PDA

View Full Version : A smart and quiet best of freeware set up

Kees1958
March 13th, 2009, 02:27 AM
Hi,

Suffering jetlag from a week abroad. I liked to share a smart and low pop-up best of breed freeware. It consists of Avira free, ThreatFire free, EdgeGuardSolo free and Keyscrambler free (for IE to use with on-line banking and shopping, for daily browsing we will use Chrome).

First I have seperated my drive in two partitions to have no hassle backing up an image of my programs partition (e.g. PAragon freeware) or synchronising/backing up my data partiton (e.g. Synchback freeware).

See this old post on how to organise this http://www.wilderssecurity.com/showpost.php?p=1412983&postcount=1

This setup consists of ThreatFire, for threatfire we need a security life line for the missing deny option see http://www.wilderssecurity.com/showpost.php?p=1412992&postcount=3

Next install Kescrambler http://www.wilderssecurity.com/showpost.php?p=1412988&postcount=2 and chrome http://www.wilderssecurity.com/showpost.php?p=1413000&postcount=5

Install EdgeGuard as indicated in this post http://www.wilderssecurity.com/showpost.php?p=1413004&postcount=6 EDIT download is not available anymore [BUMMER]

Install BrowserDefender (since teh new beta has enhanced exploit protection), because we use IE for on-line banking and shopping. We will keep Chrome for fast and daily browsing.
Kees1958
March 13th, 2009, 02:34 AM
Now install Avira free with this setting for the GUARD: scan with writing (only), USe smart extensions list and set Heuristics to high.

Now add all your security aps as trusted to TF, see http://www.wilderssecurity.com/showpost.php?p=1413318&postcount=20

Replace Comodo in thi sexample for AVGNT, AVGUARD and AVSCAN, you must add a description in the entryu box (e.g. GUI, GUARD, SCAN) otherwise TF does not saves them

Also add the extra TF rules already described in posts http://www.wilderssecurity.com/showpost.php?p=1413322&postcount=21

http://www.wilderssecurity.com/showpost.php?p=1413323&postcount=22

http://www.wilderssecurity.com/showpost.php?p=1413325&postcount=23

http://www.wilderssecurity.com/showpost.php?p=1413330&postcount=24

http://www.wilderssecurity.com/showpost.php?p=1413331&postcount=25

Next change somw default rules, see picture (also enable HOST file protection).

Narrow teh double extensions to e-mail and webbrowsers and provide a more clear description of outbound connection custom rule
Kees1958
March 13th, 2009, 02:37 AM
Now for some serious extra low pop-up Startup protection,

first your autorun program folders



Autostart program group created

Click "Learn more about this threat". A Program tries to start when windows starts. Normally this is the behaviour of malware. Choose KILL preferably, only when sure it is safe choose ALLOW.

Syntax

When any process
tries to create|TriggerAccessFlags a file
named c:\documents and settings\all users\menu start\programma's\opstarten
or c:\documents and settings\[USERNAME]\menu start\programma's\opstarten
|TriggerFiles

except when the source process is in the system process list or the source process is in the trusted process list

Note: replace USERNAME with your own user name
Kees1958
March 13th, 2009, 02:38 AM
System settings change

Startup system setting changed

Click "Learn more about this threat". Normally this should not change, so choose KILL when in doubt.

RULE SYNTAX
When any process
tries to write to the registry
to HKEY_CURRENT_USER\Control Panel\don't load\
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
or HKEY_CURRENT_USER\Software\Policies\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security center\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
or HKEY_LOCAL_MACHINE\SYSTEM\Select\
|TriggerKeys

to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
|TriggerValues

except when the source process is in the system process list or the source process is in the trusted process list
Kees1958
March 13th, 2009, 02:39 AM
Autostart installation changed

Cliclick "Learn more about this threat". Only when you just removed/installed something and no malware reference is found, choose ALLOW. Choose KILL when in doubt.

RULE SYNTAX
When any process
tries to write to the registry
to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
|TriggerKeys

to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\PendingFileRenameOperations
|TriggerValues

except when the source process is in the system process list or the source process is in the trusted process list
Kees1958
March 13th, 2009, 02:40 AM
Autostart registry changed

Click "Learn more about this threat". Normally this should not change, so choose KILL when in doubt.

