Advice Request Good HIPS software

Please provide comments and solutions that are helpful to the author of this topic.
vuksha_xc60

vuksha_xc60

Level 1
Thread author
Jun 22, 2020
28
72
30
the Internet
Hello,
I need recommendation for good HIPS - only software to use.
I use Comodo Internet Security on my PC. It runs well, but when I need to test something quickly in a VM it's not that practical to install the whole suite just for one function.
What do you recommend ?

Guest OS: Windows 10 Pro
Hypervisor(s): VMware Player 16
RAM: 4GB
CPU Cores: 2
 
  • Like
Reactions: Nevi, Dave Russo, [correlate] and 1 other person
sepik said:
Hello,
Spyshelter Free comes to mind. Premium(paid) version offers more protection.

Kind regards,
-sepikeatures
Click to expand...
Yes...SS Free is the excellent successor of apps from "golden era" of HIPS. Premium has much more features but Firewall version has useful option to manage parent/child processes.
 
  • Like
Reactions: Nevi, Back3, Protomartyr and 5 others
ReHIPS is very good, if you can get past the learning curve. There's actually a lot of information on their site that covers just about everything. Haven't heard anything out of them in a couple of years, but the forum still gets responses to posts, so I guess Re HIPS is still alive.
 
Last edited:
  • Like
Reactions: Nevi, Protomartyr, Kongo and 2 others
ReHIPS is a normal HIPS only by name...from its page
"Unlike some other sandboxes ReHIPS doesn't use kernel-mode hooks, splicing and other unsafe rootkit-techniques. It is based on documented Windows security mechanisms ensuring system stability."
Actually all action of sandboxed process are limited automatically and not monitored/alerted...in result we can't create rules like in classical HIPS.
 
  • Like
  • +Reputation
Reactions: ng4ever, Nevi, Protomartyr and 3 others
I have paired Kaspersky Security Cloud Free with SSFree based on what I have read here at MT to compensate for KSCFree lack of Application Control.

So far they coexist nicely, plus you get a two way application firewall to supplement Windows'.
 
  • Like
Reactions: Nevi, Protomartyr, ichito and 3 others
On one system I have Microsoft Defender configured with GPO's and ReHips (modified to block/ask for LoLBins). In the logs I get the following alert for Microsoft Defender:

WD001.PNG


Have anyone else with the same issue?
 
  • Like
Reactions: Stopspying, Nevi and SeriousHoax
Zartarra said:
On one system I have Microsoft Defender configured with GPO's and ReHips (modified to block/ask for LoLBins). In the logs I get the following alert for Microsoft Defender:

View attachment 258614

Have anyone else with the same issue?
Click to expand...
This ASR can give false positives sometimes. I have experienced this with another program. @Andy Ful might be able to give you a better answer.
 
  • Like
Reactions: Stopspying, Zartarra, Nevi and 2 others
Zartarra said:
On one system I have Microsoft Defender configured with GPO's and ReHips (modified to block/ask for LoLBins). In the logs I get the following alert for Microsoft Defender:

View attachment 258614

Have anyone else with the same issue?
Click to expand...
This rule can make a lot of noise in the Defender Security Log. Most of the blocked events are usually false positives when the legal application tries to enumerate running processes and attempts to open them with exhaustive permissions. These applications can be excluded by using <Manage ASR Exclusions>.
 
  • Like
Reactions: ichito, Stopspying, SeriousHoax and 5 others

You may also like...