What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Emsisoft Online Armor freemium + Emsisoft AntiMalware lic - very light.
     
  2. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    This last week I've been trying lots of combinations, even looking for a substitute set-up for Sandboxie, but now back where I started, Sandboxie and Emsisoft Anti-Malware.
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Tough to do, eh? I hope we never need one!
     
  4. Windows 7 Ultimate behind router with NAS for backup

    System wide security policies:
    • Block riskware services and unknown outbound firewall connections
    • Deny elevation & installation of unsigned executables and drivers
    • Full UAC, DEP, SEHOP and running only ASLR enabled programs
    Additional user space restrictions:
    • Deny execute in all non UAC protected folders for Basic Users
    • Deny execute for Windows/VB/Power-scripts for Basic Users
    • Disabled Startup/Registry/USB-autoruns for Basic Users
    Internet facing intrusion mitigation:
    • Deny execute file ACL for Everyone in drive-by folders (public, media, mail and internet)
    • Run Outlook and WMP as Basic User with high IE-zone and EMET overflow protection
    • Run Chrome in sandbox, allow javascript from [*.]NL and [*.]COM, uBlock extension and locked settings
     
    Last edited by a moderator: Jul 10, 2014
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy

    Hi Kees,
    some problems with the mitigations ROP of EMET?
     
  6. Yes that is why I enabled TP5 only for WMP and Outlook, switched to MBAE for browser and dropped IE for Chrome. Not using IE has the advantage of increasing IE-zone security settings which are used by other windows aps. This has a security benefit of for instance Windows Media Player. Not using flash OCX also has the advantage that embedded flash is not executed in all sorts of windows files (Word, Media files, PDF, etc). I had not realized this spin-off, so back to Chrome again.
     
    Last edited by a moderator: Jul 9, 2014
  7. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    What Software Restriction Policies are you guys using with 8.1?
     
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    God I hope that never happens either.
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I have created them using tutorial here: http://www.mechbgon.com/srp/
     
  10. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    No, you can enforce it for Administrators also. I have it set up for all users and all software files also (including DLLs). You have to use UAC on max so that software can't be copied to whitelisted areas without a prompt.
     
  12. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Great, I will check it out
     
  13. guest

    guest Guest

    Also add PS1 and VBS in "Designated File Types" setting.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Thanks for info. Is there any other file type that should be added to that list? What about BIN, PAF, VBE...?
     
  15. guest

    guest Guest

    As far as I can remember, nobody ever mentioned about those file types to be included under SRP's supervision. I'm not entirely sure about BIN and VBE, but for PAF (assuming that you are talking about portable apps), it will execute EXEs and DLLs anyway so SRP should've taken care of it. I myself had experimented with SYS previously, but I still can't tell if it's beneficial to add it to the protection list (or if it would really work to begin with). HitmanPro actually can be used as an easy way to test it BTW.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    As described here SRP doesn't apply to drivers and kernel-mode software. I don't know if adding SYS and DRV would make any change.

     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I've added SYS to my designated file types and run HitmanPro. I got no problems and no blocked entry in event viewer. OTOH I use compatible disk access instead of direct disk access (because of BSODs) so I don't know if Hitmanpro installs driver in that mode...
     
  18. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    I read a post last week by a long-time member at Wilders that Shadow Defender did the same thing as Sandboxie in a less convoluted way. But I'm still unclear about who owns it and its odd history. I also set up VMWare Player and VirutalBox virtual machines, but had troubles with the video drivers for Mint. And other combinations of AVs and anti-exs, HIPS, firewalls, etc didn't quite make up for not having the browsing protection that Sandboxie gives.
     
    Last edited: Jul 11, 2014
  19. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Hello!
    Now I'm trying Online Armor free + AVG free. So far so light.

    In AVs I use only "Quick Scan" mode. There's no "Quick Scan" in AVG. Only "Full Scan", "Specific Folders" or "Rootkits".
     
  20. Austerity

    Austerity Registered Member

    Joined:
    Jun 21, 2013
    Posts:
    372
    Location:
    Georgia / USA
    360 IS, AdGuard..Hitman Pro/Herd Protect on demand.
     
  21. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    AVG free now is automatically updated.
     
  22. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    What do you mean by that?It was the same before,ONE update daily.(in settings you can choose at what hour if my memory serves me well )
     
  23. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Yep, it was one update daily. Now it's automatic update only. Here you can only make off "Enable this task".


    Capture.PNG
     
  24. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,584
    Location:
    Romania
    It seems that AVG free will update like almost the paid one?In base of your screenshot,it seems so.If that's true,these are really great news.
     
  25. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Yeah, the only thing I didn't like in AVG freemium - its restriction to daily automatic updates. Now to my surprise it's gone.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.