RULE SYNTAX
When any process
tries to write to the registry
to HKEY_CURRENT_USER\Software\Classes\*\shellex\ContextMenuHandlers\
or HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
or HKEY_CURRENT_USER\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\ContextMenuHandlers\
or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers\
or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\DragDropHandlers\
or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\PropertySheetHandlers\
or HKEY_CURRENT_USER\Software\Classes\Drive\shellex\ContextMenuHandlers\
or HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command\
or HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ColumnHandlers\
or HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ContextMenuHandlers\
or HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\
or HKEY_CURRENT_USER\Software\Microsoft\Ctf\LangBarAddin\
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
or HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
or HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Protocols\Filter\
or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Protocols\Handler\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ctf\LangBarAddin\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\
or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\
or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\
or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\KnownDLLs\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Monitors\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\KnownDLLs\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
|TriggerKeys

to HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe
or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LsaStart
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SaveDumpStart
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ServiceControllerStart
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BootVerificationProgram\ImagePath
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Security Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order\ProviderOrder
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Execute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\S0InitialCommand
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SetupExecute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\StartupPrograms
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BootVerificationProgram\ImagePath
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Authentication Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Notification Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Security Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetworkProvider\Order\ProviderOrder
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\SecurityProviders
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Execute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\S0InitialCommand
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SetupExecute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd\StartupPrograms
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\BootVerificationProgram\ImagePath
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa\Authentication Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa\Notification Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa\Security Packages
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\NetworkProvider\Order\ProviderOrder
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SecurityProviders\SecurityProviders
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\BootExecute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Execute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\S0InitialCommand
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SetupExecute
or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd\StartupPrograms
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImagePath
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Execute
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\S0InitialCommand
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SetupExecute
or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
|TriggerValues

except when the source process is in the system process list or the source process is in the trusted process list
Kees1958
March 13th, 2009, 02:40 AM
Internet Explorer setting changed

Click "Learn more about this threat". Only when you changed something about Internet Explorer and nothing suspicious is found, choose ALLOW. When in dount choose KILL.

RULE SYNTAX
When any process
tries to write to the registry
to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\AboutURLs\
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
|TriggerKeys

to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MinLevel
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Safety Warning Level
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunActiveXControls
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunScripts
or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Trust Warning Level
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Default_Search_URL
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant
or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MinLevel
or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Safety Warning Level
or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunActiveXControls
or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunScripts
or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Trust Warning Level
|TriggerValues

except when the source process is in the system process list or the source process is in the trusted process list
Kees1958
March 13th, 2009, 02:42 AM
Now start all your internet facing aps and choose allow + remember. TF might not throw a pop-up for every program, (some are known)

Rest asure, the registry protection only involves static keys, so you won't be hassled with pop-ups.

USE IE for on-line shopping and banking, keyscrambler will fool any key logger, use Chrome for dodgy daily browsing. It's internal sandbox makes it 70% less vulnarable than other browsers (while enjoying full functionality).

Do not forget to turn EdgeGuard Solo off before updating windows (and turn on afterwards :-)

Cheers
mrfargoreed
March 13th, 2009, 03:51 AM
Kees1958

As always, your posts are informative and written in a way that even an idiot like me can understand.

Although I'm happy with my setup at the moment, I might create a snapshot and give this a try and see how it differs from my current setup.

Many thanks :thumb:
Kees1958
March 13th, 2009, 07:38 AM
Reason for trying this setup is the fact the Avira free also will have the AntiSpyware blacklist included (besides multi core optimisation, enhanced self defense and the good AHEAD heuristics, which took out 85 to 93 percent of teh zero day malwares I tested the V9 beta with).

Cheers
Yoda1953
March 13th, 2009, 10:40 AM
-{ Quote: "Hi,
.........
.........
Install EdgeGuard as indicated in this post http://www.wilderssecurity.com/showpost.php?p=1413004&postcount=6
" }-
This link points to EdgeGuard, EG Solo is nowhere to be found !
Kees1958
March 14th, 2009, 03:25 AM
Sorry abrreviated EdgeGuard Solo to EG solo, http://www.blueridgenetworks.com/support/products/edgeguardsolo/ wrong link
Yoda1953
March 14th, 2009, 07:30 AM
Thanx, but it looks like they abandoned it. >:(
IceCube1010
March 14th, 2009, 11:19 PM
I used Avira Free and TF Free and they do work nicely together. But I have changed course for a new free setup. Win XP/Vista Firewall, with DriveSentry 3.3 and Sandboxie for IE or FF browsers. This latest combo seems like a strong contender for a secure free setup. I am not using the default settings in SBIE or DS. I Added a folder or 2 for DS to protect and I use the dropmyrights option in SBIE.

Would DS and SBIE make a good combo?

Ice
jmonge
March 14th, 2009, 11:21 PM
ofcourse:thumb: