Hips and ADS

As far as I know, GesWall has no special rules for ADS. It just isolates them like any other isolated files so they can,t damage the system.

Moreover recent version was supposed to make ADS visible in GW File Scanner. However I have not tried it yet whether it is implemented/ working or not.

 

I would prefere the Comodo warning.

 

That was what I intended to post, with GW there are no extra rules needed, GW protects against ADS based intrusions out of the box (=no extra rules needed to configure)

See Aigle "they" have to ask you (or Henk1959), your posts concerning GW are much clearer

 

Hmm..... thanks but really i have very little knowledge excpet for hit n trial while on the other hand it,s your own field.

 

I know many of the members here don't bat an eye at EQSecure anymore because of it's lack of official support and/or lack of interest from it's developer, but they left behind here a real solid Jewell.

EQS with an ads rule completely refuses any adding of an alternate data stream and if like me, you created one for your own research or other purposes, it's LOCKED OUT from activating anything.

Just some food for thought. This HIPS covers the gambit, left behind or not, it's exceptionally formidable and versatile in that you can AT-WILL make your own coverage rules and set them to alert or block completely in that respect. In addition, it immediately SUSPENDS any signaling to your system untill you either give it the go ahead or terminate the source offending communication to the system, effectively rendering any attempt to tap the file system, INERT!

EASTER

 

Can u post a pic of this rule?

Thanks