A smart and quiet best of freeware set up

Discussion in 'other anti-malware software' started by Kees1958, Mar 13, 2009.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Suffering jetlag from a week abroad. I liked to share a smart and low pop-up best of breed freeware. It consists of Avira free, ThreatFire free, EdgeGuardSolo free and Keyscrambler free (for IE to use with on-line banking and shopping, for daily browsing we will use Chrome).

    First I have seperated my drive in two partitions to have no hassle backing up an image of my programs partition (e.g. PAragon freeware) or synchronising/backing up my data partiton (e.g. Synchback freeware).

    See this old post on how to organise this https://www.wilderssecurity.com/showpost.php?p=1412983&postcount=1

    This setup consists of ThreatFire, for threatfire we need a security life line for the missing deny option see https://www.wilderssecurity.com/showpost.php?p=1412992&postcount=3

    Next install Kescrambler https://www.wilderssecurity.com/showpost.php?p=1412988&postcount=2 and chrome https://www.wilderssecurity.com/showpost.php?p=1413000&postcount=5

    Install EdgeGuard as indicated in this post https://www.wilderssecurity.com/showpost.php?p=1413004&postcount=6 EDIT download is not available anymore [BUMMER]

    Install BrowserDefender (since teh new beta has enhanced exploit protection), because we use IE for on-line banking and shopping. We will keep Chrome for fast and daily browsing.
     
    Last edited: Mar 14, 2009
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Now install Avira free with this setting for the GUARD: scan with writing (only), USe smart extensions list and set Heuristics to high.

    Now add all your security aps as trusted to TF, see https://www.wilderssecurity.com/showpost.php?p=1413318&postcount=20

    Replace Comodo in thi sexample for AVGNT, AVGUARD and AVSCAN, you must add a description in the entryu box (e.g. GUI, GUARD, SCAN) otherwise TF does not saves them

    Also add the extra TF rules already described in posts https://www.wilderssecurity.com/showpost.php?p=1413322&postcount=21

    https://www.wilderssecurity.com/showpost.php?p=1413323&postcount=22

    https://www.wilderssecurity.com/showpost.php?p=1413325&postcount=23

    https://www.wilderssecurity.com/showpost.php?p=1413330&postcount=24

    https://www.wilderssecurity.com/showpost.php?p=1413331&postcount=25

    Next change somw default rules, see picture (also enable HOST file protection).

    Narrow teh double extensions to e-mail and webbrowsers and provide a more clear description of outbound connection custom rule
     

    Attached Files:

  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Now for some serious extra low pop-up Startup protection,

    first your autorun program folders



    Autostart program group created

    Click "Learn more about this threat". A Program tries to start when windows starts. Normally this is the behaviour of malware. Choose KILL preferably, only when sure it is safe choose ALLOW.

    Syntax

    When any process
    tries to create|TriggerAccessFlags a file
    named c:\documents and settings\all users\menu start\programma's\opstarten
    or c:\documents and settings\[USERNAME]\menu start\programma's\opstarten
    |TriggerFiles

    except when the source process is in the system process list or the source process is in the trusted process list

    Note: replace USERNAME with your own user name
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    System settings change

    Startup system setting changed

    Click "Learn more about this threat". Normally this should not change, so choose KILL when in doubt.

    RULE SYNTAX
    When any process
    tries to write to the registry
    to HKEY_CURRENT_USER\Control Panel\don't load\
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\explorer\Advanced\
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
    or HKEY_CURRENT_USER\Software\Policies\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security center\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Advanced\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
    or HKEY_LOCAL_MACHINE\SYSTEM\Select\
    |TriggerKeys

    to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath
    |TriggerValues

    except when the source process is in the system process list or the source process is in the trusted process list
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Autostart installation changed

    Cliclick "Learn more about this threat". Only when you just removed/installed something and no malware reference is found, choose ALLOW. Choose KILL when in doubt.

    RULE SYNTAX
    When any process
    tries to write to the registry
    to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    |TriggerKeys

    to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\PendingFileRenameOperations
    |TriggerValues

    except when the source process is in the system process list or the source process is in the trusted process list
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Autostart registry changed

    Click "Learn more about this threat". Normally this should not change, so choose KILL when in doubt.

