Recommended Setup for Win srv2008 r2?

[operamail]

Thanks to M$ academic key, now I have access to win srv2008 r2. I must say that my user experience with this server is remarkable. I mean I'm enjoying it. But as a paranoid PC security software user who go to security forums every day, I must ask how can I setup a solid defense for my sever?

I tried OA, but it does not officially support windows server editions, although I can install and run it just fine, but everything can happen, right ?

People who had/are having the same experience please enlighten me. Any input is appreciated.

Best Regards,
Ty

[cruelsister]

I'm also running 2008r2 and am using CIS 5.8 without trouble. There is a very good site that deals with using Server as a desktop OS. The section dealing with what users have found to work can be found here:

http://www.win2008r2workstation.com/...urity-software

There is one thing on the list that you should note is incorrect- The listing for Symantec Endpoint is for previous versions where Proactive Security didn't work on Server OS's (if you can actually believe that!). Everything is fine in SEP12.

ps I'm assuming that you are using R2 in non-server functionality on a Desktop or Laptop. If that is correct you should know that there are a plethora of Services that run that aren't needed for this use, as well as a bunch of tricks that you can use to make things run smoother. So when you have the time:

http://www.blackviper.com/2009/10/13...ons/#more-3147

and

http://www.win2008r2workstation.com/

[operamail]

Quote:

Originally Posted by cruelsister

I'm also running 2008r2 and am using CIS 5.8 without trouble. There is a very good site that deals with using Server as a desktop OS. The section dealing with what users have found to work can be found here:

http://www.win2008r2workstation.com/...urity-software

There is one thing on the list that you should note is incorrect- The listing for Symantec Endpoint is for previous versions where Proactive Security didn't work on Server OS's (if you can actually believe that!). Everything is fine in SEP12.

ps I'm assuming that you are using R2 in non-server functionality on a Desktop or Laptop. If that is correct you should know that there are a plethora of Services that run that aren't needed for this use, as well as a bunch of tricks that you can use to make things run smoother. So when you have the time:

http://www.blackviper.com/2009/10/13...ons/#more-3147

and

http://www.win2008r2workstation.com/

Thanks for your post, very helpful. Actually I've tried SEP12 myself. I had some issues with it, like some unicode characters were not correctly displayed, so I give up on that. I think I'll take your advise and run Comodo for a test. Not sure if I will return to OA++

[cruelsister]

No great loss on SEP12. Without a Sandbox it really doesn't do so well against Ransomware and/or worms. If it doesn't have a def for them the results aren't pretty.

My group has been hammering away at a number of AM solutions for the past 2 months and have found CIS to be the best of the bunch. If you do install it, let me know as there are better settings than Stock default that I can share with you.

[operamail]

Quote:

Originally Posted by cruelsister

No great loss on SEP12. Without a Sandbox it really doesn't do so well against Ransomware and/or worms. If it doesn't have a def for them the results aren't pretty.

My group has been hammering away at a number of AM solutions for the past 2 months and have found CIS to be the best of the bunch. If you do install it, let me know as there are better settings than Stock default that I can share with you.

Thanks, that's very kind of you. So you said you are running 5.8, AFAK, it's still in beta. I've heard people complaining about their system freezing with this beta. And a lot of things have changed since 5.8 right? What should I be careful of when installing 5.8beta? And how to set it up to the maximum protection?

Thanks very much.

[cruelsister]

We have it running on about 12 machines, running the gamut from XP to Win7 to R2 and it has been flawless on all. No care needs to be taken when installing.

As to the settings:

1). Right click the Comodo icon and set Configuration to Procative Security.
2). Antivirus Scanner Setting- make sure it is at Stateful.
3). Firewall Settings- On General Settings- Use Custom Policy. Leave everything else unchecked (this will be a slight pain initially as you will have to allow your browsers and other apps that need updating. But as it is a one time thing for each app it is well worth it).
3). Defense Plus Settings- On General Settings, set the slider to Safe Mode. Only check the "Enable Adaptive Mode" box.
4). D+- For Execution Control- Everything checked, and set "Treat Unrecognized files" as Untrusted.
5). Sandbox Settings- Everything checked EXCEPT "Automatically Detect Installers" box.

Please note that with D+ if you install an obscure application an alert will pop up that it will be run as Untrusted. If you are sure that the app is good, just click the "Do not Sandbox in Future" notation on the alert and run it again. This is really a small price to pay to keep the worms away.

[operamail]

Thank you for your instruction, very specific. When I was using Comodo, usually leave alone its sandbox part, using it as an classical Hips. I was just not ready to let it do all the magic. But now I think I'll try and see what happens.

