Need specific answers re: W10 & AV

Discussion in 'other anti-virus software' started by Mac29, Apr 6, 2019.

  1. Mac29

    Mac29 Registered Member

    Joined:
    Apr 19, 2018
    Posts:
    14
    Location:
    FL
    I'm about to start using a W10 system and just need a few answers re: AV.

    I'm a Sandboxie convert, and use FF. Been using Avast but like recent BitDefender scores plus less upsell popups. However, I may stick w/just Windows Defender (and SmartScreen) in part b/c of it's built-in game mode.

    As I understand it, when I disable a 3rd p AV, Defender will autom restart/scan and vice versa. As will SmartScreen: it doesn't work when using another browser. What would be a good, or a couple of top plug-ins alerting me of crap websites, that I can use w/FF and Sandboxie? I don't believe that's baked in FF.

    If BitDefender free has something like this built-in or plug-in, I could just switch to Windows Defender, and game mode, when I game online.

    Second re; Windows Defender: Does game mode keep scanning while I'm streaming a game from a site? Or does it just put Defender in some low level state, or even turn Defender off/no scanning?


    Thank you very much for any help,

    Mac
     
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    453
    If you have Win 10 Pro you could always use WDAG.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,691
    Location:
    U.S.A.
    I wouldn't make a blanket assumption on this. Every AV is different. On some, just disabling their realtime protection is enough to "kick in" WD. On others, I suspect this is not the case requiring minimally, a system reboot to take effect.
     
  4. Mac29

    Mac29 Registered Member

    Joined:
    Apr 19, 2018
    Posts:
    14
    Location:
    FL
    Woe, Beyonder, I'll have to read up on WDAG. Interesting. I only have 4GB on this cobbled-together box until this fall but I'm guessing that'll be enough.

    Wow itman, "minimally". If I can't find definitive info on when and how to activate that's going to makes it considerably harder to decide. Can't possibly deal w/needing a reboot just to get AV going. Weird. Well, sounds like more surfing for Sunday.

    Thanks for the input.
     
  5. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    There are actually two kinds of SmartScreen on Windows 10
    1 The one that doesn't work when using another browser
    2 The system-wide SmartScreen that works all on files that have the mark-of-the-web.
    This second kind is a very useful and effective Windows protection. Its weakness is if you download a rar file and unpack it, or you run files from a flash drive. Same if you downloaded the file in Linux and then run it in Windows. In these cases, the files in question will not have the mark-of-the-web, and SmartScreen will not monitor them.

    With the Andy Ful Hard_Configurator, you can enable "forced SmartScreen" even for files that lack mark-of-the-web.
     
    Last edited: Apr 7, 2019
  6. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    75
    Maybe an adblocker like adguard or ublock will help with some crapwebsites? On the other hand if you use sandboxie and have "automaticly delete contend of sandbox" checked for your surfing sandbox you close the browser and all stuff gets deleted. (No addon will get all the fake websites i fear so you have allways be suspicous if you don't know a site to be legit)
    For paid sandboxie( no clue about free version): Dedicated internet sandbox for browsing (only browser allowed to run and have internet acces, autodelete on close activated.)
    So after visiting all types of websites i always close the browser>all gets deleted and only then visit websites which require any type of login/data input.
    For sandboxie help this forum has a realy good sandboxie thread.
     
    Last edited: Apr 7, 2019
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,691
    Location:
    U.S.A.
    As far as I am aware off, Win 10 Game mode just optimizes you graphics card settings for game play. It has nothing to do with Window Defender operation. In other words, Windows Defender will remain fully functional unless it is manually disabled or; disabled through installation of a third party AV. Additionally in 1809 if the third party AV does not employ the Win 10 ELAM driver, both WD and the third party AV will be running concurrently.
     
  8. Mac29

    Mac29 Registered Member

    Joined:
    Apr 19, 2018
    Posts:
    14
    Location:
    FL
    Shmu26: System-wide SmartScreen sounds vy useful. Never heard of 'mark-of-the-web'. Add to my list to research.
    Frekit123: Use uBlock Origin and like it a lot. I may consider paid Sandboxie. But I've recently read it's not invincible. Yeah, Wilders is definitely the go to for security Qs. Hate it when on other forums & get some guy punting for points who answers 'Just reinstall the OS.' and whatnot.
    itman: Thank you vy much for the insight ongame mode. Think I'll stick w/Windows Defender, tentatively.

    Appreciate the help everyone : )
     
  9. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    It's a little file called Zone.Identifier that Windows attaches to your download, it is invisible to you under normal circumstances.
     
  10. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    172
    Location:
    USSR
    Also with his RunBySmartscreen stand-alone app. :thumb:
     
  11. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,297
    Location:
    Nicaragua
    Hi Mac, I think WD is the best choice for an AV to run along Sandboxie. You ll never experience issues between the two. If I was using an AV, thats what I would use. IMO, the simpler you run WD, the better. So, I would disable Smart screen, but that's me.

