For DefenseWall or GeSWall owners thinking of going naked

Hmm seems there is no opt out for rising to scan files upon execution. The file monitor setting to scan files upon write does as it says yet leaving the user with no option to disable the scan on execute default.

As for RAV's behavior detection, has anyone tested if it works or how it works? If it does similar functionality with threatfire then RAV is definitely a keeper for me since it doesn't cause as much strain on my old pc as threatfire does.

 

Hi

I thought AVG free and Avast free were also quite effective?

Thanks

 

Yes your are right, but most members throw with the AV comparatives results argument (preferring Antivir), that is why I mentioned Antivir (as a reference, not a disqualification of others, sorry)

regards Kees

 

Hi Kees, thanks for your input on this, I'm trying to stay well-protected yet keep a simple enough setup that family who use the computer also won't have any "scratching head" moments. I had tried GesWall Free quite a long time ago and I remember it had slowed down my browser quite a bit. It's very likely that kind of thing has been fixed though, so I will give it another go (I may even try the GesWall Pro rules imported into GesWall Free trick you mentioned some time back).

I liked how DriveSentry was pretty simple with blocking things and not giving "crypto" pop-ups, but I think I'll wait until you and/or some of the others here give it some more thorough testing. For now I'll go ahead and install Rising and come back here for your configuration posts that you had made previously, and see how things go along with GesWall.

 

Hi

OK thanks. So you mean all four of them are effective?

Thanks

 

Ok Kees1958, I'm in need of help here, lol. It sounds stupid, but even after looking at your pictures describing your Rising setup, I'm still confused. Let me explain what I have here:

1. Free Rising AV installed and left at default settings

2. GesWall Pro Trial, default settings. I'm really not very comfortable with this, I'm a longtime SandboxIE Free user, but I understand there are problems with SandBoxIE and Rising that are only partially resolved and I'm worried about going back to it.

Now, as far as Rising is concerned, your picture tutorials seem straightforward, but what I was wondering is if things should be set on high and then using your setup or using only custom and then your setup? Also, with GesWall Pro (or SandBoxie if it becomes ok to use again), should I leave out some settings in Rising or add to them anything missing? I use only IE7 and Firefox 3 if that helps any.

I'm trying to get everything to where I can leave it be and not have to fiddle with anything else, so I'm sorry if I'm asking seemingly dumb questions. Oh, I also use Emule if I need to set anything in Rising for that. Other than that, I surf and play occasional games. The only real-time security apps I use besides Rising and GesWall is SAS Pro and Secunia PSI. Which brings me to something else, what all should I be whitelisting in Rising?

Again, sorry for the idiocy on my part, I just want a simplified free setup that is solid enough and doesn't need a lot of messing with, because,a s you can obviously tell, I'm easily confused.

 

@DW426

First, lets tune down Rising starting with Active Defense,

A System Reïnforcement

Select Custom level and configure it this way
1. System Action Monitor = default
2. Protect Registry = deselect "Internet Explorer Configuration", check all others, change deny to ask
3. Protect Critical Processes = deselect "IE Browser restrictions", check all others, change deny to ask
4. Protect File System = deselect "System Directory, System Driver Directory, IE program Download Directory", check all others, change deny to ask PLUS: set win.ini and system.ini to ASK (in stead of allow)

see https://www.wilderssecurity.com/attachment.php?attachmentid=200965&d=1214584948

Application Access control
Add all your browsers here, see https://www.wilderssecurity.com/attachment.php?attachmentid=201011&d=1214732317


Application Protection
Run a bootvis.exe, you will see which programs are started at windows boot, in Ssystem Reinforcement a few processes are already covered, only add the processes shown on these pic (with setting shown) https://www.wilderssecurity.com/attachment.php?attachmentid=200987&d=1214666490

Application Startup Control
Add all your browsers here, see pic for settings https://www.wilderssecurity.com/attachment.php?attachmentid=201012&d=1214732317

Malicious behavior detection
Set to low

Hiiden process detection
default setting

B Autoprotect
For fast performance, limit file protection to check at write with smart detection (although smart detection seems to detect less Proof Of Concepts it seems to work in the real world)
Choose e-mail and browser to your liking

EDIT tip of bman412

Settings
Enabled scheduled scans, select a memory and bootrecord (Cycle every two hours) scan, deselect startup scan, enable update

Note
Many people use Opera or FireFox in stead of IE, that is one reason not t enable the IE related HIPS features, another one could be the use of a policy or virtualisation Sandbox, when without these sandboxes or other browsers, you should enable those IE settings
That's it

 

Hi Kees, I followed your instructions and all seems well. I ran into one part I couldn't find, under B: Autoprotect, you say to choose email and browser of your liking. I wasn't able to find where I could select one or another. Other than that everything (as far as I'm aware) is set exactly as you instructed.

 

It is to my understanding that unticking write checks and file modification would make for a faster performance. Files are scanned upon first execution and not scanned anymore for the succeeding access during the user's session, that is the default on-access scanning options are ticked (optimized scan). Enabling smart monitor options gives an added layer for RAV's effectiveness.

 

@ bman, Thx for the tip

 

Have you installed autoprotect? Should show file protection, script scannning for webpages and emial, maybe/zopzop bman can help you (have not installed Rising on the computer I am typing from).

Regards

 

Hi there Kees, yes, when I still had it AutoProtect was installed and enabled. I must have overlooked it someplace. In any case, my current setup is where I'm staying at least for now

 

For monitoring global hooks.

Silver

 

Silver thanks,

# ALL, I would also enable Install the driver