HIPS Software for Windows 7 x64, that's easy to use? TIA

Hey guys,

What HIPS software can I run on Windows 7 (x64/64-bit) that's relatively easy to use? By easy to use, I mean either minimal amount of prompts, some kind of set it up and forget it type system, or the ability to use keyboard shortcuts to authorize programs.

Thanks!

 

Comodo Internet Security has a huge whitelist, which makes it easier to use. It's more than a HIPS though (you can opt-out of other components).

Behaviour blockers such as Threatfire and Mamutu have less prompts than a HIPS.

 

My vote goes for comodo also
Have been using it for years with no problems
Try comodo forums for approprate settings for you

 

Why do you want intrusion prevention software?

 

By your description if I understand correctly you want an anti-malware application which is non-scanner based and easy to use.In that case, these are the applications that fits your bill-

Online Armor Paid/free-Classical HIPS, very quite and easy to use if you install it on a clean system and "trust all" when installing it.

AppGuard-Although not classically a HIPS application, this may be the most effective and easiest to use app on a 64 bit platform, pretty much set and forget kind of app and it is a lifetime license for $24.95 for three computers with a single purchase.

Sandboxie-Strictly a Sandbox application but very easy to use once you set it up.Although in theory it is considered somewhat weaker on a x64 platform, there has never been any reports of any real world malware actually bypassing it.It also is a lifetime license plus you can install it on any number of computers you personally own.

 

I'd suggest AppGuard as well. It's as effective as a HIPS and runs well on x64 machines.

 

one of the easy to use HIPS in 64bit is SpyShelter
On every pop up you can always choose read the details of the process,
So we can get a greater understanding of what happened

But if u want a minimal pop up, u can always try Behaviour Blocker like Mamutu
It'll also get the job done

 

Agree Comodo. Defense + set to safe and Sandbox turned on works great.

 

first of all, there is no such thing as an easy to use classical HIPS, even if it has minimal prompts, ull eventually run into something that u dont know how to answer since all HIPS are somewhat cryptic ad whitelists will never be complete

having said that, i think Zemana would normally be the closest thing to fit the bill, but since ur on x64 where Zemana has limited functionality, perhaps something like Appguard which has minimal user interaction (long as ur not the type to frequently install/change thing on ur system, etc.) or if u really want something more traditional, Mamutu might be the closest thing to what ur looking for.

 

I find that if you set Defense+ to SAFE mode and uncheck some options like cloud scanning, and sandbox, you have a great stand-alone hips product that is easy to use. Although I would say it is most certainly not for the casual user who doesn't know how to respond to an alert... learned that with my Grandmother

 

If you want to easiest then I recommend WinPatrol, but it is not complete HIPS solution but most people don't need a complete solution. If you don't need a firewall then there is no need to use a product like Comodo, Online Armor, etc. because they are not easy to configure for basic users. Most members here who recommend Comodo, Online Armor, etc. are advanced users who seem to have the extra time to deal with configuration, broken Windows Updates, system errors and lockups, programs not installing correctly, etc.
In my opinion full HIPS programs are an overkill.

WinPatrol might not offer the best HIPS protection, but it doesn't cause problems like most of the others do.

Thanks.

 

Been using Comodo for 2 years now. If you dont need the firewall disable it no worries about configuring it. As far as Defense+ (HIPS) if you run it on Safe Mode there shouldnt be any problems. There is a whitelist of digitally signed programs that it will allow to run without any prompt. Most things you download from websites like download.com etc will install without any peep. And even if it does prompt you when you install something just click Allow and check remember my answer. Plus Comodo is free. I personally have never had broken Windows Updates, system errors and lockups, programs not installing correctly with Comodo since I have been using it

So disable firewall. Enable Defense+ to Safe Mode. Click allow if prompted when installing a new good program and your good.

 

I agree with the recommendations for AppGuard. Similar to DefenseWall and GeSWall, it uses policy restriction. It's much quieter than than a classical HIPS and requires minimal user interaction.

 

Appguard

 

I think SpyShelter Premium is a good choice...it has silent HIPS and two latest version introduced important changes which gave even greater comfort for users.
ver. 5.10
- added custom signers list feature
ver. 5.11
- decreased number of false alerts: huge internal signers database update - added over 9400 new positions (previously ~300)
- signatures processing function rewritten and strongly optimized
- added import export function for Trusted signers list
http://spyshelter.com/change_log.html

 

I am running 7 x64 and have tried all the mentioned programs. Just speaking for myself, the easiest to use is Sandboxie, along with safe computing habits and a system image. At the moment I'm also running WinPatrol and Prevx just for my own comfort level (nothing has gotten by Sandboxie in more than a year of use), but they are switched out frequently for programs like Mamutu or Privatefirewall.

 

I think Comodo Premium x64 is not bad choice.

 

i honestly wonder if people are just recommending what they like/use or if they really try to objectively see what has minimal user interaction and will not confuse the user when prompted...

 

Most often it's what they like and use. If you truly wanted to answer the original question, and, probably quite safely, assume the user has no experience with such apps, then the answer would be to not use HIPS period. Comodo is not easy to pick up right off the bat. It talks, a lot. When it does talk, it's almost always in tech jargon. It's a HIPS, it's supposed to be that way. We may never see a truly "dumbed down" HIPS. My suggestion, go with Sandboxie, even the free version, and keep it at default settings. The only thing you really should change, imho, is telling it to dump the contents of the sandbox once a browser is closed. If there is anything in the box, like files/bookmarks that it thinks you might want to keep, it will ask you to recover them. It's safe, it's dumbed down (in default mode), and there won't be a pop-up in sight to answer wrong and have your system croak or let malware and other nasties through.

 

well there are diff kinds of HIPS with varying degrees of diffculty of use, but i just dont undertsand why people suggest the classical variety of HIPS after looking at the OP's question

 

By what you request, the only option I see would fit it is AVG Identity Protection, which is a smart behavior blocker. It will monitor processes and if it spots known malicious patterns, then it will act.

Unfortunately, AVG killed it as a stand alone application. Now you can get it bundled with their free AV.

 

Thanks to those mentioning AppGuard.

I thought I'd offer one point that is useful on some occasions where "power users" are involved. Some such users, even though averse to question prompts, desire to know what's happening in fairly significant detail. I also refer to these knowledgeable folk as 'command and control' users. AppGuard is not designed to thrill such users, even with 'verbose notifications mode' enabled. I generally regard non-malware blocking event notifications as incentive to further refine AppGuard. We have more work to do, though I am encouraged by our progress.

Cheers

Eirik

 

Most of the non-malware blocking event notifications I'm seeing are in relation to MemoryGuard. If I've understood it correctly, this is one area where the Trusted Publisher feature is going to help in a future release of AppGuard.