Best free HIPS with minimal resource usage?

M4dn3ss

New member

Power User

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 3, 2013

• #1

Does anyone know a good free HIPS (host-based intrusion prevention system) program that uses the least amount of system resources possible?
I used to use ZoneAlarm back in the day (it had a neat "OS Firewall" feature which basically does this) but I'm not really a fan of ZoneAlarm nowadays.

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

logicearth

New member

Guru

Gold Member

VIP

Local time

8:12 AM

Messages

5,642

Location

California, Southern

• Jan 3, 2013

• #2

They all will use a lot of resources...but Comodo offers one...

 

My Computer

At a glance

Windows 10 Pro (x64)Intel Core i7-3930K (3.2GHz - 4.5GHz)4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)Nvidia Geforce GTX 690

Computer type

PC/Desktop

Computer Manufacturer/Model Number

Alienware Aurora ALX R4

OS

Windows 10 Pro (x64)

CPU

Intel Core i7-3930K (3.2GHz - 4.5GHz)

Motherboard

Alienware Aurora-R4 x79

Memory

4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)

Graphics Card(s)

Nvidia Geforce GTX 690

Sound Card

SteelSeries Siberia Elite

Monitor(s) Displays

Dell UltraSharp U3011

Screen Resolution

2560x1600

Hard Drives

Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD

PSU

875W Some Dell PSU <.<

Case

Alienware Aurora ALX

Cooling

Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD

Keyboard

Logitech G710+ Mechanical

Mouse

Logitech G700s

Internet Speed

Verizon Fios (50 mbps average)

Other Info

Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 3, 2013

• #3

Aww well that sucks... any good standalone ones? I already have an antivirus solution in place that I don't want to replace.

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

logicearth

New member

Guru

Gold Member

VIP

Local time

8:12 AM

Messages

5,642

Location

California, Southern

• Jan 3, 2013

• #4

You don't actually need an HIPS.

 

My Computer

At a glance

Windows 10 Pro (x64)Intel Core i7-3930K (3.2GHz - 4.5GHz)4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)Nvidia Geforce GTX 690

Computer type

PC/Desktop

Computer Manufacturer/Model Number

Alienware Aurora ALX R4

OS

Windows 10 Pro (x64)

CPU

Intel Core i7-3930K (3.2GHz - 4.5GHz)

Motherboard

Alienware Aurora-R4 x79

Memory

4x Samsung 4GB PC3-12800 DDR3 (16GB 1600MHz)

Graphics Card(s)

Nvidia Geforce GTX 690

Sound Card

SteelSeries Siberia Elite

Monitor(s) Displays

Dell UltraSharp U3011

Screen Resolution

2560x1600

Hard Drives

Samsung 850 Pro 256 GB, Seagate 1TB Desktop Hybrid HDD, 2x Western Digital 4TB Green HDD

PSU

875W Some Dell PSU <.<

Case

Alienware Aurora ALX

Cooling

Custom Liquid Cooling (EK CPU & GPU blocks) dual EK 480RAD

Keyboard

Logitech G710+ Mechanical

Mouse

Logitech G700s

Internet Speed

Verizon Fios (50 mbps average)

Other Info

Server: Intel NUC D54250WYK: i5-4250U, 16GB, 256 GB mSATA, Windows Server 2012 R2

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 3, 2013

• #5

I would suggest an anti-executable instead. NoVirusThanks EXE Radar Pro - NoVirusThanks has both a free and life time paid license version. They are both extremely light on resources and are easy to use.

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #6

What exactly does it do? (the anti-exe stuff)

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 4, 2013

• #7

I didn't mean to hijack your thread, but here's the short of it. An anti-executable such as EXE Radar Pro/Free simply prevents any .exe from launching without the user either allowing it once or white listing it. This stops things like web based drive-by's or clicking on an add that is really an .exe or even a double extension like a .pdf.exe, where you think it is a simple pdf file, but it is really a malicious .exe.

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #8

Does it check for file integrity? (i.e. if I allow firefox.exe, and a malware sample renames itself firefox.exe, will the program allow it to pass?)

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 4, 2013

• #9

Yes, it checks the MD5 hash.

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #10

And so basically it's like the old-school firewalls where initially I have to confirm literally every exe that wants to run?
What happens if an exe wants to run but I haven't confirmed it, and because of my delay in allowing it to run, it crashes?

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 4, 2013

• #11

You can right click the icon and select "White list all running processes" so you don't have to do one at a time. It also asks if you want to do this right after the install too. It is very simple to use, and a breeze to set up. After install I get maybe 5 alerts.

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #12

Oh okay I'll be sure to give it a go!


Do you know if there is any way for malware to run, not as an exe file?

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 4, 2013

• #13

Yes, there are exploits that can, but if you keep your OS, browsers, java (if installed, hopefully not!) flash ect... up to date, then that lowers the risk. That being said, I would say that most malware originates via .exe.

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #14

Slightly off topic - but do you happen to know anywhere I can find live malware exploit links, I'm trying to test a program called "Exploit Shield" in a virtual PC but none of the exploit links I find work...
(funny how you can get viruses when you don't want them, and when you do want them you can't get them)



Edit: Just tried Exe Radar, it seems kinda inconsistent - some programs are allowed to run without my confirmation (and they weren't in the Program Files folder)
Also, is there any way to change the default action to Whitelist or blacklist?

