Review EQSecure 3.3

Although EQSecure (first 3.3) is running under review for me, it's working perfectly and doesn't present any issues either in capturing process events or blocking them. I really haven't gotten into tightening the rules just yet and not exactly sure it saves them like it should but everything so far indicates it is keeping my rules intact.

I've already run this for sometime before alongside System Safety Monitor as a dual-core HIPS shield and theres no problem of incompatibility along those lines either on XP Pro.

Heck, with my FD-ISR snapshots under the protective coverage of Power Shadow and "ONLY" EQSecure running w/ Kerio 2.15 firewall, i wouldn't be a bit afraid of recommending this set up even for even the most notorious of surfers who like to live dangerously.

If, and thats already a pretty big if, anything would happen to bypass or evade EQSecure's sensory perception shielding, it would be lost anyway after a simple reboot from Shadow-Mode. And as if that wasn't secure enough, theres always the simple Copy/Update from the FD-ISR archive over the affected snapshot in question which effectively returns that snapshot right back to it's previous "CLEAN" state with all settings & programs completely intact.

Unlike ErikAlbert and some others who like to fancy themselves with Restoring from Images to cover up mistakes or a problem, this method is foolproof enough to recover from most any error or misfortune. Besides, i don't know how much pounding if any a hard drive can take with restoring images since the disc platter would have to undergo a rigorous writing campaign that for me anyway, is better left alone in favor of preserving the life of my hard drives. LoL

 

2007.5.17 EQSecure 3.4 RC1 from EQS official forum (Chinese).
Changelog:
1. support USB mouse
2. removed limitation for child process memory modification from parent
3. dialog adjusted

http://www.eqsecure.com/download/V3.4RC.rar
update = post#42

 

great job and a great app too

 

I'll have to install this and commence my malware attack on it like before. I hope they finally got it to Terminate the processes it also blocks since some m'ware i threw at it still remained lodged in the running process list after action to block.

Agree, is a very nice effort be it Chinese or martians who invented it, i'm also quite pleased with the information it shows and it shows a very great deal of vital info, you just have to manually drill into the various features to get to them. That info is vital for Power User's and Security buffs like me but average users likely wouldn't bother with it. Still as-is (at least 3.3) is give me lots of confidence in it so far. LoL

 

Here's a little trick for EQSecure users: Install East Asian Language support and you'll notice that EQSecure GUI looks better. I think, since it's written natively in Simplified Chinese, it relies on Simplified Chinese character support although you'll be using the english translation.

 

Thanks for the tip.

How would users trying this one rate it in stability, flexibility, and capture rate?

 

Improved self-defense of the EQSecure process, earlier startup + later shutdown, improvements to the application protect module to allow it to report a parent process trying to modify the memory space of its child, prompt windows now report command line arguments, and disabling keyboard shortcuts on the prompt windows to defeat keyboard accelerators. All in all, very nice.

 

@solcroft: Are you talking about 3.4?

 

Er, yep. That's what Easter meant... right?

 

Solcroft, Mitchelson, Korb

Any news on the official release of 3.4 yet?

Regards K

 

I'm not comfortable with the RC 3.4 yet.

It's interesting they made it to run as service though this time. This HIPS is almost mindboggling in the manner they fashioned it so very light but Xtremely efficient.

 

The chinese version is pretty stable, but the english translation isn't complete yet, so some parts of the gui, especially dialog boxes don't work.
I'm actually using the chinese version of 3.4 on one machine. I may not understand what it says but I know what the buttons do, and so far so good! The chinese app GUI looks really cool on my english desktop
Most notable change is that it now runs as a service, as mentioned by Easter, so it catches more. Option to check MD5 is now an option in the dialog box, I figured.

 

Then most of us will wait on the English Alphabet translation version when it becomes available. Of all languages on earth, the oriental and arabic ones are the most scrambled looking mess to an english native, and most will agree you have to be able to understand the readable data to really make any use of this Power HIPS. You're just an exception to that rule LoL

If 3.4 pans out even better than 3.3 which i perceive it surely will, then this is bonified keeper.

One thing i find annoying maybe someone can help me sort out. Even if you set some application to "NO" for logging and also "YES" to allow all, i still get a fade-in prompt that one of my programs, ie: RollBack is doing a Low-Level Operation to Disk during it's background monitoring of saving incremental backups to it's rollback function. I just can't seem to turn that off. Any ideas?

 

any screenshots or more detailed description of the rules involved?

 

It's not of particular concern since the prompt really doesn't get in the way. Just keeps displaying the action is happening when it does, but repeats endlessly. Not a problem on my main PC which i'm using now, but i would like to get to the bottom of it.

It's late now, but when i have time i'll fire up the other system and take some. LoL

 

okay then.
but on this side, i've never experienced EQS misbehaved as far as "log/don't log" is concerned.. working as expected, so far...

 

This is no misbehave i'm sure becoz i found this HIP as early on and as-is, as near perfect as perfect can get so far as everything i could find to adjust. Probably just overlooking something or it may even be built in when concerns Low-Level Disk Accesses.

 

To kill the notification window, set its display duration to 0 seconds.

3.4 features a "-1" option to show a window permanently until the user responds to it.

 

actually, this is what I meant. it's almost flawless, so it could be something overlooked in the user-defined rules...

 

Noted! And thanks for the heads up about 3.4, but i don't want to eliminate it for everything detected, just the one. LoL

I'll study it more and see what i missed. I always have to check myself first before concluding.

 

Yes, I agree. I do not want to totally eliminate the watch window. I actually like it. It unobtrusively alerts you to what certain apps do..

 

the rule flowchart

who can translate it into english?
It could help you understand how to define the rules of EQSecure better.

 

I think it says "path to the Forbidden City"

seriously, can you give link where you get that flowchart, please?

 

http://www.eqspywatch.com/bbs/read.php?tid=556

from official forums

 

Can EQS be configured turn off all features except low level disk access (at least just to test)?

In case you wonder why I want this, My Power Shadow 2.8.2 is already registered! & Data Hiding Tactics for Windows and Unix File Systems

Mike