64 bit systems and HIPS

Xtwillight

Xtwillight

Level 6
Verified
Well-known
Jul 1, 2014
297
question to Rehips:
when stay a stable version to disposal?
also available in German language?
 
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,344
Xtwillight said:
question to Rehips:
when stay a stable version to disposal?
also available in German language?
Click to expand...
Release date is not yet disclosed. Follow the Rehips topic in this forum and when they do someone will post it.
About multi language i asked and will post on the Rehips topic when they reply.

EDIT:Also asked about process hollowing and process injection even though i am sure it can't be done because isolated application don't have access to other processes but i asked so we can have an official confirmation. Even asked about not isolated applications.
 
Last edited:
  • Like
Reactions: askmark, Solarquest, DardiM and 1 other person
Rebsat

Rebsat

Level 6
Verified
Well-known
Apr 13, 2014
254
@Umbra @hjlbx Since you opened great and informative conversation then I really need to clear this if you could answer me brothers please...

I have a PC with Windows 10 x64 system. I don't have any Virtual Desktop and I am not testing, analyzing any malwares on my system.
I just use my PC for browsing, emailing, chatting, as every normal user do but my Computer Security knowledge is Advanced ;) so I don't care of browsing Phishing, Malware, Adware, ... sites even downloading malwares since I have Ublock Origin with different filters applied.

Now I need to fully protect my Windows 10 x64 system with a full HIPS software, Will ReHIPS do that for me? or I need another HIPS sotware beside it like ESET, SpyShelter, Comodo?

Thank you very much brothers ;)
 
Last edited:
  • Like
Reactions: DardiM
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@Rebsat: ReHIPS is still in closed beta. It is not a finished product like the other softwares you are comparing it to. IMHO just add voodooshield to your emisoft, and you are good.
 
  • Like
Reactions: DardiM, Rebsat, askmark and 2 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
But where do you get weaponized dll injections? from apps you got from "unknown/suspicious" sources. so if you don't run those apps first isolated , that is your fault.
Click to expand...
so that is the advantage of ReHIPS over default/deny. You can still run it, even if you don't trust it. just run it isolated.
 
  • Like
Reactions: DardiM, Deleted member 178 and SHvFl
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,344
shmu26 said:
so that is the advantage of ReHIPS over default/deny. You can still run it, even if you don't trust it. just run it isolated.
Click to expand...
Exactly. Anything you don't trust or think that it can be exploited should be run isolated.
 
  • Like
Reactions: _CyberGhosT_ and DardiM
H

hjlbx

Umbra said:
it does bro, in the virtual desktop ; Fixer said it.
Click to expand...

If I interpreted what he said, the code injection, process hollow, memory scraping, etc isn't blocked - but any "damage" is limited to the isolated environment.

Think about it... TorrentLocker allowed to run - will perform hollow process (the HIPS does not block) - but the encryption of the files is limited to the isolated environment.

The HIPS itself doesn't block code injection, dll injection, process hollow, memory scraping, etc; what is blocked is file and registry system access. I think that is what he meant.
 
  • Like
Reactions: _CyberGhosT_ and Wave
D

Deleted member 178

hjlbx said:
If I interpreted what he said, the code injection, process hollow, memory scraping, etc isn't blocked - but any "damage" is limited to the isolated environment.

Think about it... TorrentLocker allowed to run - will perform hollow process (the HIPS does not block) - but the encryption of the files is limited to the isolated environment.

The HIPS itself doesn't block code injection, dll injection, process hollow, memory scraping, etc; what is blocked is file and registry system access. I think that is what he meant.
Click to expand...


so maybe it is the reason why it doesn't bock those vectors directly, because they will run in an IE.
 
  • Like
Reactions: _CyberGhosT_, shukla44, DardiM and 1 other person
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
Some vendor HIPS are behind in their capabilities on 64-bit systems - for just a single example Datpol (SpyShelter).
Click to expand...
I made a feature request to spyshelter, for process hollowing protection.
they responded: "Can you show me example of this "process hollow" ?"

does anyone have an example for them?
 
  • Like
Reactions: Solarquest, SHvFl and DardiM
D

Deleted member 178

shmu26 said:
I made a feature request to spyshelter, for process hollowing protection.
they responded: "Can you show me example of this "process hollow" ?"

does anyone have an example for them?
Click to expand...

they just making fun of you...they knows exactly what it is, and how it works and how to replicate one... if not, i feel sorry for their customers...
 
  • Like
Reactions: _CyberGhosT_, Wave, shmu26 and 2 others
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
they just making fun of you...they knows exactly what it is, and how it works and how to replicate one... if not, i feel sorry for their customers...
Click to expand...
and I did not post the uncomplimentary remarks that came along with their rude request...
 
  • Like
Reactions: SHvFl
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,344
shmu26 said:
and I did not post the uncomplimentary remarks that came along with their rude request...
Click to expand...
Why do you care and want to show them info. If they are not capable to run a simple test on their own why would you try their software even when they are rude. Move on and ignore them. Some companies have 0 understanding on how much good customer support would benefit them.
 
  • Like
Reactions: _CyberGhosT_, Wave, Solarquest and 1 other person
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
SHvFl said:
Why do you care and want to show them info. If they are not capable to run a simple test on their own why would you try their software even when they are rude. Move on and ignore them. Some companies have 0 understanding on how much good customer support would benefit them.
Click to expand...
I never gave them a penny in my life. I just grab giveaways...
 
  • Like
Reactions: shukla44, SHvFl and ZeroDay
You must log in or register to reply here.

Similar threads

vtqhtr413
    • +Reputation
    • Like
    • Sad
The Quiet Rise of RTCC's, Critics Warn of Creeping Surveillance
Replies
0
Views
932
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
AV-Comparatives Mac Security Test & Review 2023
Replies
5
Views
922
Security Statistics and Reports
MuzzMelbourne
MuzzMelbourne
Sandbox Breaker
    • Like
    • Applause
AWS SSM Agent can be used as a RAT
Replies
0
Views
1,031
News Archive
Sandbox Breaker
Sandbox Breaker

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top