Looking for Quiet Behaviour/HIPS

im looking for something that will keep quiet most the time and do its job well, this can be either a behavior blocker or a HIPS or w/e, just need some suggestions on a FREE one. i am using avira antivir premium, so something that won't conflict with that

 

Tried Threatfire out at all?
Warnings will vary user to user, of course, but I get on average no more than about 3 a week, mostly when installing software.
SpywareTerminator has a HIPS component, I don't use it any more but you might want to try it out. (If so I'd recommend NOT installing the toolbar/WSG, nor the Clam AV component.)

 

Threatfire is a good choise. I prefer to use Cyberhawk v1113, readily available with a quick google search. I use Avira Free, and have no problems at all with CH. As for TF, if you want easy, it has one little downfall. There is no 'Allow or Deny', only an Allow,Kill or Kill & Quarantine. Meaning, you cannot just deny, you must kill or kill & quarantine. A most unsatisfactory logic for me anyway.

Sul.

 

i will recomend DefenseWall Hips is the most quiet app i ever tried

 

Kill meaning Kill the process? Or kill the process and delete the executable? If it's just kill the process, then I don't see any difficulty with that, you're either going to allow or deny it, and in that sense, Kill means Deny. Or am I missing something here?

 

There are instances that are legitimate and that cannot be solved by the current logic employed by TF. For example, if I make a network rule in TF, that says to block something on tcp or whatever. When this rule triggers, there is no block. Only Allow or Kill. Not that TF replaces a firewall, but it's logic does not allow you to just continue the program in question while 'blocking' the rule you were watching for. IMO TF is not good with network usage at all. Just my opinion though.

Take another example. Let's say that an app writes something to a protected file by TF, and I know this and expect it. When TF throws it's prompt, the choise of Allow or Kill is going to just that. There are no allowances for IF I still want the app to run but also block the said behaviour.

I have seen this more on my custom rules, where I want to be shown the option of just denying what the custom rule is without actually terminating the process. I have seen multiple times, exploring directories, when suddenly TF comes up with something it does not like and flags as bad, with only the option Kill/Quarantine. Not even a file in the directory, just some action of the explorer it does not like. And this on a freshly formatted and new install. The red window prompt just says 'this is bad, you have only one choise. Prepare to be assimilated into the hive..' . I mean, the simple option to continue and ignore would even be great. I have said it before, I would pay to have an 'advanced' version with this capability.

Sul.

 

Agreed Sully

ThreatFire 4 needs only restore that X-TREMELY IMPORTANT FEATURE of "Deny" and not just Quarantine, as well as fine tune it's code to react more quickly (if possible) rather then the delay i experience with it on every single alert.

I can use a stopwatch and count the seconds untill the prompt box finally raises up and although that IS a concern for me, overall, they finally have put the right code engineer on that project to make it what it should have been a long long time ago.

EASTER

 

Easter it is true that you are noticing a delay, but it is not a minus, but a plus over the compitition see https://www.wilderssecurity.com/showpost.php?p=1336619&postcount=40 or https://www.wilderssecurity.com/showpost.php?p=1337120&postcount=47

regards Kees

 

does threatfire use heavy resources, like the cpu? and i was also wondering if comodo firewall with D+ is compatible with avira antivir premium, would ther be any conflicts?

 

I dont have problems with TF, try it, and if you have problems with TF them try Mamutu is more or less the same concept

 

Dynamic Security Agent, Sana Security Safe Connect/Identity Protection/Norton Antibot, Mamutu - all easy to use and not that much popups.

 

well that leaves classical hips out.Then Threatfire since it has to be free

 

hmm i installed threatfire and it was all locked up, it wasnt frozen but i couldnt press any of the tabs in its interface, so i wasnt able to do anything so i uninstalled it, any ideas on what this prob is? if i right clicked its tray icon and did something, i could see its status change on the interface, but i couldn't do anything myself.

 

Using 0 CPU percentage here, (watched over only a minute, while a couple of programs and webpages were opened and closed), no spikes seen, Memory usage peaked at a rather skinny 8Megs or so.
So, short answer, apparently not.

 

You better post your OS, other programs running (Kaspersky or Avira? LnS or something else? Any other security or backup programs?)
Are you running an admin account in XP? UAC interfering in Vista?
These are some possibilities.

 

Ok, thanks Sully, I see it more clearly now.. As far as network traffic goes, you should definitely be able to deny the traffic while allowing the app to continue running etc... That's basic stuff. Sounds like somebody make a mistake and took out Deny at one point? Has anyone communicated this to the devs? Or is that no longer possible being that it's Symantec now? They should surely see the logic of it all and make some changes...

 

i am running windows XP professional 32bit, still using kav 7 for now with proactive defence disabled, and just windows firewall right now.

 

Are you running an account with admin privileges?
Software should always be installed/uninstalled from such an account.
Did you try some of the obvious things, like a reboot, or a re-install?
Any other security software running, or installed in the past?

 

It's up to the user/customer to make their HIPS "Quiet" and that entails spending the days & weeks to fine tune it with laser precision, but don't fret, it's really so stupidly simple because HIPS are the VERY BEST!! security innovation to ever grace SOLID protection for Windows NT systems. The trade-off is very well worth the time & effort and you'll discover this for yourself should you take that assignment for yourself. HIPS has put the front-line ULTIMATE SECURITY squarely within the control of YOU! the controller and user of your own machine and it's destiny.

Behavioral Blockers are extremely close to their same technique and all it takes is your attention to their alerts too, then set your choice you deem safe, and you'll no more need to interact again untill or unless another potential forced intrusion attempts to land on your good machine.

 

yes im on admin, i tryed rebooting and re installing, but it still is the same, and i only have kav 7 installed and using windows firewall as my real-time software.

 

Another free HIPS alternative is Windows Defender whose real-time "protection agents" monitor critical key areas of your system. No slow-downs or stability problems.

/C.

 

Well then, I don't know. Usually this type of behaviour is a result of a conflict of some kind, which is the reason I asked what security apps. you might have had installed in the past.
Another possibility is that you have a corrupted installer file, especially if you downloaded from a non-home site (ie not the PCTools download page) but usually a corrupted installer file, in my experience, won't work at all, or will pop an error when trying to install the app.
You could try downloading a new file, worth a crack if bandwidth isn't an issue, but I'd be inclined to post your problem at the PCTools forum

 

Mamutu is quiet.

 

Sadly this is long before Symantec's acquirement and has nothing to do with it... Apparently it's been debated for long but has some great argument not to put it in (one or whatever it's which I would more than gladly like to see). Being brought up once again by myself, djames of the PC Tools forums put together the discussion into one topic, which is now back at page 3 (and I don't know if I can call it a discussion really ). You can see it at this link where bellgamin has also put in a comment: http://www.pctools.com/forum/showthread.php?t=53179 (my nick over there is RavenMacDaddy)

 

Spot on with this comment. I have been watching the PCT forum on TF for some time, and it seems to me that DJames is maybe neutral, but does bring it up. It also seems that it is met with some rather 'fierce' responses from somewhere higher up. Why I have no idea. I would, and have seen others state the same, PAY $$ for a ThreatFire Pro/Advanced that gave more options like this.

Sul.