Looking For a Set/Forget Rulebased HIPS:

Ok dw426

If you really want to batten down the hatches in a software apps methods my recommendation indeed would be EQS w/Alcyon's Rulesets but also with the technological superior executable repeller of Faronic's AE. Aside from this you could choose like so many others to pile on the meat with any group of apps you want of course, but if you want to improve security, confidence, and protection; This is a combination that cannot be easily beat.

And BY-THE-WAY, all this revoling door of adding this app and that app pretty soon adds more, ridiculous IMO. SandboxIE would also be of enormous help in this setup. Some prefer Returnil which is OK too, but first and foremost make absolutely sure you have a very good imaging app and preferable another hard drive to store your images on just in event of either Windows malfunctions (they happen without warning), or some clever malware, but in my experience NOTHING can bypass EQS w/Alcyon's Rulesets and working alongside Anti-Executable, that pretty much puts the clamps on any intrusions. SandboxIE is that *MAGIC app that traps either a local program or internet forced app and when the sandbox is dumped, it's gone.

Hope that helps bring a few options of interest to your attention for you.

Regards EASTER

EASTER

 

Yep, it sure does bring my interest Unfortunately for the time being AE is a no-go due to already strained finances (somebody lower gas prices already!). I'll give EQS a go and find all your threads regarding settings and such. I've seen some concern lately from you regarding the stalling EQS 4.0 development, so perhaps I should stick to 3 available from Alcyons website? Your comment regarding the "revolving door apps" is the exact reason I'm asking about EQS. I want that "Fort Knox" of security without 3-4 apps installed. But, until I learn more, I still need the "Fort Knox 101" book, meaning keeping it simple enough that I can understand enough about the program to be able to move forward and learn more

 

Early Morning GOOD MORNING to you dw426 from USA Time Zone EDT. LoL

All is not without an even STRONGER alternative: Pls, when you find time, and it will definitely be worth the read, cast your attention to this long Topic.
https://www.wilderssecurity.com/showthread.php?t=196737

Theres a little app named SuRun, and don't be daunted if newer versions make for some confusion IF YOU TRY IT, but i've found version 1.209 SuRun coupled with an insane Software Restriction Policy for all intensive purposes makes nearly any of my other security products lok like girl scout cookies. SRP is a VERY POWERFUL DETTERENT indeed as i only recently found out, and it's not so bad running in a LUA so long as you use SuRun + Kafu, add SRP and your PC is LOCKED DOWN TIGHT!!!

It's a very good read, and you can Log Off to the ADMIN's desktop and perform at will onto your users (LUA) account so tha when you LogOn to it again, you have "some restricted" access if thats your cup of tea.

Just a suggestion: I use CyberHawk and can even start EQS in Admin mode in the "users" LUA account and still have full use of those security programs even though the users account is limited by SuRun's restrictions.

EASTER

 

Alcyon's ruleset is a zip file. To install it into EQS, you...

