EQsecure

From CastleCopsWiki

Product: EQSecure

Company:

Support forum: EQsecure forum(chinese)

First released:

Feature list: Main features include execution control - including parent-child control (fairly rare), Dll loading (rare) process modification and termination control, service/driver installation control, configurable registry control, Full Feature list compared to other products

Various reviews and tests: Nicm's test against selected "unhookers" malware

[edit] Quick review

A promising new and free HIPS from China, in some ways comparable to Neoava_Guard. EQSecure provides comprehensive protection, offering not only application protection and registry protection but also the much rarer file control.

Although termination protection is only passable by todays standards (does not handle window messages kill methods), Prosecurity provides next generation protection by controlling low level disk access control as well as improved antikeylogger protection (beyond global hooks). As shown by the feature comparison table, pretty much every feature you can think of is provided by ProSecurity, the exception being network control.

The interface for registry control and file control is excellent, allowing you to easily setup registry and file rules, although it takes some thought to understand how it works. The fact that you can easily import and export rule sets in xml is a very big plus.

However there are a couple of quirks with the automated rule generation that means you need to tighten up each rule manually and understanding of Application Control is not easy. Also most users of HIPS would expect an automated hash check for processes that have application rules (similar to a firewall that checks to see if the hash of your browser is unchanged), but in EQSecure, such rules are off by default and requires that you turn them one by one manually.

[edit] Screenshots

Out of the box, the default mode is "Normal mode" (there is also a learning mode). You can create different modes according to your fancy for each area. "Prompt and block" and "Prompt and allow", refer to the fact that the user will be given 25 seconds to respond to a prompt, and if no response occurs the system will block or allow the operation respectively. "Load Library file" (dll loading) is very intrusive and it is not recommended to be set to prompt.

Some standard options

EQSecure provides password protection and even gives you the choice of what is protected.

As shown above the three main areas of protection in EQSecure is classified as Application protection, Registry protection and file protection. Each of these three areas can be customised separately.