Can someone explain for me the difference between Behavior Blocker (Emsisoft Anti-Malware) & HIPS ?

Status
Not open for further replies.

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Can someone explain for me the difference between Behavior Blocker (awesome feature in Emsisoft Anti-Malware) and HIPS ? Which is stronger and better?
 

Tani

Level 9
Verified
Nov 25, 2014
402
behavior blocker completely blocks the application to be executed & harm the machine (if not false positive & obviously it detects negative aspects of application by it's behavior on your machine) while hips blocks any particular action of the application & asks you to either allow or disallow, like you can execute program but hips can block its access to internet & asks you if you want to allow that application to communicate with the network.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Behavior Blocker determines the suspicious behavior by analysing in related patterns of other common viruses/ malware trying to lurke on critical system for execution. Doesn't need any signatures for here.

Host Instrusion Prevention System or HIPS is consist of alerts where it notifies the changes which needs user interaction; either a suspicious or not if it doesn't meet from the rules set then it should be check.

Well HIPS is powerful if handle by experience users while Behavior Blocker can be strong enough as long it detect possible suspicious activity,
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
Behavior Blocker determines the suspicious behavior by analysing in related patterns of other common viruses/ malware trying to lurke on critical system for execution. Doesn't need any signatures for here.

Host Instrusion Prevention System or HIPS is consist of alerts where it notifies the changes which needs user interaction; either a suspicious or not if it doesn't meet from the rules set then it should be check.

Well HIPS is powerful if handle by experience users while Behavior Blocker can be strong enough as long it detect possible suspicious activity,
You mean that HIPS can only work well if it's configured by experience user?
 
  • Like
Reactions: tonibalas

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
You mean that HIPS can only work well if it's configured by experience user?

In certain area HIPS is already work in action, however it needs knowledge to determine from every user interaction which for novice users have to be supervise. + These days implement of HIPS like recommending to set in Learning mode for allowing all the applications as much as possible before turning to the mode of detecting that wasn't registered to the rules.
 

Maxxx58

Level 13
Thread author
Verified
Dec 20, 2014
619
In certain area HIPS is already work in action, however it needs knowledge to determine from every user interaction which for novice users have to be supervise. + These days implement of HIPS like recommending to set in Learning mode for allowing all the applications as much as possible before turning to the mode of detecting that wasn't registered to the rules.
Thanks for your information.
 

eXPerience

Level 1
Mar 7, 2011
248
Think of the behavior blocker as an extension of your antivirus/antimalware. A normal antimalware will detect a milicious file using a signature it got from the antimalware researchers. Behavior blockers dont use signatures, they detect malicious files using advanced patterns and investigating their behavior, hence the name. Therefor it will only flag and give a warning about an unknown but suspicious file when it's "behaving like malware". It's an advanced software behind the scenes which will be visible in exceptional cases.

Now think of HIPS as an extension of your firewall. You allow applications to access the internet or not. This is mostly by user interaction. Program x wants access to the internet, do you want this or not. This is how HIPS works but then instead for the internet, for your computer. Therefor you will get questions like, do you want program x to access file x or modify registry key x?
This makes that HIPS is far more in the foreground. Standard HIPS will report basicly everything an unknown application wants to do and therefore require a lot of user interaction.

Neither of the software is better than the other, the best way is if they're used together. But nowadays basicly every antimalware company has some kind of behavior analyser in their software. HIPS is more rare as it is more intrusive.

best regards,
eXp
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
Some HIPS are smarter than others and wont alert to known safe programs and processes thereby cutting down on the amount of pop ups.
HIPS are great in that if you make a wrong decision you will still get an oppurtunity to block and terminate the malicious process unlike an antiexecutable will usually allow once or block once.

HIPS alerts will diminish as time goes on making any further alerts worthy of your full attention.They`re also a good way to get to know your system`s files and processes.BB`s alert to suspicious or malware like behavoiur such as file replication,installing drivers,making internet connections etc.They`re probably more user friendly keeping a more general eye on your system.

HIPS/BB`s are your zero day protection meaning they can deal with very new malware threats because they dont rely on traditional malware signatures unlike a regular AV.As mentioned above most good AV companies include one or the other or even both but not all.

Regards Eck:)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top