EQSecure 3.41 Settings

@Alcyon

Man alive, you done a bang up job with those rules, i just had a chance to add them review & test them and it's obvious you were very carefully selective in those choices.

I have to hold out a huge hand of compliment for that effort.

Ever consider programming? Or do you already have experience in some.

I never seen EQS this amazingly forceful. I wish i had your talent. You must have covered everything including the reset button LoL

Extremely Excellent Effort!!!!!! Thanks a Million for sharing.

 

Alcyon

YOU ARE A WIZARD!!

You have really put a very serious effort into those RULES shared and i here by knight you a Master SAGE!!!

FYI, i imported them into Beta (4.0) and let me tell you right now they "ALL" are dead on-target!

I have never seen such a ruleset in any app as professional and pinpoint PRECISE as these.

EQSecure (and users) definitely owes you the highest honor for this work. You must have picked thru each and every potential line of entry gates with a fine tooth comb friend. Those rulesets even cover the network channels!!!

I am way more than 110% totally in awe of this effort. You have raised the bar of shielding in EQS far beyond any expectations.

This is by far the very BEST and most intelligent advanced technical coverage i have ever witnessed in my lilife .

You have with this propelled SECURITYwith EQS into some Legendary status AFAIK

 

Thanks for the compliments, EASTER! I'm just a security freak like you and many others on this forum!

EQSecure is a pure jewel, isn't it? I'm glad to know that you like the ruleset.

There's room for improvment

Stay tuned for more updates.

 

Hi Alcyon,

I'd also like to express my thanks for all your efforts in producing this very impressive ruleset and for sharing the results of your hard work with all of us.

They are now in use on my system and I feel a lot safer with them in place.

Thanks again.

hammerman

 

What else can I say.
Fantastic job, many thanks Alcyon

 

I can't say I've been much for classic HIPS in the past, but with these set-ups, EQS has been a breeze. Using it with OA Free and SAS Pro. I'm a believer.

 

Thank you Alcyon for the rules. I'm finally using EQsecure now. Have to find out which rules I need in the blacklists, they are all unchecked.

There are some more rules unchecked, why is that? The newbie asked....

 

@ Yoda1953, the unchecked rules are the more advanced ones. You only use these rules if you know what you're doing. Their main goal is to prevent damages from curious users or malwares. Some of them need to stay unchecked while you install programs, others don't. I'll probably write some documentation in a near futur.

A more robust ruleset is on it's way.

 

This ruleset is superb. Many many thanks. This should save me a hell of a lot of time.

 

Yeah, I noticed . Checked everything to see what will happen and then I couldn't log into Windows, something missing in explorer was the message, the same in safe mode.

Luckily enough I always make an image of my system drive before testing/trying something.

 

How nice! My new ruleset is ready but I can't edit post #93 anymore.

 

Here's the updated ruleset. You'll need to replace .txt with .zip

03/24/2008 updates: new rules, fixes and registry keys
03/24/2008-3: file protection rules updates

 

Going to try the new set. Many thanks for all your hard work Alcyon!

 

Thanks Alcyon for your excellent ruleset! Had renewed interest with EQS because of this. Is it possible to make make rules to allow EQS act like a behavior based HIPS?

 

That's where the disable protections feature comes in handy. For example no exe can secretly drop inside \Program Files folder. If i install or even decide to move an executable simple click of that feature temporarily allows entry. I alternate depending on how much time is required for some installs, generally either 1 0r 5 minute increments. Fantastic feature.

Thanks.

Looking forward to even tighter and better well rounded coverages.

This is indeed a Brilliant effort.

 

I tell you guys what, if EQSecure soon gets a final release out for us in version 4.0, combined with Alcyon's Brilliant Rulesets as well as whatever else some of us can dig up, this might just finally cap it in protections via a configurable HIPS.

I took a bold step today in combining SuRun with it and proceeded to throw the kitchen sink at it.

It's passed ALL leaktests, passed ALL keylog tests i have, and if you suspect it misses any conventional tests by all mean make your facts known please.

