behaviour blocker / HIPS for working PC

nick76

Level 1
Thread author
Jul 2, 2012
58
hello all,
I've a working PC that is managed (for the AV deployment) by the Sys Admins. Due to the fact I don't fully trust this AV (McAfee), I wish to add a BB, an HIPS or a companion AC that doesn't create any issue with the working AV.
what do you suggest?
thank you very much
Nick
 

Vishal Kumar Singh

New Member
Apr 26, 2014
7
Hi nick76

You can go for COMODO internet Security, which has super HIPS technology in-built.
You can take full control of what can run inside your system by changing from Disabled to safe and for more verbose mode you can go to set it to Paranoid mode (most popups and permission dialog).

Or

You can also opt for Outpost Security Suite which has in-built ad-blocker

or

You can also opt for ZoneAlarm Extreme Security which has great firewall

And for price matter, you can go for COMODO Internet Security (Free alternative) to all with super firewall and HIPS support and YES

It has SandBox built right into it
 

nick76

Level 1
Thread author
Jul 2, 2012
58
Hi all,
thank you for your replies.
by installing these software I don't compromise the McAfee scanner?
thank you again
Nick
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
by installing these software I don't compromise the McAfee scanner?

Please specify the version of the McAfee product that you are using.

Particularly, if you are using the products for home users, including McAfee Antivirus Plus, McAfee Internet Security and McAfee Total Security, then these products have their built-in firewall (very sensitive to LAN traffic). Therefore, it would not be a good idea to install another firewall product on your computer, such as Comodo Firewall, Outpost Firewall or ZoneAlarm.

On the other hand, if you are using the enterprise products of McAfee like McAfee Virus Scan Enterprise (VSE), then it has already had a powerful HIPS module (Access Protection). VSE is not very easy to use, so you can still combine it with some convenient HIPS products, such as Comodo or Spyshelter, though in my opinion it is redundant.
 
  • Like
Reactions: Raul90 and scot

nick76

Level 1
Thread author
Jul 2, 2012
58
Hi Online_Sword,
we have McAfee VirusScan Enterprise + McAfee AntiSpyware Enterprise 8.8.0, + McAfee Host Intrusion Prevention 8.0

thank you very much
Nick
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
@nick76

In my opinion, McAfee VSE and HIP 8.0 can provide a decent protection when they are configured properly.

As far as I know, HIP (McAfee Host Intrusion Prevention) can control the network traffic in a fine granular of ports and protocols, so you do not need to install another firewall product.

If you have the privilege to modify VSE configure (In your company, VSE might be managed remotely by the admin via EPO. In such case, you may not be able to configure VSE by yourself), then you can create & modify the rules in Access Protection to further harden your security config.

Specifically, VSE has many built-in rules, but only a few of them are enabled in the default case. If you have the privilege to modify VSE configure, then you can try to enable the default rules, modify the included processes & excluded processes, and create customized rules. Here is an official introduction:

https://kc.mcafee.com/resources/sit...00/PD20870/en_US/5345wp_tops_vse_ap_0109s.pdf
 

nick76

Level 1
Thread author
Jul 2, 2012
58
Hi ,
thank you for your reply. I'm not able to manage or configure VSE.
what I would like is something that sandbox my "external browser" in order to be notified everytime something "weird" happens on my PC. (I'm local admin).
best rgards
Nick
 

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
what I would like is something that sandbox my "external browser" in order to be notified everytime something "weird" happens on my PC

I do not know a security product that can precisely match your demand. But I think maybe you can try Sandboxie. I am sure that Sandboxie does not conflict with McAfee VSE with default rules. However, please note that VSE has a built-in rule that can prevent any processes from writing any PE files to the system folder. This rule is disabled in the default case. If the admin has already enabled this rule, you cannot install Sandboxie on your computer. In fact, if the admin in your company really enables this rule, you can hardly install most of the security products on your computer...

EDIT:

Here is a guide by @Umbra on how to protect your browser with Sandboxie :
Sandboxie Configuration Discussion Thread
 

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
I do not know a security product that can precisely match your demand. But I think maybe you can try Sandboxie. I am sure that Sandboxie does not conflict with McAfee VSE with default rules. However, please note that VSE has a built-in rule that can prevent any processes from writing any PE files to the system folder. This rule is disabled in the default case. If the admin has already enabled this rule, you cannot install Sandboxie on your computer. In fact, if the admin in your company really enables this rule, you can hardly install most of the security products on your computer...

EDIT:

Here is a guide by @Umbra on how to protect your browser with Sandboxie :
Sandboxie Configuration Discussion Thread

There isnt really a program for his specific needs. He already has HIPS enabled but cannot have control over it. VSE + AM from McAfee are totally different flavor from the traditional home versions, so there shouldnt be any reason not to trust such solution.

I myself manage my home systems via ePO and SaaS (SaaS because is web based admin as I still have W8.1 and W7 on some systems, so I did not fully convert to Enpoint Security and still using Endpoint Protection modules for it). HIPS module was added as standalone to all systems and configured accordingly, however without Admin rights, no way he will be able to tweak further.

Its HIPS module itself is good enough for its needs and should any funky business starts to goes on, it will be blocked and alerts sent everywhere, as well as logs.

No need really to add additional stuff, specially when the system is managed by sys admin. It will just create conflicts unless you know exactly how the original solutions installed are configured from ground up.
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
No need really to add additional stuff, specially when the system is managed by sys admin. It will just create conflicts unless you know exactly how the original solutions installed are configured from ground up.

I agree.:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top