WSA tweaks for better security

Some members asked me to show how to apply the WSA tweaks which I use on my wife's laptop (https://www.wilderssecurity.com/showthread.php?t=354522)

Monitor untrusted applications

Not neccesary anymore, according to PrevXHelp, see post 8 (replaced by infrared).

 

Increase outbound firewall one setting.

Don't forget to launch all programs you set to monitored in previous post and ALLOW them (remember).

 

Increase heuristics one setting to maximum

Will monitor programs new programs, when they have poor reputation/are unknown by a fair share of the community WSA will block them

 

Thanks kees!

Also, on a side note, why doesn't Webroot 'monitor' web browsers by default? Is it because of identity shield? I think 'monitoring' Chrome, IE or Firefox isn't really needed to enjoy good protection due to other modules in WSA protecting the browser already.

 

fouth tweak is not possible anymore, because http and https are now protected in the same way

My wife shops a lot on the web, she is click happy and complains when functionaliy is limited. Since PrevX4 she uses this setings without issues.

With these settings I have tested PrevX4 alfa, closed beta and beta with fresh malware samples of a friends honeypot (reverse engineer of malware for a banking corp). When heuristics blocked an unkown sample,I counted that also as a pass.

 

I don't think it has any advantage to put browsers under Monitor. Rather the opposite. All main browsers are automatically labeled Protected, shifting them to Monitor can have impact on their security and overall performance.

 

Well, I have tested PrevX alfa, pre-beta and beta with these settings, not the latest version. Still with monitored setting the 'protected' status of identity shield is still ON. see picture. These are seperate settings.

 

The identity shield protects them by default, new infrared seems to have replaces monitored function. Both are on by default.

Monitored only triggers extra logging (the disk space PrevXHelp mentioned) with simplified GUI, so removed tweak explanation

 

Thx for the clarification of your settings, I am still curious why a mixture of these settings is better than simply let browsers Protected. Maybe Joe could shed more light ...

 

Note: This does not apply to Windows 8.X as this setting is NOT available for this platform.

Thanks,
Fax

 

Joe already answered here:https://www.wilderssecurity.com/showpost.php?p=2291668&postcount=21 . i.e. not really needed.

 

Yeah Joe actually confirmed WSA concept - "install & forget" is the best approach for majority of users. I for one have the following tweaks:

Settings->Shields: second (Allow trusted ...) and third option (Silently and automatically ...) from the bottom unchecked. This tweak produce more notifications and warnings but I like to be informed what's going on.

Settings->Firewall: the last option enabled (Warn if any process ...)

Settings->Heuristics: Enable maximum heuristics

I should note though that I am not so often installing/uninstalling, only updating current applications. So the above tweaks might not be applicable for others.

 

Ah a very good discussion we're having here. Very useful. Learning a lot.

 

Hey guys it is always recommended to use default settings as 99% of the user-base are just average computer users or Enterprise Controlled by there IT department and Joe already said in the link posted and many other times default is recommended. With that being said the Security Guru's always like to tweak as I do in post #3 that is actually 2 steps higher and I always set to Max without issues as I don't use not well known programs so no extra pop-ups for me and my only other change I do is under Shields I uncheck these 3 as I like to know what's going on please see picture below and that's it.

TH

clarified

 

Checked the settings on the laptop these are indeed added

 

Please watch this Video: http://www.webroot.com/us/en/support/ui-feature-updates

Thanks,

TH

 

Thanks to ALL that have responded to both this thread and the other thread about changing WSA 2014 default settings for enhanced security from the new product. This is exactly the kind of information that I hoped for, and it is greatly appreciated...