GeSWall 2.8

Hey Guys, Just making a topic on GeSWall as I think it needs to be a more well known :wink:

Whats new in 2.8?

What is GeSWalll?

GeSWall is intrusion prevention system that is non-intrusive and easy to use. It doesn't restrict network connections and does not use attack signatures or heuristic. Instead of blocking particular attack techniques, GeSWall focuses on attack objectives such as taking control of a PC, stealing data, breaking system integrity etc. By this approach, GeSWall prevents all attacks that involve damage, e.g. malicious software (viruses, trojans, spyware), software vulnerabilities (buffer overflow, privilege escalation, etc.), mis-configuration and unknown attacks based on "zero-days" vectors, e.g. GeSWall has been stopping Windows Metafile exploits. GeSWall is designed to be as non-intrusive as possible. You can keep browsing, mailing, chatting, sharing and so forth in the same way as without GeSWall. Web browsers, mail clients, chat messengers, file sharing clients, office, multimedia and other internet applications become safe to use with GeSWall policy. At the same time, you can create files, start processes, access internet resources without restrictions. The files you created and worked with remain and are not erased, as is the case with virtualization solutions. Additionally, GeSWall does not require configuration or learning mode. GeSWall is intended for regular operations with "trusted" or "safe" internet applications. It means you can do your regular stuff non-intrusively: browsing, reading mail, chating, etc. and GeSWall Personal Edition will prevent the attacks coming via these applications. Note that term "Trusted" means that you trust at least the installation of this program.

More FAQS can be found here;

GeSWall is somewhat similiar to defensewall, Although it uses some virtulization.

I use GesWall free since a lot of time ago with CIS and CBOClean without any kind of problems.

There are a lot of good things to be said about Geswall.I used it myself for a while,before I slimmed down my security setup.It certainly offers a high degree of protection against a wide array of malware and runs fairly light.

GesWall 2.8 has been released :-TU

Hey Kyle!

I have one queston about GW… GW and D+ are the HIPS softwares, so i need use both? Do you recommend switch the D+ to disabled level (i use safe mode now) with GesWall or leave D+ to safe mode?

I use GW and D+ in safe mode w/o problems. I use only GW if i want run FF or IE isolated or any portable program i’m not sure is safe.

OK, thanks for an explanation that :Beer

Yeah they both work together fine :slight_smile: I have geswall because it’s a strong second layer incase I stuff up with defense+. Geswall doesn’t need anyuser interaction,
Never had any incompatibility issues, it’s light on system resources. I don’t see why not to use it :slight_smile:

Geswall is more a policy restriction utility than a classic HIPS,therefore it compliments D+ fine.

I have CIS (Proactive security) FW=Safe Mode, D+=Safe Mode, AV active with Geswall (free). I run this setup on 3 PCs, Win XP Home, Win XP Pro and Vista Home. I believe it is one of the best free security combos on the market. Great security. Just my .02 cents.


I use the same combo! :slight_smile:

In real terms that combo is one of the best security combos full stop,not just free. :Beer

I would like to understand better the advantage of adding GeSWall to a PC using Firefox browser, Thunderbird email, and CIS (Proactive Security, Defense+ in Clean PC Mode, firewall in Custom Policy Mode). When you want to download some new freeware, do you install it isolated with GeSWall to see if it is safe? Does GeSWall effectively eliminate the need to test new freeware with and CIMA? Do you use GeSWall on internet-facing apps instead of normally using a limited-user account (LUA)?

Yes I use GeSWall on all internet facing apps(Even games…thats probably a bit fussy though :stuck_out_tongue: ) cause thats the point :stuck_out_tongue:
GeSWall isn’t a sandbox… It’s not something you “empty” out once you’ve had your time playing around. It’s a policy restriction software, So it restircts what A program can and cannot do… For one example, Anything that comes through one of your threat gates will be labled as untrusted - untrusted files cannot modify trusted files.

Normally… You wouldn’t isolate trusted installers.
You could always try it, If it doesn’t work then you could just get rid of it.

I use my admin account only for installing software and the LUA for normal usage. On my admin account, I run internet-facing apps with limited-user privileges. Since GeSWall and Defense+ both protect certain files and registry keys, what is the advantage of GeSWall over customizing the Defense+ rules and using the above strategy for internet-facing apps?

Be advised that some programs just don’t work isolated. Adobe Acrobat is one program that doesn’t work isolated, which is a bummer because what if the PDF document happened to be booby-trapped? That’s why D+ is the only way to really prevent unknown malware.

Defense+ is not the only way, there are various others.

For adobe and GeSWall you need to post me the relevant logs so that I can help you.

I am days away from upgrading from CFP 3.0 to CIS 3.9, and I would like to figure out what strategy to take. My situation may be different than most Comodo forum users because I share my PC with an inexperienced user, for whom I need to suppress pop-ups with default deny.

Kyle, I am not promoting Defense+ over GeSWall. I am sincerely interested in your experiences and thoughts. As a person who stood against the forum crowd in the past, arguing logically that web and email shields provide no extra security over an AVS on-access scanner, I have respect for your ability to think independently.

Do you use a LUA and why?

Do you still use SandBoxie and why?

GeSWall is easier to use than Defense+, and both are vulnerable to the admin declaring malware as safe. Why not use GeSWall and CIS but disable Defense+ (except for buffer overflow protection)?

Given that I share my PC with an inexperienced user, how does GeSWall in automatic mode compare to Defense+ as configured in the following thread?

Thanks for taking the time to help myself and others.

I have GeSWall and CIS (in “Parent Mode”) installed on a PC that inexperienced people use. I’m not sure that I need both, but I have them just in case. Yes, some programs can’t run isolated, Windows Live Mail seems to be one. But I think GeSWall will alert you if any malware from WLM tries to access important files.

If you have CIS with the “Parent Mode” on you probably don’t need GeSWall.

Tnx for the reply… :slight_smile:

Actually… I’ve never been a big fan of LUA. I find that it restricts my everyday tasks and it’s a frustration.
I don’t use sandboxie because I find GeSWall easier to use… Because most apps are already in predfinedrules, so in most cases you just install and continue your normal Computing life.

As for that turtorial, All that does is surpress alerts and anything that is not already in the “My computer security policy” will be blocked…

GeSWall does have it’s limitations too though… One thing that annoys me, If i download a .ZIP from the internet and then extract it, All those files that were extracted from the zip will be then have their lables
changed from untrusted to trusted. All you have to do to fix this is right click\lable as untrusted. or right click run isolated. However this might be a big downside you will have to consider using with an inexperienced user…

I think the best idea is if you try the app and see what your opinion of it is. If you have any problems with it you can PM me or have a discussion over msn and get through it.