Sygate Personal Firewall Pro v5.0 is the most advanced and rock-secure firewall available to home users ever, period. SPF Pro does have rudimentary IDS capabilities though not enough for the eternally and severely flawed by nature "IIS".
I would suggest taking a look at eEye's SecureIIS v2.01 for IIS protection as it will lock your IIS down stronger then any Apache server. But if you want my real opinion, DUMP IIS and install Apache for Win32 as Apache is simply a better, more stable and generally faster server alltogether. Dump ASP while you're at it and learn PHP. =) SecureIIS is APPLICATION LEVEL protection so you will still want some kind of network firewall/IDS.
For an IDS (Intrusion Detection System) I use and recomend snort (both BSD and Win32 versions) as it is FREE and EXTREAMELY powerfull not only enginewise but in flexibility as well, otherwise ISS BlackICE v3.5 is also an excellent choice (when configured PROPERLY) for Windows users. Contrary to popular belief BlackICE and Sygate work very will together (at least for me). you can shut off AP in BI and use Sygates more flexible mechanism. However you wont see 98% of attacks in BI since Sygate will most likely nab them first =(, Thats why I now use snort with FlexResp + Sygate.
good luck.
