What is all this noise about HIPS??

I have used or tested just about every version of firewalls in the past 8 years and find the Comodo firewall to be about the best and it’s free. Saying all that, I found reference to the HIPS intrusion confusing. I have heard the term used frequently when talking about security but this is the first time I have really looked into it. Now I am confused. When checking my configuration I see no reference to HIPS or find any reference to in the help file. The forum on the subject doesn’t really get into it and now I have no idea where to find the settings for it and/or what those settings should be. A tutorial about HIPS would be greatly appreciated.

H (L)

A good general article on the subject of HIPS can be found at CastleCops Wiki here:-


In COMODO Firewall Pro 3.0, the HIPS component is called Defense+ and is very well explained within the CFP help pages in the application itself.

Thanks. This cleared up some mis-direction on my part.


Despite the fact that it resides on CastleCops domain, this is actually a wiki! Be warned that the link above is actually a wiki page created wholly by a character called “Lusher”, a well known troll in this forum.The contents there have not be approved by any real security expert.

Luketan makes a very good point about the need to use our critical faculties and IMHO this holds true for all information found on the Internet (or anywhere else for that matter). My attitude is if a source of information helps to further understanding then use it; otherwise discard it. But always rely on your own judgement and experience when making the assessment. Even “experts” can be wrong and don’t always agree with one another, so appeals to authority have little value.

Personally, I don’t agree with everything in the HIPS Wiki on CastleCops, but for someone new to the subject it does introduce some basic terminology and can be a place to start, providing that the reader bears in mind, as Luketan has said, that the article is just a reflection of one individual’s point of view that is not necessarily endorsed by others.

Thanks Luketan for bringing this caveat to everybody’s attention.

Just for the sake of interest. Which parts don’t you agree with?

I’m sure we can all learn from a master like you…

Why the sarcasm; I never said or implied I was a master? I thought you would have understood from my reply that I find the whole notion of appeal to authority very dubious when discussing ideas.

I thought your point was well made so what’s the problem? On the one hand you’ve said that the Wiki just represents the point of view of one individual and I agreed with you, then you appear to be taking me to task for having a slightly different point of view to the author. As an individual, am I not also allowed a point of view?

As to what I disagreed with in the Wiki, I’m not sure that it’s relevant to this forum, but as you’ve asked I’ll tell you. I think that it’s more helpful not to classify Sandboxing as being in the HIPS category as the author of the Wiki does - not necessarily wrong, but IMHO just more helpful to keep the two concepts separate. A lot of these things in the end come down to questions of semantics anyway.

By keeping the two concepts separate we can make better distinctions. We can say for example that D+ is a HIPS but not a sandbox; Sandboxie is a sandbox but not a HIPS; whilst DefenseWall uses both HIPS and sandboxing techniques in its implementation. Just my opinion though and you may disagree. I’m not claiming any kind of authority for my view, but I do claim the right to hold and express it.

Hope we’re not going to fall out over this.

Best wishes


Why do you think we are going to “fall out” over anything?

I was just curious about what you disagreed about. Nothing more.

I have far more serious problems with the wiki beyond semantics.

Hi Luketan,

It was just the sarcasm in your reply that made me wonder whether you were upset about something I said. Anyway never mind; we appear to have got past that.(:WAV)

The Wiki is just an article that I remembered reading a while ago, so I thought it might be a suitable place for somebody new to the subject to start, as it talks about HIPS terminology and the HIPS landscape.

I’m interested to know what your own thoughts are in more detail. You said you have serious problems with the Wiki. Putting aside your evident dislike of the author, what are your issues with the article?

Best wishes


The way I see it, Hips is no more than a process guard. Similar to Win Patrol but nowhere near as good. I turn it off in Comodo AV. It’s a pain in the ■■■■.

Why is WinPatrol better?
Are there really that many HIPS popups in CAVS? You do loose some protection by turning it off.