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DavidE

____________

Guru

Gold Member

VIP

Local time

10:12 AM

Messages

6,330

Location

NC, USA

• Jan 4, 2013

• #15

Here is a site that lists several HIPS programs you can check out.
My disclaimer - I never used any of these programs and have no personal experience with them.
Free Host Intrusion Prevention Systems (HIPS) and Application Firewalls (thefreecountry.com)

You can also Google for hips program or hips protection , etc. to see what else you can find...

 

My Computer

At a glance

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x6...AMD Athlon II x4 6206GB GSkill DDR2 800AMD 4670 GPU + AMD 4200 IGP

Computer type

PC/Desktop

Computer Manufacturer/Model Number

home built

OS

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM

CPU

AMD Athlon II x4 620

Motherboard

Gigabyte GA-MA785G-UD3H

Memory

6GB GSkill DDR2 800

Graphics Card(s)

AMD 4670 GPU + AMD 4200 IGP

Sound Card

on board Realtek ALC889A

Monitor(s) Displays

RCA 40" LCD TV, Insignia 32" LCD TV, HP 15" LCD monitor

Screen Resolution

1680 x 1050

Hard Drives

OCZ Vertex 3 120GB,
Samsung F3 1TB (3),
Several others - WD, Seagate, Hitachi, ...

PSU

Corsair 500 W

Case

Rosewill mid tower

Cooling

CM 90mm rifle

Keyboard

Gyration wireless, Logitech wireless, Dell USB wired

Mouse

Gyration wireless, Logitech wireless, V7 USB wired

Internet Speed

Spectrum - 100Mbps D / 10Mbps U

Antivirus

Avast, MBAM3, EMET, WinPatrol

Browser

Pale Moon, Firefox, IE

Other Info

2 multi-boot PC's
Mainly HTPC/Office/Gen purpose (no gaming).
Trendnet USB KVM.
LG DVD burner/Blue Ray Player.
Tray system for removable SATA backup drives.

Not currently OCd, under-volted.
I use Hybrid sleep, rarely re-boot or shutdown.

Hauppauge HD-PVR, Avermedia PCIe TV Tuner, Hauppauge PCI TV Tuner.

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #16

Hmm I read about PrivateFirewall: </title> <meta name="description" content="Privacyware - Advanced Threat Prevention and Security Intelligence Solutions"> <meta name="keywords" content="Personal Firewall, Personal firewall, personal firewall, firewall, Firewall, Privacyware, Private
Does anyone have any experience with this? Is it any good?
It sounds quite decent

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 4, 2013

• #17

The reason some files were able to run with EXE Radar is because the default setting is to auto allow system protected exe's to run. You can uncheck that in the settings tab if you like.

ExploitShield is a different animal, and they even tell you on their website not to try the usual malware. They have samples on their site if you sign in. It is an exploit blocker and is also just in beta, although it seems pretty stable

PrivateFirewall has bricked at least 2 W7 x64 machines that I have read about. I wouldn't use it.

Have you thought about WinPatrol?

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1

M4dn3ss

New member

Power User

Thread Starter

Local time

1:12 AM

Messages

126

Location

Melbourne, Australia

• Jan 4, 2013

• #18

Yeah I know but they weren't system files, it was an old 16 bit application that happened to be installed directly into a folder on the root of C: drive.
The only link to exploit sites on ExploitShield's website links to a forum with malware samples whose domains have already gone down, and so they no longer work.
I've tried WinPatrol but it doesn't monitor anything; I even strolled into the hosts file and edited it with impunity, and WinPatrol didn't even raise the alarm.

Is Comodo's solution any good? I used it a long time ago and it wasn't really spectacular, but I don't know, things might've changed.

 

My Computer

At a glance

Windows 7 Professional x64Intel Core i5 4690KCorsair Vengeance 16GB DDR3-1600Sapphire Radeon R9 290 Tri-X OC

Computer type

PC/Desktop

OS

Windows 7 Professional x64

CPU

Intel Core i5 4690K

Motherboard

Gigabyte Z97X Gaming-3

Memory

Corsair Vengeance 16GB DDR3-1600

Graphics Card(s)

Sapphire Radeon R9 290 Tri-X OC

Sound Card

ONBOARD SOUND :D

Monitor(s) Displays

Samsung S24A450BW

Screen Resolution

1920x1200 (16:10 forever)

Hard Drives

250GB Samsung 840 EVO + 2TB Seagate Barracudea

PSU

Fractal Design Newton R3 1000W

Case

Corsair Graphite 230T

Cooling

Cooler Master Hyper 212X

Keyboard

Logitech G710+, CM Storm TK

Mouse

Steelseries Rival

Internet Speed

Australian

Antivirus

Avast, because I'm cheap

Browser

All the browsers!

DBone

WOOF

Guru

VIP

Local time

8:12 AM

Messages

431

Location

SoCal USA

• Jan 4, 2013

• #19

Yea, I like Comodo's firewall/D+. If I were looking for that kind of software, it would be #1 on my list with Emsisoft Online Armor Free a close second.

 

My Computer

At a glance

Windows 7 Home Premium x64 SP1

OS

Windows 7 Home Premium x64 SP1