What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. guest

    guest Guest

    exact.

    Note that the reg file can only be loaded on Admin Account , (registry virtualization on SUA hampers it)
     
  2. guest

    guest Guest

    exact, btw you can test the effect by trying to install 7zip , it will be blocked (you will get an error message with "referal" something)
     
  3. guest

    guest Guest

    yep, basically it made AV almost useless since most common malwares are unsigned.
     
    Last edited by a moderator: Dec 6, 2016
  4. @SHvFl I run this UAC validate admin code signatures since 2010 without problems.

    Together with a "deny execute file/travers folder" for all user folders (link) except temp (link) and a SRP basic user except Admin on home (link) or Pro and higher (link), it is the back bone of my security setup. I can install programs by using run as admin from temp folder, all updates from UAC protected folders run as admin, so they are allowed (automatically) also. This handles file based executions, I use MemProtect for memory based executions (link). Added MBR_Filter to protect MBR additionally. Everything is set and forget.
     
  5. upload_2016-12-7_0-13-32.png

    I wished I could change the error message
     
  6. guest

    guest Guest

    lol yes , this error message sucks a lot :p
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I removed SRP and switched Windows FW to inbound only. My security setup on Windows 7 x64 is now:

    Standard User Account
    Windows firewall
    inbound only
    Sandboxie
    uBlock Origin
    Macrium Reflect


    Edit: forgot about F-Secure Freedome VPN
     
    Last edited: Dec 9, 2016
  8. guest

    guest Guest

    what you mean by "inbound only"?
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I mean default settings - it monitors only inbound connections, outbound are allowed.
     
  10. guest

    guest Guest

    ah ok , i wasn't sure :)
     
  11. JohnMult

    JohnMult Registered Member

    Joined:
    Mar 26, 2012
    Posts:
    133
    Location:
    Greece
    Small changes again
    Windows 10 pro 64bit
    1. Standard account
    2. Windows Defender
    3. EMET 5.5
    4. Simple Software Restriction Policy
    5. UAC blocks elevation of unsigned programs (thanks Windows_Security)
    6. Yandex DNS
    7. Chrome in AppContainer with uBlock Origin, uBlock Origin WebSocket and I don't care about cookies(flash blocked)
    8. SpywareBlaster and Unchecky
    I think its simple, quite and effective...
     
  12. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Morning! WSA Security Plus...And MBAM Premium...Lethal and Light! Have a Super Groovy Weekend...Santa knows who's Naughty or Nice..Lol! Sincerely...Securon
     
  13. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
  14. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Windows 7

    Panda Protection (Free)
    SpywareBlaster
    SUPERAntiSpyware (on demand)
    Macrium Reflect
    Browser Hardening where applicable (JS Switch, uBlock Origin, Flagfox, Decentraleyes)

    Ubuntu Trusty Tahr LTS

    Browser Hardening (JS Switch, uBlock Origin, Flagfox, Decentraleyes)
     
  15. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,960
    Location:
    London On
    Good Evening! Merci...Solarlynx! Just heard on the fact that MBAM is Beta testing a new release that will be in itself a full A/V App. And the Hits just keep on Coming! Sincerely...Securon
     
  16. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    MB3 is a public release now - well, sort of.;)
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    This is how it goes with me, since I am new to Windows 10. I just wish I understood the services that are uneccesary, like I did with XP desktop.

    ProcessHacker_01.JPG

    ProcessHacker_01-02.JPG
     
  18. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,338
    Location:
    Adelaide
    Have upgraded to Malwarebytes Premium v3.
     
  19. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Windows 7 Ultimate x64

    Standard User Account

    User Account Control at max

    Windows 10 Firewall Control Plus (SphinxSoftware) free in default deny mode

    MalwareBytes Anti-Exploit with additional shields for some routine apps

    360 Total Security in Security protection mode, BD and Avira engines on.

    This setup feels lite on my PC.

    360TS Cleanup and Speedup resolved some issues on my PC. I'll see how it behaves further.
     
  20. plat1098

    plat1098 Guest

    It took me 1 1/2 years to get, not just a light, but virtually invisible working setup, and so far, so very good but I'm fairly conservative with browsing, downloading, etc. Always looking out for the latest and greatest!

    Windows Defender/firewall--due to bad experiences w/3rd party security. All defaults to "on"
    HitmanPro Alert anti-exploit
    VoodooShield anti-executable:) in SMART mode
    On demand: HitmanPro, ZHP Cleaner (for PUPs), CCleaner
    Firefox browser as default w/uBlock Origin and three tiny priv. ext. No more NoScript.

    If Windows Defender is to incorporate some elements of EMET in future builds, then it can only get better.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm not completely happy with my current setup, so in the coming weeks I will also check the new MBAM out. I also have my eye on HMPA and EIS, perhaps I will give them a try.
     
  22. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    My win 10 config in my sig :thumb:
     
  23. Desktop Windows 10 Pro and Asus Transfromer Windows 8.1 Home
    1. WFW is set 2-way and (remote, shared and legacy applications) riskware is disabled
    2. Smartscreen blocks not whitelisted and UAC blocks elevation of unsigned programs
    3. Deny execute in all user folders with ACL (except Temp) and SRP (except Admin)
    4. Run all internet facing software in AppContainer sandbox (Integrity Level)
    5. Enabled WD and RFG on Desktop, added Memprotect on Transformer
     
  24. guest

    guest Guest

    @Overkill EAM is unneeded in your setup , AG + VS + SD (on-demand i guess) is already more than enough; by removing it you will reduce the burden on your

    All good as usual but for just being curious:
    - for point 3 , on how many folders you implemented it?
    - for point 4 , i guess they are just metro Apps , or you "appcontainer-ized" regular 3rd party softs?
     
  25. Ad 3.
    All users folders and partitions except TEMP folder. In the past that would only block dot Net installations and updates (because that was extracted at the disk with the most free data). That side effect was a bonus to me (all other updates went well). With Windows 10 there is no easy to stop dotNet updates and they seem to be updated in the same way as all windows updates (from Temp folder).

    Ad 4.
    Because Outlook plugin for Windows Phone did not work anymore. I was like many others one of the unlucky who applied all fixes, but still could not sync their Agenda/Calendar from Windows Phone with Outlook. So I switched to Windows Mail and Agenda on all devices and run all interfacing software in AppContainer. The Desktop still runs 2007 versions but the Trustcenter settings are locked through Group Policy. I have 2007 version only as backup on my Desktop. The Transformer came with free Word+Excel+Powerpnt 2013 which is encaged by MemProtect. I would like to migrate to libre or open office, but they load so slow . . . . :doubt:

    Only change is removing MemProtect from Desktop (since Control Flow Guard and Return Flow Guard passed all HPMA testtool exploits tests) and adding Windows Defender. I run WD with a tweak through Group Policy to only monitor inbound file and process changes (writes to disk), because SmartScreen watches program launches. With this settings overhead of WD is near zero: AppTimer measured first launch 0.1 second delay and consecutive starts only 0.02 secs delay on G3240 dual core Pentium with old Sata300 SSD).
     
    Last edited by a moderator: Dec 11, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.