Behavior blockers [edit | edit source]

Screenshots
Selection of behavior blockers snapshots:
(Click to enlarge)

AntiHook

AppDefend + RegDefend

Cyberhawk Basic

Drive Sentry

Dynamic Security Agent

EQSecure

Prevx2

Prosecurity Free Edition

Neoava Guard

Process Guard free

SensiveGuard

System Safety Monitor Free Edition

WinPatrol 2007

Winpooch

This class of security software is the latest and newest to be employed and currently it is still very much a niche market, although major security product vendors are starting to add it to their security products. See FAQ on HIPS and discussion here for more details. On the freeware front, there is a wide variety of choices available, mostly liteware (some which are pretty much as capable as the full versions, while others are significantly weaker) and a few open source and free beer products.

Expect a lot of developments and changes.


Popular [edit | edit source]

  1. All-Seeing Eye - http://www.fortego.com/en/ase.html
  2. AntiHook - http://www.infoprocess.com.au/antihook26.php align=center
  3. AppDefend + RegDefend (nagware)- http://www.ghostsecurity.com/index.php?page=appdefend align=center
  4. Vista.png Avorax Shield - http://www.arovaxshield.com/
  5. Blink Neighborhood Watch - http://www.eeye.com/html/products/blink/neighborhoodwatch/index.html
  6. Vista.png Cyberhawk Basic - http://www.novatix.com/ . Renamed to ThreatFire (beta) align=center
  7. Vista.png Drive Sentry - http://www.drivesentry.com/index.htm align=center
  8. Vista.pngDriveSentry (GoAnywhere for usb drive) (beta) - http://www.drivesentry.com/download/DriveSentryGoAnywhere1.0.0.40.zip New.gif
  9. Dynamic Security Agent - http://www.privacyware.com/dynamic_security_agent.html align=centerRecommended.png
  10. EQSecure - http://www.eqspywatch.com/ , see for a short introduction (setting language to english and configuration) align=center
  11. Vista.png Prevx2 (license unique) - http://www.prevx.com/
  12. Vista.png Prosecurity Free Edition - http://www.proactive-hips.com/download.php align=center
  13. Neoava Guard (betaware) - http://www.neoava.com/ align=center
  14. Process Guard free - http://diamondcs.com.au/processguard/index.php?page=home align=center
  15. SensiveGuard - http://www.sensiveguard.com/index.html align=center
  16. System Safety Monitor Free Edition - http://www.syssafety.com/ align=centerRecommended.png
  17. Vista.png WinPatrol 2007 - http://www.winpatrol.com/ align=center
  18. Winpooch (open source) - http://winpooch.free.fr/page/home.php?lang=en&page=home align=centerRecommended.png


If all you want is execution control (so you are prompted when an unknown new process try to execute), then Winsonar 2007 XP or Abstrusion protector is all you need. Avorax Shield and Winpatrol provide mostly registry control and antispyware protection only warning you of attempts to set autostart entries, hijack browser related entries similar to most antispyware real time protection but does not warn you of new unknown processes starting. Most of the other entries here do both as well as monitoring even more subtle system behavior. AntiHook, Appdefend/Regdefend, Dynamic Security Agent, EQSecure, NeoavaGuard, System Safety Monitor, ProSecurity free, Sensiveguard, Winpooch provide a lot of protection by warning you of system changes and behavior, but is very intrusive and requires some knowledge to use. ThreatFire (beta) (which boasts some intelligence) and Prevx2 (which uses a large database whitelist of applications) is perhaps the easiest to use.

Others [edit | edit source]

  1. API Guard - http://www.alamak0ta.republika.pl/apiguard.html
  2. Vista.png ClearShield (beta, Vista only)-http://www.myclearshield.com/en/home?
  3. Vista.png Comodo V3.0 beta - http://www.softpedia.com/get/Security/Firewall/Comodo-Personal-Firewall.shtml (This version adds "Defense+" which is HIPS) New.gif
  4. Vista.png Comodo Memory Guardian (betaware) - http://uhthn2002.blogspot.com/2007/08/comodo-memory-guardian-beta-v1-buffer.html New.gif
  5. Firekeeper - http://firekeeper.mozdev.org/index.html (IDS using snort rules for scanning HTTP)
  6. Full Control - https://sourceforge.net/projects/fullcontrol/
  7. Guardian Angel (outdated) - http://www.freedownloadscenter.com/Utilities/Anti-Virus_Utilities/Guardian_Angel.html
  8. Hurricanesoft Internet Security 2006 Free Edition - http://www.hurricane-soft.com/Security-Software/Hurricanesoft-Internet-Security-2006-Free-Edition-EN-3.1.3/
  9. LOM Heuristics (betaware) - http://www.lommage.co.uk/lomheuristic/
  10. MicroPoint Proactive Defense Software (chinese only) - http://www.micropoint.cn/
  11. Samurai HIPS - http://www.geocities.com/spcs_inc/
  12. SECRETMAKER - http://www.securemaker.com/ All-in-One New.gif
  13. Strata Guard Free - http://sgfree.stillsecure.com/?q=node/47#whatdoes
  14. Wehnus Buffer overflow protection - http://www.wehnus.com/products.pl
  15. Wssecure Application Monitor (open source) - http://sourceforge.net/project/showfiles.php?group_id=181434
  16. See also Lists of freeware antispyware with resident protection such as Spyware Terminator and Windows Defender.
  17. See also Lists of freeware firewalls that have some HIPS function like Jetico 1 and Comodo firewall
  18. See also Lists of freeware sandboxes
  19. See also Lists of freeware virtualization

