How to set up MD for Silent Mode secure and safe operation?

Always been interested in silent software to protect me, and I recall a thread being made to optimize MD's silent operation, but by now I'm pretty sure it's somewhat outdated.

What would you hardcore MD users say are the best settings for simple set-and-forget? Does MD protect against deletion, keylogging and other serious malicious activity in this mode?



Thanks

 

this might help.

https://www.wilderssecurity.com/showthread.php?t=252773&highlight=malware defender config

 

Raven to be honest, when you run UAC + SRP + Comodo Sandbox, there is nothing which slips by your attention. Tip making your internet software silent (e.g. Opera) read about icacls.exe Setting intergity level to medium, denies elevation requests, making it absolutely quiet protection.

 

You could run in Learning Mode until you're comfortable that MD has created enough rules to cover what you do on your computer and then change to Silent Mode.

I don't think it's possible to have a default set-and-forget configuration because everyone's computer setup will be different.

I would put MD in Learning Mode, reboot once, place MD back into Normal Mode and then put in the time to create a ruleset that is specific to your computer. Once that is done MD will be silent even in Normal Mode.

 

but if you don't already have a MD license setting up MD is pointless. If you do have a MD license don't loose it because it is worth Gold.

Comodo Sandbox? nah it should be UAC + SRP + Sandboxie

 

nah it should be UAC + SRP + DefenseWall

 

Why is a MD license worth gold? I have a license but not using it at the moment.

I am happy running portable firefox/sandboxie/hitman pro

 

MD runs as good as user configured it.
less configuration = less security
more configuration or sharp settings = more security
depends of your knowledge and trust in your system or in the rest of your security concept

md runs here more in learning mode than expected - sometimes hips is a pain.

 

Agreed!!

 

because other than maybe EQS MD is the only classical HIPS in existence and you can no longer get a license.

The reason why I choose sandboxie over comodo sandbox is because it is way better. Sandboxie is a PURE sandbox comodos sandbox is just another add on to its existing program.

 

First of all to all people - we'll always have different opinions which software works best. It's a personal preference and that only.

Now, UAC is disabled because COMODO will notify me if something is trying to run with elevated rights - should be the same on XP.


Right now I'm on XP, so SRP and COMODO runs alone. Then I'd need some instructions on how to do this on Opera with Windows XP's counterpart; cacls.exe.



Thank you

 

icacls only has usage with uac and rnning admin. for xp just use SRP to run opera with basic rights.
regards kees

 

I see. I've set C: root to disallow and excluded needed folders. On top of that sandbox - COMODO. Is there anything else I need to do for Opera?


I'm also considering trying Returnil Free. Would it increase my protection and is it easy to manage?

 

There are ways to configure the rules processing hierarchy as per its "bottom to top" processing order, making it possible to significantly reduce the pop-ups while sacrificing very little in security. There is absolutely no need to keep its default settings. Even though learning mode can be enabled for several days, the defaults (after learning mode is disabled) will still, and inevitably, annoy most who use it.

 

So... how would Returnil compare in terms of security and usability to COMODO? Is it as light? Is it as quiet? Is it as secure?

Thanks

 

Returnil is light and quiet. Simple reboot,and everything as it was before your day started

 

Sounds great. How does it tackle deletion and maybe most of all keylogging? Can I enable it permanently so that I always run in the virtual environment?

 

1)It will delete cookies,temp files,everything thats been downloaded to your computer from the very beginning of your day,with a simple reboot.

2)When I used it,I ran with Returnil on 99% of the time. The only time I didnt surf with it on,was when I did Windows updates.When they were done,I turned Returnil back on

Never had any security problems,whether it be virus,malware,anything with Returnil.

 

I quite agree.
Learning mode is useful for the start, but learning mode over a long period of time will lead to a lot of rules which are not very effective in the end.

IMHO appropriate groups are the key to a silent mode.
I have eight groups for applications and whenever a new program starts, I send it to the corresponding group with all its allow, deny and ask rules.
Groups with or without network access, direct disk access, access to the registry or files etc etc.
Allowing and denying things for a group means no prompts from apps in this group.
If someone just leaves all apps out of the groups, he will constantly struggle with a lot of prompts.

It's also very useful to pick groups and assign it to a feature, like group x programs are allowed to run as child of explorer.exe, svchost.exe or so.
Much better than losing track with 100+ child rules.

Cheers

 

away from gray - heading black/white.
the point for me is that - if hips is used - user has to learn about it.
someone here wrote that someone who knows about dont really need such tools.
and another wrote that MD gives a nice look behind.
at least i have doubt that hips is really needed for daily use.

 

Yes, it's also my take on Malware Defender. And it was very convenient for me to not been lost in my gradual transtion to using MD as in lieu et place of System Safety Monitor (that I am/was already using this way).

 

1. In other words I CANNOT permanently enable it?

2. So, does it protect me from deletion of my real stuff and/or keyloggers or not? Do I need to add Prevx for proactive keylogging protection or what?

 

1)Thats your choice,you can have it enabled all the time,no problem.

2)Prevx will work with Returnil,no problem.

I use keyscrambler and Defensewall for keyloggers.

 

I see. Thank you for the answers, mate.


Does anyone know how the COMODO sandbox and also SandboxIE handles keyloggers?

 

When you are on XP pro there is a registry tweak to run applications as basic user. Normally I would run all your internet facing software as limited user. You culd also consider a dey execute of My documents. You can exclude a specal directory (e.g. install directory) for installations, new programs you want to try for your self. For ease of use have a look at pretty good security of Sully. It has a tutorial on his website also.