    RULE SYNTAX
    When any process
    tries to write to the registry
    to HKEY_CURRENT_USER\Software\Classes\*\shellex\ContextMenuHandlers\
    or HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\ContextMenuHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\DragDropHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Directory\shellex\PropertySheetHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Drive\shellex\ContextMenuHandlers\
    or HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command\
    or HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ColumnHandlers\
    or HKEY_CURRENT_USER\Software\Classes\Folder\shellex\ContextMenuHandlers\
    or HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\
    or HKEY_CURRENT_USER\Software\Microsoft\Ctf\LangBarAddin\
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    or HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\
    or HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Protocols\Filter\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Protocols\Handler\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ctf\LangBarAddin\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Logon\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Monitors\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\KnownDLLs\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Print\Monitors\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\KnownDLLs\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    |TriggerKeys

    to HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe
    or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
    or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
    or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
    or HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LsaStart
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SaveDumpStart
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ServiceControllerStart
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BootVerificationProgram\ImagePath
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Security Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkProvider\Order\ProviderOrder
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Execute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\S0InitialCommand
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SetupExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd\StartupPrograms
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BootVerificationProgram\ImagePath
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Authentication Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Notification Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa\Security Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\NetworkProvider\Order\ProviderOrder
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\SecurityProviders
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Execute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\S0InitialCommand
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SetupExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd\StartupPrograms
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\BootVerificationProgram\ImagePath
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa\Authentication Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa\Notification Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa\Security Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\NetworkProvider\Order\ProviderOrder
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SecurityProviders\SecurityProviders
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\BootExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Execute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\S0InitialCommand
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SetupExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Terminal Server\Wds\rdpwd\StartupPrograms
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImagePath
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Execute
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\S0InitialCommand
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SetupExecute
    or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
    |TriggerValues

    except when the source process is in the system process list or the source process is in the trusted process list
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Internet Explorer setting changed

    Click "Learn more about this threat". Only when you changed something about Internet Explorer and nothing suspicious is found, choose ALLOW. When in dount choose KILL.

    RULE SYNTAX
    When any process
    tries to write to the registry
    to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\AboutURLs\
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
    |TriggerKeys

    to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    or HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MinLevel
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Safety Warning Level
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunActiveXControls
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunScripts
    or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Trust Warning Level
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Default_Search_URL
    or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant
    or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MinLevel
    or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Safety Warning Level
    or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunActiveXControls
    or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunScripts
    or HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Trust Warning Level
    |TriggerValues

    except when the source process is in the system process list or the source process is in the trusted process list
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Now start all your internet facing aps and choose allow + remember. TF might not throw a pop-up for every program, (some are known)

    Rest asure, the registry protection only involves static keys, so you won't be hassled with pop-ups.

    USE IE for on-line shopping and banking, keyscrambler will fool any key logger, use Chrome for dodgy daily browsing. It's internal sandbox makes it 70% less vulnarable than other browsers (while enjoying full functionality).

    Do not forget to turn EdgeGuard Solo off before updating windows (and turn on afterwards :)

    Cheers
     
    Last edited: Mar 13, 2009
  9. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    Kees1958

    As always, your posts are informative and written in a way that even an idiot like me can understand.

    Although I'm happy with my setup at the moment, I might create a snapshot and give this a try and see how it differs from my current setup.

    Many thanks :thumb:
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Reason for trying this setup is the fact the Avira free also will have the AntiSpyware blacklist included (besides multi core optimisation, enhanced self defense and the good AHEAD heuristics, which took out 85 to 93 percent of teh zero day malwares I tested the V9 beta with).

    Cheers
     
  11. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  13. Yoda1953

    Yoda1953 Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    162
    Location:
    Netherlands
    Thanx, but it looks like they abandoned it. :mad:
     
  14. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I used Avira Free and TF Free and they do work nicely together. But I have changed course for a new free setup. Win XP/Vista Firewall, with DriveSentry 3.3 and Sandboxie for IE or FF browsers. This latest combo seems like a strong contender for a secure free setup. I am not using the default settings in SBIE or DS. I Added a folder or 2 for DS to protect and I use the dropmyrights option in SBIE.

    Would DS and SBIE make a good combo?

    Ice
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ofcourse:thumb:
     
Loading...
Thread Status:
Not open for further replies.