Looking for Quiet Behaviour/HIPS

Discussion in 'other anti-malware software' started by firzen771, Oct 23, 2008.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im looking for something that will keep quiet most the time and do its job well, this can be either a behavior blocker or a HIPS or w/e, just need some suggestions on a FREE one. i am using avira antivir premium, so something that won't conflict with that
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Tried Threatfire out at all?
    Warnings will vary user to user, of course, but I get on average no more than about 3 a week, mostly when installing software.
    SpywareTerminator has a HIPS component, I don't use it any more but you might want to try it out. (If so I'd recommend NOT installing the toolbar/WSG, nor the Clam AV component.)
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Threatfire is a good choise. I prefer to use Cyberhawk v1113, readily available with a quick google search. I use Avira Free, and have no problems at all with CH. As for TF, if you want easy, it has one little downfall. There is no 'Allow or Deny', only an Allow,Kill or Kill & Quarantine. Meaning, you cannot just deny, you must kill or kill & quarantine. A most unsatisfactory logic for me anyway.

    Sul.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i will recomend DefenseWall Hips is the most quiet app i ever tried:thumb: :thumb:
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Kill meaning Kill the process? Or kill the process and delete the executable? If it's just kill the process, then I don't see any difficulty with that, you're either going to allow or deny it, and in that sense, Kill means Deny. Or am I missing something here?
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    There are instances that are legitimate and that cannot be solved by the current logic employed by TF. For example, if I make a network rule in TF, that says to block something on tcp or whatever. When this rule triggers, there is no block. Only Allow or Kill. Not that TF replaces a firewall, but it's logic does not allow you to just continue the program in question while 'blocking' the rule you were watching for. IMO TF is not good with network usage at all. Just my opinion though.

    Take another example. Let's say that an app writes something to a protected file by TF, and I know this and expect it. When TF throws it's prompt, the choise of Allow or Kill is going to just that. There are no allowances for IF I still want the app to run but also block the said behaviour.

    I have seen this more on my custom rules, where I want to be shown the option of just denying what the custom rule is without actually terminating the process. I have seen multiple times, exploring directories, when suddenly TF comes up with something it does not like and flags as bad, with only the option Kill/Quarantine. Not even a file in the directory, just some action of the explorer it does not like. And this on a freshly formatted and new install. The red window prompt just says 'this is bad, you have only one choise. Prepare to be assimilated into the hive..' . I mean, the simple option to continue and ignore would even be great. I have said it before, I would pay to have an 'advanced' version with this capability.

    Sul.
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Agreed Sully

    ThreatFire 4 needs only restore that X-TREMELY IMPORTANT FEATURE of "Deny" and not just Quarantine, as well as fine tune it's code to react more quickly (if possible) rather then the delay i experience with it on every single alert.

    I can use a stopwatch and count the seconds untill the prompt box finally raises up and although that IS a concern for me, overall, they finally have put the right code engineer on that project to make it what it should have been a long long time ago.

    EASTER
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Easter it is true that you are noticing a delay, but it is not a minus, but a plus over the compitition see https://www.wilderssecurity.com/showpost.php?p=1336619&postcount=40 or https://www.wilderssecurity.com/showpost.php?p=1337120&postcount=47

    regards Kees
     
  9. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    does threatfire use heavy resources, like the cpu? and i was also wondering if comodo firewall with D+ is compatible with avira antivir premium, would ther be any conflicts?
     
  10. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,076
    I dont have problems with TF, try it, and if you have problems with TF them try Mamutu is more or less the same concept
     
  11. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Dynamic Security Agent, Sana Security Safe Connect/Identity Protection/Norton Antibot, Mamutu - all easy to use and not that much popups.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    well that leaves classical hips out.Then Threatfire since it has to be free
     
    Last edited: Oct 24, 2008
  13. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hmm i installed threatfire and it was all locked up, it wasnt frozen but i couldnt press any of the tabs in its interface, so i wasnt able to do anything so i uninstalled it, any ideas on what this prob is? if i right clicked its tray icon and did something, i could see its status change on the interface, but i couldn't do anything myself.
     
  14. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Using 0 CPU percentage here, (watched over only a minute, while a couple of programs and webpages were opened and closed), no spikes seen, Memory usage peaked at a rather skinny 8Megs or so.
    So, short answer, apparently not.
     
  15. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    You better post your OS, other programs running (Kaspersky or Avira? LnS or something else? Any other security or backup programs?)
    Are you running an admin account in XP? UAC interfering in Vista?
    These are some possibilities.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Ok, thanks Sully, I see it more clearly now.. As far as network traffic goes, you should definitely be able to deny the traffic while allowing the app to continue running etc... That's basic stuff. Sounds like somebody make a mistake and took out Deny at one point? Has anyone communicated this to the devs? Or is that no longer possible being that it's Symantec now? They should surely see the logic of it all and make some changes...
     
  17. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i am running windows XP professional 32bit, still using kav 7 for now with proactive defence disabled, and just windows firewall right now.
     
  18. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Are you running an account with admin privileges?
    Software should always be installed/uninstalled from such an account.
    Did you try some of the obvious things, like a reboot, or a re-install?
    Any other security software running, or installed in the past?
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    It's up to the user/customer to make their HIPS "Quiet" and that entails spending the days & weeks to fine tune it with laser precision, but don't fret, it's really so stupidly simple because HIPS are the VERY BEST!! security innovation to ever grace SOLID protection for Windows NT systems. The trade-off is very well worth the time & effort and you'll discover this for yourself should you take that assignment for yourself. HIPS has put the front-line ULTIMATE SECURITY squarely within the control of YOU! the controller and user of your own machine and it's destiny.

    Behavioral Blockers are extremely close to their same technique and all it takes is your attention to their alerts too, then set your choice you deem safe, and you'll no more need to interact again untill or unless another potential forced intrusion attempts to land on your good machine. :)
     
  20. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    yes im on admin, i tryed rebooting and re installing, but it still is the same, and i only have kav 7 installed and using windows firewall as my real-time software.
     
  21. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Another free HIPS alternative is Windows Defender whose real-time "protection agents" monitor critical key areas of your system. No slow-downs or stability problems.

    /C.
     
  22. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Well then, I don't know. Usually this type of behaviour is a result of a conflict of some kind, which is the reason I asked what security apps. you might have had installed in the past.
    Another possibility is that you have a corrupted installer file, especially if you downloaded from a non-home site (ie not the PCTools download page) but usually a corrupted installer file, in my experience, won't work at all, or will pop an error when trying to install the app.
    You could try downloading a new file, worth a crack if bandwidth isn't an issue, but I'd be inclined to post your problem at the PCTools forum
     
  23. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    Mamutu is quiet.
     
  24. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Sadly this is long before Symantec's acquirement and has nothing to do with it... Apparently it's been debated for long but has some great argument not to put it in (one or whatever it's which I would more than gladly like to see). Being brought up once again by myself, djames of the PC Tools forums put together the discussion into one topic, which is now back at page 3 (and I don't know if I can call it a discussion really :D). You can see it at this link where bellgamin has also put in a comment: http://www.pctools.com/forum/showthread.php?t=53179 (my nick over there is RavenMacDaddy)
     
  25. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Spot on with this comment. I have been watching the PCT forum on TF for some time, and it seems to me that DJames is maybe neutral, but does bring it up. It also seems that it is met with some rather 'fierce' responses from somewhere higher up. Why I have no idea. I would, and have seen others state the same, PAY $$ for a ThreatFire Pro/Advanced that gave more options like this.

    Sul.
     
Loading...
Thread Status:
Not open for further replies.