Win 10 compatible HIPS programs

Discussion in 'other anti-malware software' started by Banzi, Aug 13, 2015.

  1. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Hi folks,

    I'm used to running HIPS on my PC, on XP it was Process Guard, on windows 7 I used Comodo firewall, on windows 8.1 I used Private Firewall. I can't get Comodo firewall to install on clean install of windows 10, Private firewall doesn't support windows 10, I emailed the dev & he basically said that it might not ever support it unless a good business model could be found.

    Can any of the knowledgeable users here recommend a good HIPS program that works well on windows 10?
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    704
    Location:
    Italy
    You may have a look at Smart Object Blocker, it allows you to easily create your own rules to block (or allow) processes, dlls and drivers.
    Here is the thread here on Wilders: https://www.wilderssecurity.com/threads/smart-object-blocker-block-exe-dll-drivers.378369/
    It supports Windows 10 32/64-bit.

     
    Last edited: Aug 13, 2015
  3. Ij80

    Ij80 Registered Member

    Joined:
    Aug 14, 2015
    Posts:
    6
    same problem. The last versione of Comodo freezes my Win10. Now I use sphinx GUI but i need HIPS
     
  4. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
  5. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    131
    outpost
     
  6. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    Sorry to say but SOB is everything but easy to use, not gui and all config is done manually, so be advised.
    But to be fair SOB is the closest thing to a HIPS, according to experts so read that thread.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Not really, a HIPS should watch for more than driver loading and DLL injection.

    SpyShelter is compatible with Win 10, perhaps you will like it.
     
  8. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    AFAIK Outpost doesn't support windows 10 as yet. I did use it back on XP for a while & it was fine till a update nuked my network interface & I had to reinstall windows.
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Using Comodo and SBIE, though I got some BSODs.
     
  10. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Will check the thread out, cheers for the info.
     
  11. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Will check that one out as well, cheers for the tip.
     
  12. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Cheers. I liked Comodo firewall HIPS but found the software to be quite buggy at times, tried to install the windows 10 compatible version of Comodo firewall on a clean install of 10 but it gave a error code of 1603 & wouldn't install. On windows 8.1 with comodo firewall & bitdefender AV+ I had a lot of system slowdown issues etc.
     
  13. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,072
    Location:
    Netherlands
    Here are some thoughts to turn a plain, vanilla Windows 10 into a HIPS

    1. Set UAC to only allow elevation to signed programs (you can still run unsigned programs, but they can't elevate to Admin), see picture below

    2. Set Smartscreen to "require Administrator Approval" when running executables from the internet

    3. Create a local user

    4. Set family safety/parential control to only allow running installed applications (allow Edge, disable IE11)

    5. Intall EMET (default)

    6. Install StartupSentinal (default)

    7. Use a DNS service with URL blacklisting checking (e.g. Norton)

    8. Run as local user

    Fair chance of never getting infected, even when using Windows Defender, but the real malware show-stopper is:

    9. Apply safe-hex habits (don't shoot yourself in the foot by downloading software from unknown sources, opening attachments in mails from strangers).




    Picture 1 setting UCA to allow only signed programs (set Validate Admin Code Signatures to 1)

    upload_2015-8-15_11-41-35.png
     
    Last edited: Aug 15, 2015
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,171
    Here is another useful tip for those that have not used it before. It is called God Mode. I find it quicker to find and change setting of many thing on your computer.

    To activate God Mode, right-click the desktop and select New > Folder. Highlight this folder, press F2 and name it:

    GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
     
  15. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
  16. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Cheers for the post.

    1. I always leave UAC on the default setting.

    2. I have Smartscreen turned off in windows due to the fact it sends all URL's & downloaded files back to microsoft.

    3 I always run a local user & would never use MS account in windows.

    4. I'm the only user of the PC & I like to try out software so that setting would make things a bit more complicated.

    5. I have never used EMET but will investigate it.

    6. I always keep a eye on startup items with task manager & autoruns.

    7. I use OpenDNS as I find it much faster than Virgin Media DNS servers.

    8. I don't really want to limit what I can do as a user, just want to monitor anything new on the PC.

    9. Always do.

    I have tried running as a limited user in the past but had quite a few issues with apps & windows due to that. I'm really just looking for a app like malware defender or the old process guard that I can put in learning mode for a couple of days then set it so it will alert me to anything new that wants to run. Something like the hips in comodo firewall or private firewall.
     
  17. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Cheers for the post. Already got god mode on the desktop for quick access to all settings.
     
  18. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    I have tried several times to install windows 10 compatible version of comodo firewall, it gets to 99% during the install then I get a error code 1603 & it doesn't install. I have even tried setting language for non unicode programs to US English but get the same error. Posted about it on the comodo forums twice but never got any replies. It's a clean install of windows 10 with Bitdefender AV+ 2015, MalwareBytes AntiMalware, Spyware Blaster & the MVPS hosts file.

    I could remove bitdefender then try installing comodo firewall to see if would install but when I install bitdefender again it will ask to remove comodo firewall.
     
  19. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Been testing out NoVirusThanks Exe Radar Pro & it seems to be doing the job after putting it in learning mode for a couple of days, it even alerts to all the rundll32 telemetry crap in windows 10. Will probably get the full version when the 30 day trial finishes.
     
  20. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    A donation will make Andreas very happy, ERP is currently donationware.
     
  21. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Hmm strange the website still shows it as a paid app.
     

    Attached Files:

  22. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Ended up having to remove Exe Radar Pro, the program was great but I was getting a lot of alerts for rundll32 appraiser & update etc. Couldn't really white list them as they had a different random code at the end of the command line. Search goes on I suppose.
     
  23. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    try secureaplus ( I am) and set it to lockmode or interactive mode( mine is at lockmode) and thats it. You are safe and free to do what ever you want. Nothing will penetrate and install.
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Did you try using wildcards in the whitelist. That has always solved the problem for me.
     
  25. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,764
    Location:
    Mexico
    I agree. I had the same problems days ago and whitelisting command lines is the solution.
     
Loading...