Advice Request Good HIPS software

Please provide comments and solutions that are helpful to the author of this topic.

vuksha_xc60

Level 1
Thread author
Jun 22, 2020
29
Hello,
I need recommendation for good HIPS - only software to use.
I use Comodo Internet Security on my PC. It runs well, but when I need to test something quickly in a VM it's not that practical to install the whole suite just for one function.
What do you recommend ?

Guest OS: Windows 10 Pro
Hypervisor(s): VMware Player 16
RAM: 4GB
CPU Cores: 2
 

Chuck57

Level 9
Verified
Well-known
Oct 22, 2018
433
ReHIPS is very good, if you can get past the learning curve. There's actually a lot of information on their site that covers just about everything. Haven't heard anything out of them in a couple of years, but the forum still gets responses to posts, so I guess Re HIPS is still alive.
 
Last edited:

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
ReHIPS is a normal HIPS only by name...from its page
"Unlike some other sandboxes ReHIPS doesn't use kernel-mode hooks, splicing and other unsafe rootkit-techniques. It is based on documented Windows security mechanisms ensuring system stability."
Actually all action of sandboxed process are limited automatically and not monitored/alerted...in result we can't create rules like in classical HIPS.
 

SearchLight

Level 13
Verified
Top Poster
Well-known
Jul 3, 2017
625
I have paired Kaspersky Security Cloud Free with SSFree based on what I have read here at MT to compensate for KSCFree lack of Application Control.

So far they coexist nicely, plus you get a two way application firewall to supplement Windows'.
 

Zartarra

Level 7
Verified
Well-known
May 9, 2019
312
On one system I have Microsoft Defender configured with GPO's and ReHips (modified to block/ask for LoLBins). In the logs I get the following alert for Microsoft Defender:

WD001.PNG


Have anyone else with the same issue?
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
On one system I have Microsoft Defender configured with GPO's and ReHips (modified to block/ask for LoLBins). In the logs I get the following alert for Microsoft Defender:

View attachment 258614

Have anyone else with the same issue?
This ASR can give false positives sometimes. I have experienced this with another program. @Andy Ful might be able to give you a better answer.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
On one system I have Microsoft Defender configured with GPO's and ReHips (modified to block/ask for LoLBins). In the logs I get the following alert for Microsoft Defender:

View attachment 258614

Have anyone else with the same issue?
This rule can make a lot of noise in the Defender Security Log. Most of the blocked events are usually false positives when the legal application tries to enumerate running processes and attempts to open them with exhaustive permissions. These applications can be excluded by using <Manage ASR Exclusions>.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top