Battle Firewall + HIPS choices

Coool

Level 1
Thread author
May 13, 2017
5
Hello everyone,

I have been a long time lurker, always finding these forums and the members extremely informative and helpful, and finally joined trying to find some advise on this subject.

I am setting up from scratch a Windows 7 Pro 64 bits system on an HP workstation (Xeon E3-1240, 16gb RAM) and I am hesitant regarding the real-time security software setup.
I am going from my old desktop (same OS) set up with real-time security software being CIS - Firewall and HIPS only - and ESET NOD32 (AV only).

I will keep NOD32 as AV but keeping HIPS down (I did try it but did not really get good impressions).
On the other hand, I am a bit tired of Comodo as I have found quite heavy on resources lately and somehow sometimes forgetful (a couple of Firewall exclusions and HIPS popups always popping up and rules not remembered).

As an advanced user, I want to keep visible control at these two levels, network access and execution granularity (not overly too paranoid), and so have been looking at alternative setups.
I was considering Private Firewall as it also has a HIPS (tried it once some time ago) but have been reading over here on security concerns for it not being updated any more.

I prefer free software but would consider paid alternatives if proved more capable in terms of efficacy and resource usage (that was the case with ESET NOD32).

Thanks in advance!
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@Umbra is talking about AppGuard and ReHIPS. The same can be achieved in COMODO; just set the HIPS and\or sandbox to "Block" Unrecognized files. If it blocks something that is safe\needed, just un-block it. Simple concept that applies to almost any SRP and anti-executable.
But if you are going down that path, why choose Comodo?
 
Last edited:
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Because if you can't pay for Sandboxie, Appguard or ReHIPS, comodo is the only serious choice.
If you don't use a standard user account, NVT ERP free beta 2015 is fine.
And if you aren't going to run Chrome in isolation, then ReHIPS demo edition is fine.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
FF is multi-process so you have to pay for ReHIPS anyway.
Right. I forgot that firefox switched to multi-process.
But anyways, I was talking about anti-exe solutions, not isolation, so I was thinking that the OP would use only the anti-exe aspect of ReHIPS.
 
  • Like
Reactions: AtlBo

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
But if you are going down that path, why choose Comodo?
Comodo's free and with cruelsister's settings, more convenient than NVT ERP because of the bigger whitelist. It's also supported and is more robust on what it blocks. VoodooShield might be good though I haven't tried it extensively. The only other thing I can think of is the whole Excubits package.
 

Coool

Level 1
Thread author
May 13, 2017
5
I think I will try a Windows Firewall interface software like Windows 10 Firewall Control (both Binisoft's and Tiny Wall require some .NET framework and that is not very appealing to me...) together with an execution / exploit control tool with has an interactive mode.
Not very fond of silently blocking, I'd rather be asked for (since I don't get asked over and over again like with Comodo bugs...).
That excludes the Excubits tools, that are silent, and leaves SecureAPlus (free) / Voodooshield (paid).
Or, instead, as paid alternative combos, with firewall and anti-exec features, Spyshelter or ZoneAlarm Pro (not sure of their interactive mode abilities...) .
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I think I will try a Windows Firewall interface software like Windows 10 Firewall Control (both Binisoft's and Tiny Wall require some .NET framework and that is not very appealing to me...) together with an execution / exploit control tool with has an interactive mode.
Not very fond of silently blocking, I'd rather be asked for (since I don't get asked over and over again like with Comodo bugs...).
That excludes the Excubits tools, that are silent, and leaves SecureAPlus (free) / Voodooshield (paid).
Or, instead, as paid alternative combos, with firewall and anti-exec features, Spyshelter or ZoneAlarm Pro (not sure of their interactive mode abilities...) .
SecureAPlus scans your system and automatically makes all your files into trusted installers -- except for apps like browsers, unzippers, torrent clients, etc. So I don't think it will give you the control you are looking for.
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
If you don't use a standard user account, NVT ERP free beta 2015 is fine.

@shmu26...does NVT ERP break in a standard user account? Maybe you were referring to a specific kind of protection that it won't provide in that that type of account? I am using it in a standard account now...
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@shmu26...does NVT ERP break in a standard user account? Maybe you were referring to a specific kind of protection that it won't provide in that that type of account? I am using it in a standard account now...
It depends. Sometimes it acts up, sometimes not. You will notice, if it is behaving funny.
It sounds like you are one of the lucky ones, and @Umbra is one of the unlucky ones, and I fall somewhere in the middle.
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
OK thanks. I haven't noticed anything. I saw you mention in another thread fonts issues. Are these the types of issues you see or are they related to the actual security engine and its functions :eek:?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
OK thanks. I haven't noticed anything. I saw you mention in another thread fonts issues. Are these the types of issues you see or are they related to the actual security engine and its functions :eek:?
The font issue is a totally separate thing. It won't bother you if your system settings are English or a similar language.

In SUA you probably will never have a problem with ERP, unless you try to run super paranoid settings, like @Umbra does. When I tried to do that, ERP got stuck and became unresponsive.

The only other thing I noticed was that one time, after a reinstall, and I imported my old rules, it kept prompting me to upgrade to the "new" version (that came out 2 years ago), i.e., it kept reverting to the "check for new version" setting, even though I stubbornly disabled it time and again.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Thanks for the information @shmu26 and @Umbra. I don't seem to be having these issues, but I will keep an eye out for them now. Actually, I have noticed a couple of freezes but for me it seems to have been a NVT ERP sad collision with UAC password prompt, and the program responsible for the UAC prompt was probably in there somewhere too. Nothing here to upset the rhythm of the time-space continuum or anything...
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top