BTW, since you are using Custom Policy for firewall, how do you configure processes like "System" and "Svchost"? I used to set "system" as an blocked application and "svchost" as Outgoing only. I don't have much computing knowledge, especially when it comes to network stuff. Don't know if I did the right thing.

[NormanN]

Quote:

Originally Posted by cruelsister

We have it running on about 12 machines, running the gamut from XP to Win7 to R2 and it has been flawless on all. No care needs to be taken when installing.

Thanks for this. WHS2011 is based on S2008R2 and I've been wondering if CIS would work.

NN

[cruelsister]

As to the System files like svchost, etc., don't worry about creating rules at all. As long as you are TOTALLY convinced that your computer is clean, just allow Inet access to whatever popups you get on first (and maybe second) reboot. If memory serves CIS will allow access to verified Microsoft components anyway (but don't quote me on that one).

The CIS firewall doesn't have to be babied like a program that is uniquely a firewall where rules must be created for EVERYTHING for maximum protection. D+ has unfailingly stopped any malware manipulation of legitimate system files thus turning them rogue.

And DO NOT turn off the Sandbox!!! This is the defensive line against worms, rootkits and ransomware. You are much better off shutting down the AV component. I'm becoming firmly convinced that an AV is nothing more than relicware, basically an outdated defensive strategy from a time when nothing better existed for stopping malware.

[jmonge]

good advise

[1chaoticadult]

Quote:

Originally Posted by cruelsister

As to the System files like svchost, etc., don't worry about creating rules at all. As long as you are TOTALLY convinced that your computer is clean, just allow Inet access to whatever popups you get on first (and maybe second) reboot. If memory serves CIS will allow access to verified Microsoft components anyway (but don't quote me on that one).

The CIS firewall doesn't have to be babied like a program that is uniquely a firewall where rules must be created for EVERYTHING for maximum protection. D+ has unfailingly stopped any malware manipulation of legitimate system files thus turning them rogue.

And DO NOT turn off the Sandbox!!! This is the defensive line against worms, rootkits and ransomware. You are much better off shutting down the AV component. I'm becoming firmly convinced that an AV is nothing more than relicware, basically an outdated defensive strategy from a time when nothing better existed for stopping malware.

I agree. When I used CIS, I always uncheck the antivirus. D+ and the Sandbox is enough IMO.

[operamail]

Thanks for all the inputs. AV in Cis IMO is just for usability. When certain files are deemed as Malware by D+ cloud behavioral analysis, we can use AV part to delete them. This may not be its whole mission, but with D+ and FW, not much left to its concern.

[1chaoticadult]

Quote:

Originally Posted by operamail

Thanks for all the inputs. AV in Cis IMO is just for usability. When certain files are deemed as Malware by D+ cloud behavioral analysis, we can use AV part to delete them. This may not be its whole mission, but with D+ and FW, not much left to its concern.

I gotcha operamail. They really should include an option in d+ for deleting files from the cloud av quarantine.

[Syobon]

Comodo drains performance greatly... I sugest the free Microsoft Security essentials and privatefirewall, if you are willing to spent I recomend Kaspersky for Server or NOD32 bussiness.

[Kernelwars]

I have a laptop for my school with windows server 2008 and I use Microsoft security essentials there..pretty good I tell you and of course I included a dash of malwarebytes on demand there too

[operamail]

Quote:

Originally Posted by Syobon

Comodo drains performance greatly... I sugest the free Microsoft Security essentials and privatefirewall, if you are willing to spent I recomend Kaspersky for Server or NOD32 bussiness.

Thank you for your suggestions. I did have a time with PFW, in which it just did not work out for me. I used to run it on my XP machine, but then my LAN constantly happened to disconnect, many times, especially when I was playing an online game. But I do care about this decent firewall and it's the only firewall which states officially that win srv editions are supported, and last but not least, I appreciate their customer support, very professional, even though PFW is a freeware. Not many, even paid software vendors can do that. And I will lay my eyes on it, especially with the coming versions.

MSE is good freeware too. But it's not officially said that win srv editions are supported, although I can run it just fine. But I also experienced some system freezes when I was opening file folder with bunch of executable files in it. And I'd also like to see more improvements being made.

Thank you very much.

[operamail]

Quote:

Originally Posted by Kernelwars

I have a laptop for my school with windows server 2008 and I use Microsoft security essentials there..pretty good I tell you and of course I included a dash of malwarebytes on demand there too

Thanks for your suggestion. But for me, without Proactive Protection, I dare not to turn my PC on . I think I'll try and see what's the best for me.