I launched some pretty mean crap i have on hand and EQS + SuRun stopped them Cold

I'm trying to gather up enough courage right now to fling some fierce file infectors at this duo, but not before i do a Full Image backup first! But then in reality, they are executables and would be stymied at launch point, but i want to let them pass at least one level prompt to see how far they can go.

I have to say Alcyon, and i know plenty of members and EQS supporters agree, you certainly loaded a full-blown curtain of coverages which with some, they otherwise might have gone unprotected altogether.

I absolutely admire your creativity with the indications you made in parentheses (malware) (Suspicious File) etc.

Not even EQS themselves would have forged such a well-round ruleset my friend. We owe you a debt of gratitude dude for this one-of-a-kind effort.

Thanks

 

Some perspective, please, and thanks.

 

Hi solcroft

Perspective being that EQS developers efforts are of course more to the tune of mapping & programming this Fantastic HIPS to present it as accurate and dependable as possible with the new improvements and features and not able to do BOTH at the same time. I'm sure we prefer it this way, because it takes great effort and time with pinpoint precision to make everything available/compatible in the end result for release.

If they focused their efforts on both, a release might take many months. Programming IS a Science and requires intense study, preparations, testings and then retestings to assure a quality end result.

It's no detraction at all on EQS, in fact it's the superb programming efforts that open up those coverages that Alcyon is shared.

 

How do you import Alcyons rule set into EQ settings??

also does it work with xp sp3 or sp2?

 

Open EQS, on the main windows you will see "Application Protection,Registry Protection and File Protection" On the right click then on Settings and you will have another windows that opens.
On the top menu, click on Import and choose the folder where you have downloaded and decompress the Files from Alcyon.

Don't forget to remove the old rules before importing the new ones.

 

Hi Alcyon

Like others I thank you for your ruleset, otherwise EQSecure would be out of my league.

If you can, would appreciate some explanation/help notes?

Thank you

Terry

 

I imported Alcyon's latest ruleset, 3/20/06 and tried Gibsons Leaktest. Threatfire stopped it and removed the Leaktest file. After I suspended Threatfire to test EQS v3.41, the test failed. I also have Online Armor free edition and it failed the test also.

Easter, do you have any suggestions on why EQS failed the test? I really like the program, but if it fails this commonly used test, what good is it?

Many thanks,

Silver

 

Hi Alcyon,

Found small typo in File Protection - Global Rules

%WinDir%\system32\drivers\etc\protocols

should be protocol not protocols

Thanks again for excellent rule set.

 

For the last days, I've tried EQS 3.41 following Alcyon's rules set.
Some weeks ago, I had tried EQS 3.41 following the recommendations made by Kees and other users.
I read all postings carefully and proceed in the configuration of EQS 3.41 with great caution.

In both cases, the result was more or less the same: Frequent, not to say annoying pop-up alerts.
I want from a HIPS application to warn me -ONLY- on the -REALLY- Dangerous and Suspicious events.
I don't want, like most of the users, to be alerted when safe applications/processes take place.
What's the purpose of clicking Allow & Remember, Allow & Remember, Allow & Remember...all the time,
because if you click on Block, even Windows Explorer will not open.
I thought that, like Firewalls, it would be nice to activate the 'Learning Mode' so that EQS
will get adjusted to my setup. Unfortunately, when I deactivated the 'Learning Mode', l saw little progress.
Every time, I rebooted, EQS had conflicts with other starting programs. This continued no matter how many
'Allow & Remember' I selected. The same happened when many Trusted/Safe programs tried to access the Internet.
Maybe, this is the way EQS works. However, this is not what I want. I believe that is not what the average user wants, too.
If this is the case with EQS, I prefer to go back to Comodo with D+ -OR- OA Free (even together with ThreatFire).

At this point, I would like to THANK Alcyon, Kees, Easter, and all the other members I forget for their enormous effort!
Sharing knowledge has been the greatest value of this wonderful Forum!

I promise to try EQS 4.0 when things become...mature enough...

 

Hi Easter,

Did your setup pass the COAT leak test? I am using EQS 3.41 and Kerio (not SuRun) and I cannot pass this test. Perhaps you can give me some advice please. I am also using Alcyon's rules.