I have created this poll just to gauge what CIS 6 users are doing in regard to HIPS
Past CIS versions have used HIPS as an integral part of keeping us secure now it seems CIS is moving away from the HIPS approach and relying more heavily on BB/sandboxing.
I personally prefer the new approach (when tweaked for fully virtual) as I can use my PC seamlessly - no questions need answering but I can still be confident it’s operating in a secure enviroment.
I do question myself though and wonder is this config offering the best security CIS has to offer ?
what is lost/gained by not enabling HIPS ?
I have obviously read the guides and forum regarding this and know that HIPS is still active on unknown files even when not enabled.
I guess I’m just asking whats your opinion.
Thanks TF
I have both BB and HIPS enabled for myself, but for my family and friends I have only the BB enabled, as I can handle the pop-ups but they are not an expert user and tech savvy like myself, so is best to leave only the BB enabled for them as its at about their level of being able to operate a computer.
On a side note I saw recently on my brother-in-laws computer McAfee, I know he had Comodo CIS v5 installed at previously, I have no idea why he changed, that’s his choice I guess…lol ;D
Well I asked Mr. Egemen a while ago about it he told me:
“I don’t recommend enabling hips if BB is on. It is unnecessary. BB enables HIPS on for the unknown apps so no need for the hips.”
I take his word for it. Just make sure you have “enable enhanced protection mode” with BB untrusted or fully virtualized. But I prefer untrusted or blocked. And using proactive configuration. Your security would be the same as using HIPS.
Note that the default settings will also allow ransomware to encrypt your files. You need to change the BB to at least Limited to protect yourself from ransomware.
In my opinion this isn’t true too a perfect 100%, because some malware might for one reason or another be whitelisted and in that situation BB won’t help you and hence if you have HIPS turned off… well… you’re broken*, right?
I would personally LOVE for the HIPS inside the BB to generate ALERTS which the USER can answer. Of course this should be optional. Now when I run something in the sandbox, everything is automated…
Since I was never a fan of HIPS (to put it mildly), I absolutely do not enable it. I couldn’t have been happier to find it was disabled by default in v6. I have bumped up the BB level though. At first I had it on restricted but now I have enabled the fully virtualized option and am using that. I did not change the overall configuration. It is still on Internet Security.
If you set the BB to fully virtualized, I wonder if it still employs the underlying HIPS functions or if it just switches to the full sandbox. It seems like the latter to me.
I know but moving it to limited will create prob like some programs not working. Partial limited is very good at this, most of the programs works in partial limited.
Hope the upcoming reversal technology is implemented soon. This feature will be very helpful.
If I am not wrong, reversal technology will be able to reverse individual programs.
I am wondering if the reversal technology will be able to undo the encryption by the ransomware.
We dont know when reversal technology will be implemented.
They are not releasing new CTM too which would also help in restoring system if ransomware encrypted files.
The current stable version of CTM gives prob on my system i.e once in every 5-6 days windows at boot starts check disks & repairs something. If I uninstall CTM then no probs.
Like if the malware would not encrypt specific restore points then
They could encrypt everything, and just a window is left:
“Pay”
And they even dont need to be able to decrypt things later…
They just want the money.
If I would make a malware like that then I wouldn’t give a way of decrypting the files, why? Because then security firms could probably get the password/passkey/whatever data is needed for decryption and then distribute it to their users. So for the bad guys it would be a security risk… if you get what I’m trying to say. ><
Of course I don’t write malware. I only know a tiny bit of C++, of course I’d like to learn how they work internally for educational purposes but I would never make one to distribute. Also, I am very interested in the internal workings of Aimbots… how the hell do they work!? I want to know! ><
Does selecting “Enhanced Protection Mode” really do anything if the HIPS is disabled? I will not enable HIPS but does the EPM provide additional protection when running the BB at a high level or fully virtualized? I currently have none of the boxes checked in the HIPS settings. I thought they only applied if the top one to enable HIPS was selected.
Yes it does. I saw different results in the protection with it being off and on. You are safer with EPM. Esp if you are using 64-Bit OS. If you enable it you get an extra HIPS behavior and better chances of blocking esp keyloggers that’s what I saw in my case.
