List of FW/HIPS with default deny modes?

Discussion in 'other firewalls' started by Gullible Jones, Jul 7, 2012.

Thread Status:
Not open for further replies.
  1. Since discovering the virtues of learning mode in various HIPS, I've come to appreciate the capabilities of such software a bit more. However, even with learning mode, HIPS often strike me as having a serious flaw... They rely too much on user input. Click the wrong button -> bam, infected.

    So, what HIPS software out there can be configured to ignore user input?

    i.e.

    Normal behavior: You're browsing somewhere in Firefox, and something tries to hijack your browser to run an evil payload. The HIPS asks if you want to proceed, and you click "Yes" without thinking. Much wailing and gnashing of teeth follows.

    Default deny: Something tries to run an evil payload through your browser, and the HIPS immediately denies it, then gives you a popup notification about the denial. This way, the only way you could get infected is if you went to the hostile site while in learning mode.

    ---

    Failing that... What HIPS incur some sort of delay when allowing an event? e.g.
    - Requiring the user to click through an extra popup
    - Having a countdown before the event can be allowed
    - Requiring a selection from a drop-down menu, or a check box to be clicked
    - Making the "Allow" button smaller and less visible than the "Deny" one

    I know this sounds simple and probably stupid, but I suspect it's A Good Thing.
     
  2. a256886572008

    a256886572008 Registered Member

    Joined:
    Oct 26, 2007
    Posts:
    103
    comodo with the configuration enabled,

    internet security
     
  3. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    Malware Defender has a "Silent Mode" that will disable all prompting.
     
  4. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    From the Comodo site fwiw...you'd need to research further to see if it meets your needs:


    Also, PrivateFirewall requires (in manual mode / no auto-response) that you respond to and approve any pop-ups. If you don't respond to an alert, it's denied via policy.
     
    Last edited: Jul 9, 2012
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    AppGuard Just Install and set in lock down mode thats it,no learning Apps,No user decisions to be made,Excutables are Denied.
     
  6. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    In line with that...NoVirusThanks Exe Radar Free (or Pro) should be able to take care of the default deny aspect of keeping a process from running without your explicit say so.

    I tested the free version and it's a very small (meg or two) install and has some nice features and options and is very user friendly.

    Of course you'd have to have you firewall as a separate app.

    (If the payload is coming via the browser I prefer to just stop it dead with Sandboxie with its auto-delete function upon closing the browser.)
     
  7. Thanks... Though Appguard and ExeRadar are "just" executable blockers, no? i.e. they won't stop a friendly process from being hijacked for malicious purposes? Or do they incorporate mechanisms to help reduce the risk of that?
     
  8. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    I'd check with kjdemuth on the capabilities of Exe Radar Pro since he's been running it for some time now and can give you the lowdown on its capabilities in that regard. Also, the developer has posted regularly in the forums. I wouldn't want to misspeak since I no longer have it installed.
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    See here in Lock Down.
     

    Attached Files:

  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    No argument from me Sandboxie is fantastic.
     
Loading...
Similar Threads
  1. Overkill
    Replies:
    5
    Views:
    731
Thread Status:
Not open for further replies.