Process firewalls/ execution control (only) [edit | edit source]

  1. Abtrusion Protector (development stopped)- http://www.pcworld.com/downloads/file/fid,56608-order,1-page,1/description.html
  2. Exe Lockdown (development stopped) - http://www.padring.com/soft/Utilities/Antivirus/ExeLockdown.html
  3. FullControl for Windows (open source) - http://sourceforge.net/projects/fullcontrol/
  4. Trust-no-exe - http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm align=center
  5. Winsonar 2007 XP - http://digilander.libero.it/zancart/winsonar.html Recommended.png


If all you want is execution control (so you are prompted when an unknown new process try to execute), then one of the entries here is what you need. Trust-no-exe is highly configurable and useful software that allows you to set filtering permissions at various levels. Winsonar 2007 XP , offers a special online mode, where all unknown processes are automatically killed.

Integrity checkers (only)[edit | edit source]

  1. Vista.png Drive Sentry - http://www.drivesentry.com/index.htm align=center
  2. File Checker - http://www.javacoolsoftware.com/filechecker.html align=center
  3. Installspy - http://www.2brightsparks.com/freeware/freeware-hub.html
  4. Sentinel - http://www.runtimeware.com/sentinel.html align=centerRecommended.png
  5. Spy-The-Spy - http://www.mediachance.com/free/spythespy.htm
  6. Tiny Watcher - http://www.donationcoders.com/kubicle/watcher/ align=centerRecommended.png


These entries act mostly as integrity checkers, to ensure that sensitive file and directory areas like Windows directory is unchanged. Some like Sentinel or Tiny Watcher only do this on demand or at startup, others like File Checker and Spy-The-Spy do this in near real time polling the system a number of times a minute to check for changes. Drive Sentry is a full blown "data firewall" that can watch any folder ,file or extension for changes. Some of the behavior blockers already mentioned above like EQSecure and Winpooch can also do similar functions.

Registry watchers (only)[edit | edit source]

  1. MikeLin's StartupMonitor - http://www.mlin.net/StartupMonitor.shtml align=center
  2. MJ Registry Watcher - http://www.jacobsm.com/mjsoft.htm#rgwtchr Now payware. Last freeware MJ Registry Watcher version 1.5.4 align=centerRecommended.png
  3. RegistryProt - http://www.diamondcs.com.au/index.php?page=regprot. (down July 2007), alternative download
  4. Startup Monitor - http://www.windowsstartup.com/startupmonitor.php align=center


These utilities warn you of changes to autostart entries. Most of them (except MJ Registry Watcher) cover only the most common autostart up areas, and you cannot add more entries for monitoring. Not recommended unless you are not using anything else more capable (E.g. AntiSpyware with realtime protection or one of the other HIPS above with register monitoring capabilities generally do the same and more). For on demand checks see List of freeware autostart lisers

Script watchers (only)[edit | edit source]

  1. Kaspersky Anti-Virus Script Checker - http://mikepav. narod.ru/eng/kavscrch.htm
  2. Script Defender - http://www.analogx.com/CONTENTS/download/system/sdefend.htm align=center
  3. ScripTrap - http://keir.net/scriptrap.html align=center
  4. Script Sentry - http://jasons-toolbox.sectorlink.org/programs.asp?Program=Script%20Sentry align=center
  5. VBS Script Executor - http://fileforum.betanews.com/detail/VBS_Script_Executor/990131048/1
  6. Volto Interceptor - http://www.volto.com/interceptor/
  7. See also Lists_of_freeware_hardening_tools


These are Script related tools. Script Defender , ScripTrap and Script Sentry are tools that warn you of any scripts running and providing the option of blocking them or letting them continue to run. They work by associating themselves to script extensions (Script Defender allows you to add more extensions to intercept) so if a script runs it will first call them, before passing it on, as such they use zero cpu time. Also most normal users will never run scripts, so these tools are usually silent and not very intrusive until similar monitors for executables.

Note  : Most of them tools are very old, because they were invented at the time when scripts based worms were rampant.

Information Sources [edit | edit source]

  1. kareldjag.over-blog.com - lots of details
  2. Definition and analyse of what HIPS means by Gartner
  3. Behavior Blocking: The Next Step in Anti-Virus Protection
  4. Details about Panda's TruPrevent
  5. Link to Tests of specific HIPS products
  6. HIPS Feature comparison
  7. HIPS_FAQ

This article is part of the Lists of Freeware Security Software: Malware Control series.

Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools

Related : Lists of online scanners

Community content is available under CC-BY-SA unless otherwise noted.