1- Unzip the file

2- Then...??

~~~~~~~~~~~~~~~~~~~~~
Meanwhile, back at the topic...

1- Prosecurity/RTD still is 99.9% state-of-the-art but I just don't feel the developers give a rip about customer relations.

2- One thing that has held me back relative to EQS is that the developer seems to tolerate rather than solicit users from *outside-of-his-geographic-area*. Am I wrong?

3- Comodo Firewall Pro version 3 (inclusive of Defense+ HIPS) is a grrreat security app, but they are becoming much too "tricky" to suit me.

By "tricky" I refer to their silly toolbar, AND to the grossly overpriced "Plus" version -- if you aren't careful while installing CFP, it is all too easy to accidentally install one or both of those rip-offs.

4- OnlineArmor still lacks a couple of key capabilities (file protection & full-scope registry protection)

5- DriveSentry seems too much like a VERY-early-stages beta for me to use any time soon. Just scan through the lengthy "Katie's thread" and notice how many issues will be handled "next time" &/or reported to the QA folks, etc. In the words of trjam...

6- As to Prevx2, I see no evidence that they are actively maintaining this program. It seems all efforts are now placed on CSI. Prevx2 seems to almost be an orphan (but they still sell licenses for it).

7- Winpooch & Neoava are abandoned-ware.

8- As to Safe'n'Secure, its help files & tutorials do not match the latest SnS version by a long shot, and the English used therein is verrry obfuscated at times. Also, they have no forum, & they answer the mail slowly or not at all. Worst of all, there seem to be NO SnS users at all here at Wilders. (For complex programs such as HIPS, I avoid programs that are *strangers to Wilders* like the plague. I want people around who can help.)

9-System Safety Monitor is still alive & kicking. The 2.4.0.621 {March 1, 2008} is now a "stable" version". Vitali has a helper now (for testing & odd jobs) & has projected a major SSM update by end of summer.

Bottom Line- In the "classic rulebased HIPS" category, there are only a few good choices available (IMO). Ergo, there is a major MAJOR need for newer, better, smarter, friendlier rulebased HIPS apps. Where the H**L are they?

 

I know KIS2009 is more of a suite+HIPS than a standalone HIPS, but it is just as powerful as any of the standalone versions, give it a try?

 

its the best av on the market

 

Set and forget:
1- https://www.wilderssecurity.com/showthread.php?t=196737
2- https://www.wilderssecurity.com/showthread.php?t=200772

 

@bellgamin
If I remember correctly, you unzip and there are 3 folders. Each one of them has 3 files in it. There is also a readme file.

In EQS, there is an import rules function, but I can't remember well the steps to get to it, since I'm not using it anymore.
Each ruleset must be imported from the settings screen that you want to add rules to. So when you come to the screen of, lets say, application protection->Blacklist, you then import the ruleset called blacklist that sits in the application protection folder. Do so with the 9 files.

I wish I could remember the steps to find the import button, so I could be more helpful, sorry.

And if I'm not mistaken, some of the default EQS rules must be deleted.

 

Hi

Do you have any evidence/proof to back this statement up?

 

Hi

I think Comodo is still excellent if you can bear with the pop ups. You can just deselect the toolbar and press No to the ripoffs.

Regarding Online Armor, it is quite silent so for a set/forget solutions it's not bad.

And there's also DSA/Webroot Desktop Firewall/Private Firewall?

Thanks

 

Of course he doesn't.
I hope this thread doesn't go in that way...

 

Hi

Lol. I thought it's rather obvious there's no definite "best"?

BTW, go what way?

Thanks

 

Start discussing AV's instead of a Set/Forget Rulebased HIPS.

 

Oh. Sorry.

 

Have to mention the set/forget host protection of OPFW Pro 2009 and OSS Pro 2009 with its auto learn mode and rulez wizard. Works silently in the background and does´nt bother with a lot of complicated choices...in fact it´s the most easy HIPS I so far have been confronted with...

 

*sigh* Well, I downloaded EQS 3.41, the rule-set, SuRun, Kafa, and that German program that turns XP Home to Pro so I can also enable and fool with SRP.....this is going to be a loooong day and night. I'm having to scour these forums and copy every little post I see of settings and suggestions for these programs, lol. I'm already tired and I haven't even started installing and setting up this stuff yet

Edit: Oh, btw, is Sandboxie still needed in such a tight environment?

 

Hi

I would think there's nothing wrong with running Sandboxie and it should add some protection, but maybe you should wait for someone more knowledgeable to respond.

 

It's ok Someone, I'm officially done with this sh** anyway. I'm sticking to the registered version of Sandboxie, Threatfire and Returnil. I've spent enough time on this crap already, if I catch some crazy ass malware hopefully Sandboxie will contain it and Returnil will make it vanish if something does get out. I've tried normal HIPS, policy sandboxes, none of it works for me to my liking. I feel safe enough and safe enough is good enough for me, so I'm officially done with the musical chair playing

 

Set/Forget HIPS? You're dreaming...

 

At least in my case, you're 100% correct.

 

Its official site did not provide any demo version, could not take a try.

It said "a evaluation version will be coming soon", but it said for about 3 years, still no evaluation version provided.

 

i found its better than other av,

 

Hi

I believe that's not really evidence/proof, it's just an opinion.

Thanks

 

As close to a set & forget HIPS, AFAIK, EQS w/Alcyon's Rules is nearly infallible, but only after you set the stage by making LOCK OUT rules in it's blacklists for potential vulnerable areas and alerts to registry additions that like to weld themselves with no permissions in the ENUM\ROOT branch of it, and of course a slew of other locations.

Yeah, takes some effort and time but once you get them all in place you can might as well forget it and not be bothered again unless some new creation raises it's ugly head, whereby after alerted to it, you can LOCK that area out too.

That's about all i have to offer. I highly doubt any HIPS will ever be developed or even can be that is a pure set it and forget it app all on it's own AFAIK.

easter

 

Is it really even possible to have HIPS be pre-configured for 99.9% perfection right out of the box? Sure it may be configured to watch the obvious doors and even some of the not so obvious, but, due to individual systems and individual usage of computers especially, it can't really "mind read" a system and know exactly what needs to be done to protect against every conceivable attack, right? It'll always need some hands on training if for no other reason than individual usage of a particular system I believe.

I've cursed and held my breath the last few days over HIPS testing, and came to the conclusion that it just isn't for me at this time. But I don't blame HIPS for that, it does what it does for a reason and most often it does it well enough.