Windows 7: Best free HIPS with minimal resource usage?

DBone · 04 Jan 2013

You can right click the icon and select "White list all running processes" so you don't have to do one at a time. It also asks if you want to do this right after the install too. It is very simple to use, and a breeze to set up. After install I get maybe 5 alerts.

M4dn3ss · 04 Jan 2013

Oh okay I'll be sure to give it a go!

Do you know if there is any way for malware to run, not as an exe file?

DBone · 04 Jan 2013

Yes, there are exploits that can, but if you keep your OS, browsers, java (if installed, hopefully not!) flash ect... up to date, then that lowers the risk. That being said, I would say that most malware originates via .exe.

M4dn3ss · 04 Jan 2013

Slightly off topic - but do you happen to know anywhere I can find live malware exploit links, I'm trying to test a program called "Exploit Shield" in a virtual PC but none of the exploit links I find work...
(funny how you can get viruses when you don't want them, and when you do want them you can't get them)

Edit: Just tried Exe Radar, it seems kinda inconsistent - some programs are allowed to run without my confirmation (and they weren't in the Program Files folder)
Also, is there any way to change the default action to Whitelist or blacklist?

DavidW7ncus · 04 Jan 2013

Here is a site that lists several HIPS programs you can check out.
My disclaimer - I never used any of these programs and have no personal experience with them.
Free Host Intrusion Prevention Systems (HIPS) and Application Firewalls (thefreecountry.com)

You can also Google for hips program or hips protection , etc. to see what else you can find...

M4dn3ss · 04 Jan 2013

Hmm I read about PrivateFirewall: </title> <meta name="description" content="Privacyware - Advanced Threat Prevention and Security Intelligence Solutions"> <meta name="keywords" content="Personal Firewall, Personal firewall, personal firewall, firewall, Firewall, Privacyware, Private
Does anyone have any experience with this? Is it any good?
It sounds quite decent

DBone · 04 Jan 2013

The reason some files were able to run with EXE Radar is because the default setting is to auto allow system protected exe's to run. You can uncheck that in the settings tab if you like.

ExploitShield is a different animal, and they even tell you on their website not to try the usual malware. They have samples on their site if you sign in. It is an exploit blocker and is also just in beta, although it seems pretty stable

PrivateFirewall has bricked at least 2 Windows 7 x64 machines that I have read about. I wouldn't use it.

Have you thought about WinPatrol?

M4dn3ss · 04 Jan 2013

Yeah I know but they weren't system files, it was an old 16 bit application that happened to be installed directly into a folder on the root of C: drive.
The only link to exploit sites on ExploitShield's website links to a forum with malware samples whose domains have already gone down, and so they no longer work.
I've tried WinPatrol but it doesn't monitor anything; I even strolled into the hosts file and edited it with impunity, and WinPatrol didn't even raise the alarm.

Is Comodo's solution any good? I used it a long time ago and it wasn't really spectacular, but I don't know, things might've changed.

DBone · 04 Jan 2013

Yea, I like Comodo's firewall/D+. If I were looking for that kind of software, it would be #1 on my list with Emsisoft Online Armor Free a close second.

Windows 7: Best free HIPS with minimal resource usage?

Best free HIPS with minimal resource usage? problems?