What is your security setup these days?

Post # 37337 & 37344.

> Zemana Anti-Malware does very well against Trojan/Worms.
> Cryptoprevent & hitmanpro-alert-does very well against-ransomware-encryptor.
> Malwarebtyes Anti-Malware is somewhere in the middle. If Lucky!


My point is nothing is perfect and you need a layering of security software.
Removal and cleaning of Malware is hard and each has it Pro's & Con's.
Some are better at cleaning certain types of malwares.

Kind regards,

 

Panda Free Antivirus

 

well kindly tell me what ZAM doesn't do well against because in another round of testing today it caught every type I through at it. Pandora is doing an excellent job at catching unknowns

 

Awesome! What did you use?

 

Sandboxie for my browser and MBAE for everything else, Outlook, Media Player Docs...

 

Good Afternoon! Removed latest Firefox...going to report too Santa Security...Naughty not Nice...Lol! Installed Google Chrome. Re-Installed WSA Security Plus in tandem with HMP and HMP Alert. Light and Effectively Right! Sincerely...Securon

 

Securon....tell me, using WSA Security Plus with HMP & HMP Alert, have you noticed any issues?

 

Good Evening! Houley456...I've never experienced any clitches whatsoever with the Terrific Trio...Lol! Have you had any negative Glitches...with the Trio? Sincerely...Securon

 

W10 x64, EMSISOFT Internet Security 11, Chrome Adguard Adblock. Light and Secure.

 

I think I will try the Trio and see.....thanks

 

Yes. Keystroke Encryption indicator in HMP.A does not show (maybe only intermittently) with WSA Identity Shield on.
This is a known problem and Surfright says only Webroot can fix it.

 

secureAplus

 

My next av-free setup.
Windows 7 x64 Ultimate
Standard User Account
User Account Control - max
Windows 10 Firewall Control (SphinxSoftware) free
WinPatrol free
MalwareBytes AntiExploit with shields for some routine apps
Sandboxie free - automatically sandbox browsers through desktop icons.

I rather irregularly scan my PC mostly with Zemana Antimalware 2 beta and Emsisoft Emergency Kit.

The setup is rather light for my PC except sometimes rather annoying purchase popups of WFC. When I was installing some prog and was changing "zones" for its components the popups appeared excessively - up to 3 purchase popups per a change.

 

Zemana antimalware + eset 9
nothing can pass them
Uac + windows firewall

 

Emsisoft Internet Security 11.
HitmanProAlert 3.
Spyshelter Firewall (works good with Emsi Is).
Adguard.
Zemana, Malwarebytes, HitmanPro.
Uac is on.
Chrome Ublock Origin.
Firefox Ublock Origin.

 

Has anyone tried glasswire firewall?

 

Uses Windows firewall.
Has a nice interface.
Paid version is quite expensive.
Take a look at the free version, just for monitoring.

 

Thanks guys
Added Zemana AntiMalware in RT

 

My signature is pretty up to date but here's my full Windows 10 Pro security setup:

#OS:

--: Microsoft Windows 10 Pro x64 TH2 (build 10586.36)

#Real-Time:

--: Windows Firewall Control 4 by Binisoft
Current Settings:
--: Running Medium Filtering profile
but add or block applications if need be. I love this frontend for the built in
Windows Firewall.

--: Emsisoft Anti-Malware 11 (Beta) (full protection enabled)

--: Malwarebytes Anti-Malware Premium (lifetime license)
(Disk and Web protection enabled)
Added files and folders to reduce conflicts with other security layered software

--: Malwarebytes Anti-Exploit Premium (yearly license)
Monitoring and protecting all of the programs/command-lines that Premium offers

--: Zemana AntiMalware Premium (3 month trial)
Current Settings
--: Real Time Enabled with Pandora Real Time Analysis
--: Does a scan at startup (like HitmanPro)
Thoughts:
--: So far it seems to be working as advertised and has a really small footprint in
active memory and no other conflicts have arisen since installation.
--: I also make it a priority to whitelist the security software between the layers as
to insure that there are no conflicts or unwanted effects.

--: Adguard Premium 5.10 (lifetime license)
--: All built in filters active, unchecked allow acceptable ads:
--: EasyList filter
--: Fanboy's Annoyances filter
--: Malware Domains filter
--: Anti-Adblock Killer by Reek filter (using extension that works in tandem)

--: Extensions enabled:
--: Adguard Assistant
--: Adguard Popup Blocker
--: Web of Trust
--: Anti-Adblock Killer by Reek extension (works in tandem with Anti-Adblock Killer by Reek filter list)

--: Heimdal Pro 2.0 build 29 (yearly license)
Modules Active:
--: Traffic Scanning and Filtering
--: Malware Engine
--: Patching System
Monitoring and updating software installed besides Chrome and Skype (both are installed but somehow it's detecting differently)

--: SpyShelter Premium 10.6.1 (lifetime license)
Security Settings:
--: Certified Applications:
Auto allow - High Security Level
--: Whitelisted Security Layered Software
--: Sandboxing (restricting) most Internet facing applications
--: Cannot terminate via Task Manager amongst several other settings to prevent
forms of malware from terminating SpyShelter or any other security software in my layered setup

--: NoVirusThanks EXE Radar Pro 3 build 15-10032014 (lifetime license)
Current Settings:
--: Running in Trust Mode
Enable Alert or any of the Lockdown Modes depending on my web activity for that instance.

