. So no full HIPS but it can be an anti-executable. Looks pretty cool actually.

Edit: It is pretty cool. A bit chattier with the execution control than Outpost Free or Pf, and annoyingly the GUI doesn't let you build a whitelist manually, but it's still pretty good.

 

Few Sunbelt fw behavior pictures

 

the 4 pictures, above, for some reason go sideways.
No idea how to fix it. Sorry.

 

Hmm. Maybe turning off the third behavior option (ask when one app launches another) would make it less chatty. After all we're mostly concerned about *new* applications (malware) getting launched, at least as far as security goes, and non security related stuff can be handled with the main GUI instead of popup windows. So I think that'd be fairly safe... I *think*.

 

Perhaps.
For me it's important to know that some trojan application is about to start running the browser or email client behind my back
90% of the time the FW is totally quiet once things are setup for the first time. At least for me.

One thing not shown in my pictures so might be not clear. If you permit Windows explorer, for instance, to start other applications, it does NOT mean that any and every app is allowed. Each instance of explorer starting an application will get a question from the firewall.

 

Ah... Yeah, my feeling is that it's preferable to prevent malware from installing in the first place.

I can see where it would be handy to have more than just execution control though, a normal HIPS would in theory raise holy hell when you're infected. Though actually, if the infection is modifying any executable files, Sunbelt FW should also be complaining a bit.

Then again, malware can be pretty good at tampering with HIPS software once it's established. I did a bit of experimentation a few days ago with Elite Keylogger and Privatefirewall... Pf did intercept the installation (without execution control enabled, mind). However, once the malware was installed Pf was powerless to stop it; clicking "deny" on firewall popups regarding the transmissions home failed to prevent those transmissions, and attempting to edit app permissions of the specific files involved, via the main GUI, failed to bring up the permission editing window (!). It appeared that the HIPS was pretty thoroughly owned.

Edit: well damn, it looks like I found out something new about Elite Keylogger - it's supposed to be just what it says (and therefore malicious by nature), but it does in fact seem to transmit stuff to some weird IP addresses. I'm going to have to look into this more at some point.