--: WinPatrol PLUS (Lifetime License)
Current Settings:
--: Currently Delay Startup on 7 applications that have startup options but slow startup in general
--: Standard PLUS settings active.

#On-Demand:

--: SpywareBlaster AutoUpdate
Current Settings:
--: IE: All Protection Enabled
--: Chrome: All Protection Enabled
--: Restricted Sites Enabled

--: Shadow Defender 1.4 build 608 (Lifetime License)
Current Settings:
--: Only OS Drive is set to be put in Shadow Mode when activated
(still learning this program)

--: HitmanPro 3.7.12 (yearly license - 1 computer)
Current Settings:
--: Run scan at startup
(after disk activity has slowed)

--: Microsoft EMET 5.5 Beta
Current Settings:
--: Recommended Security Settings
Still learning the ropes of this application.

--: VMware Workstation 12 Pro (licensed for one PC)
Current Settings
--: Turned on Thin Print drivers so I can print from guests
--: Have all new VMs set to run on the VMware Workstation 12 platform so I'm sure
backwards compatibility with older versions are probably out of the question...
--: That's pretty much it in terms of how I have it set up. I'm probably missing a few
settings here or there but I'll find them and fix them.

#Backup/Restore/Imaging:

--: Drive Snapshot 1.43 (used sparingly until I get a big enough backup disk to create snapshots again)

--: Horizon DataSys Rollback RX Pro (trialing currently, will buy once I have some extra money)
Current Settings
--: Task Scheduler Settings:
--: Schedule@Setup - Create Snapshot at Boot
--: Daily Snapshot - Create a Snapshot Daily @ 1:43 ET
--: Monthy Snapshot - Create a Snapshot/Possible Baseline Update on the 10 day of
every month @ 5:45 ET
--: Hourly Snapshot - Create a Snapshot every one and a half hours

--: BackBlaze Cloud Backup Service (Monthly subscription @ $5 USD)
Current Settings
--: Never fooled with any of the settings barring 2 factor auth and such, it's pretty much
set up like it is out of the box after install.

#Other

--: Siber Systems AI Roboform Everywhere Version 7.9.16.7
Current Settings
--: 2 Factor Authentication turned on
--: Storing Master Password in system protected storage
(so I don't have to enter my Master Password all the time)
--: This application is one I don't think I will be able to live without since I've had it.
It keeps all of my logins in one place so I won't forget them and allows me to set
strong passwords or passphrases so I can keep my accounts locked tighter than a
drum.

--: Blur Premium v5.3 build 1901 by Abine
Say what you will about these guys, but for me, they get the job done even though it's
a bit redundant when combined with Roboform but I'm using it for blocking tracking
and enforcing Do Not Track in all of the browsers (the ones that are supported) I use.

--: F.lux 3.10
This lil' app has helped me keep my circadian rhythm fairly intact even though I'm
editing this post @ 4:30 AM EST. That's all I can pretty much say about this one.

I like to be as detailed as possible when posting any setup I'm using. This might change as I either add or remove security programs. I know it might seem like a much but this list will vary every few months or so, unless this setup is the one that works the best.

The reason for the 15 layers of security is that I almost got hit with a ransomware trojan a couple of months ago but Emsisoft stopped it since it was an older variant, but that made me leery after a while so I started looking for non-invasive layers of security and made it to my current setup. Feel free to critique my setup and pick out any real obvious instances of redundancy (I know the setup is redundant, but if you should spot something that does the same thing, I'll modify or remove the setup.)

Thanks for taking the time to read.

-Coresix

Edit: Added some more stuff to my setup, including online backup; password manager; virtual machine software; Abine's Blur service and f.lux. Advice still welcome and criticisms are definitely welcome! Also, moved EMET to On-Demand instead of Real Time since it doesn't have any major active modules running besides the service. Added Zemana AntiMalware Premium via 3 month trial offered via MalwareTips.com; may decide to purchase a license if works as advertised and has no major system conflicts during the trial.

 

Your 15 layers of protection are impressive. I wish my PC were as endurant as yours.

Are you sure you should use Windows 10 Pro + MBAE + EMET combo? I believe one of them is really excessive here (and I suspects it's EMET). What significant security does EMET add over MBAE?

Then Emsisoft AM + Spyshelter + Winpatrol = actually Behaviour Blocker + HIPS + HIPS.

Yeah, I wish my PC were as endurant as yours.

 

*Side comment: I thought that WinPatrol was a HIDS not a true HIPS since it only alerts me of stuff and has some stuff to lock down registry keys.

As I said, I'm open to any advice. I have EMET running on demand mostly. I have it set up with the settings it came out of the box with, but adding some programs here or there. I saw it for what it is, a tool to run either outdated software that has who knows how many holes for attackers to get into or a way to bolster already defended applications. More of peace of mind for me, because you'll never know what may happen. Also, my PC is at least 9 years old and it still runs like a champ since the day I built her. I've kept her hardware fairly recent graphics card wise (!!warning incoming rant!! I wish both Microsoft and Nvidia would get their collective heads out of their asses and fix the TDR loops that have resurged since the release of Windows 10! I don't like either working on a document, playing a game and I haven't saved, or whatever and to have my screen turn off --the OS is still running-- but it's stuck in a TDR loop so I have to hard reset) and tried to make sure she is well taken care of.

Going back to EMET, I figured it was set to be mostly passive, no active modules otherwise being a frontend for this stuff that is built into Windows to handle exceptions or bugs, or is it more than that? I know MBAE Premium has done it's fair share of blocking (click the wrong link by accident, or on purpose) when testing out security software plus I usually have done a snapshot in Rollback RX, turned on Shadow Mode in Shadow Defender and have EXE Radar Pro set to Lockdown (Extreme). I just am a bit paranoid (probably understatement) so that's why I have so many layers, but all of them seem to work well in tandem with each other. All of my games still run quite well, even the more demanding ones like Dragon Age: Inquisition or any of the Crysis games; my VMs (forgot to add that I have VMware Workstation 12) run fine, even though after installing SpyShelter, I had to reinstall VMware as Admin to fix the VMware Auth Service to properly start up automatically; I also forgot to include my BackBlaze online backup service that I'm subscribed to, it's still uploading (probably will be done come due for the renewal for next month but as it is, $5 USD a month for unlimited backups... ummmm, YES PLEASE!). So it's not like I don't have a few safety nets to fall back on if my current security config implodes on me or I decide to go a simpler route (which I know you can but as I said, I love tinkering with new things, security software included). If there's any other details you might want regarding my setup, feel free to ask. And the advice thing still applies.

-Coresix

Edit: I just updated my setup post reflecting what I failed to mention before. I know some of you might look at the fact I threw money at Abine for Blur Premium and probably get the virtual stink-eye but the service works for me, even the Masked Cards and Masked Email services when it comes to shopping or signing up for websites. Still editing my setup post, no reason to repost it all the time.

 

Yeah, actually WP is more HIDS than HIPS.

 

Holidays Greeting!

@ trjam Post #37356
"well kindly tell me what ZAM doesn't do well against because in another round of testing today it caught every type I through at it. Pandora is doing an excellent job at catching unknowns"

Sorry, I got sidetrack for few days. Answer is ransomware,
Script inflections. All have their limatations!

https://malwaretips.com/threads/zemana-antimalware-vs-some-worms.53033/page-3
go to page 1.
https://malwaretips.com/threads/malwarebytes-and-hitmanpro-vs-some-worms.52791/page-2#post-446876

WinAntiRansom:
https://malwaretips.com/threads/winantiransom-vs-some-nasty-stuff.54295/#post-461246

Making today great and/or tomorrow must better, my friends!

 

Security Policy (1=filter internet, 2=reduce attack surface, 3=deny execution, 4=mitigate execution risk)
1. Windows Firewall 2-way, Norton DNS (malware filters), AdFender (ads+trackers)
2. Disabled IE11, WMP, remote, sharing, unsigned install, shell+scripts (GPO/regedit)
3. Set Basic User as default SRP (group policy/PGS*), allow Run as Admin for installs
4. Prevent Smartscreen bypass, disabled macro/add-in/activeX with Office trustcenter

Windows 10 Pro 32 bits Desktop (G3240 CPU, 4GB RAM, 64GB SSD + 2x500GB HD)
4. Chrome click to play plug-ins, allow scripts from NL+COM, block 3p (uBlock0)

Windows 10 Home 32 bits Tablet-PC (Z3740 CPU, 2GB RAM, 32GB SSD + 64GB SD)
4. Running MBAE-premium, Chrome with Privacy Badger (click to play, scripts NL+COM)

Windows 10 Pro 32 bits Laptop (P4600 CPU, 4GB RAM, 1TB HHD + 4GB SSD-cache)
4. Running MBAE-premium (added Outlook) and Chrome with Privacy Badger

*Pretty Good Security still installs Software Restriction Policies on Windows 10 - 32 bits version