    If you are going to use WD, I think you ll be better off uninstalling whatever 3rd party AV you are using than just disabling it.

    About plugins or extensions to use with Firefox and Sandboxie. I ll recommend the best, NoScript. I have been using it for 10 years along SBIE with Firefox, never seen anything that looks like malware run or even attempt to run. Thats due to NoScript, not SBIE. I said many times before, NoScript turns the sharks of the internet into sardines, it literally does. For the most part, NoScript does its thing silently, so you wont get alerts (except when it detects suspicious cross site requests or attacks).But the blocking is there and more effective than the one done by antiviruses, web guards, etc.
    You are a Sandboxie convert but I can tell, you are not 100% convinced yet. The day you ll become truly convinced about SBIE, that day you ll want the full blown version of SBIE. If you become convinced, you ll want it. Yes, Sandboxie is not invincible, nothing is. But, it is one program that comes close to being so. Personally, I wouldnt trade Sandoxie free (I mean it), or NoScript for any paid security setup that doesn't include SBIE or NoScript. Thats how good I feel about this programs due to what they done for me during the past 10 years.

    Bo

    .
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    SmartScreen is not part of Windows Defender. It is a security feature of Windows 10 in general. It works with 3rd party AV, and it works if you disable Windows Defender, too.
     
  13. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,297
    Location:
    Nicaragua
    You can disable Smartscreen (Store, Applications, Edge). Picture is for applications.

    Sin título.jpg

    Smartscreen is part of Windows defender security center, I suggested to use WD (the AV), and forget about the rest (disable the rest).

    Bo
     
  14. guest

    guest Guest

    WD is nothing without SmartScreen...WD is just a rudimentary scanner, SS is what make Win10 security efficient.
     
  15. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,297
    Location:
    Nicaragua
    To me, all antiviruses are about the same with regard to how good or bad they are, regardless of what they offer or not. The OP is a Sandboxie user. I recommend WD not because is better than the rest but because compatibility with SBIE is almost perfect. Last time there was a compatibility issue between WD and Sandboxie was in 2010 (WD version 1).

    Bo
     
  16. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    Have there been any reported compatibility issues with Win10 SmartScreen?
    If not, why disable an effective security feature?
     
  17. guest

    guest Guest

    I don't even use AVs, to me they are just waste of resources especially when you can handle more sophisticated mechanisms like sandboxes , anti-exe, or SRPs
     
  18. Mac29

    Mac29 Registered Member

    Joined:
    Apr 19, 2018
    Posts:
    14
    Location:
    FL
    Tried NoScript years back and liked it but there was some conflict, prob with sites. Anyway, soooo glad we're done w/Flash and in an HTML 5 world.

    Bo: I forget the diff between SB free and full, besides support. But haven't had a virus or anything in ten years. Amazes me when support techs dismiss SB or uninstall it on relatives' computers. Running w/just AV, mal & ad appls is antiquated to me. You're asking for it.

    Shmu26, I believe I read SmartScreen runs by default. I must have moved a 'button' on my W10 box in all my (basic) tweaking. So re; guest's comment I'll definitely dbl check that.

    Not sure what SRP referring to, all the wikipedia hits re: computing don't sound right. I do plan on delving into VMs to surf as soon as I build a next gen Ryzen pc this fall. But ultimately I'm learning Linux Mint b/c I can see where the revenue streams are going. Thing is you can't ditch MS if you're still in the working world.

    Well, not to bore anyone but after far too long building, installing, etc. I have just 49 files to categorize before I can remove boxes, notebooks and get back to 1 pc.
    Put this backup lappie to bed. Just going to look into Windows Libraries. Might have to fire up a game now on this box I call newdog. Lord I can't wait until the next Ryzen. I almost got a 1600 for $30 two months ago, new, online but the Buy Now button f'd up. Brother.

    Appreciate all the feedback again.
     
  19. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    Correct, SmartScreen is enabled by default on Windows 10.

    SRP = Software Restriction Policy. It is a certain type of default/deny setup. There is the SRP built into Windows, and there is a 3rd party app called AppGuard, which implements its own flavor of SRP (plus it has a few additional awesome features as well).
    The built-in SRP can be managed by Andy Ful's Hard_Configurator.

    For those who seek to maximize built-in Windows security, rather than using 3rd party solutions:
    1 Windows Defender managed by ConfigureDefender
    2 SRP managed by Hard_Configurator
    3 Keep your OS and software updated
     
  20. Freki123

    Freki123 Registered Member

    Joined:
    Jan 20, 2015
    Posts:
    75
    A member which name i sadly can't recall said some unpack programms like "bandizip" will preserve (or so) the "mark-of-the-web". Atleast thats what i remember.
    If you care about the mark and don't want to use "forced SmartScreen" maybe give bandizip a chance.
    @Mac29 Atm Hard_Configurator+Configure Defender and sandboxie is working fine here, after some starting problems. Since WD is my only active AV I won't disable Smart Screen. If it detects anyfile as "on first sight" i would be very suspicous if i would like to run it.
    Tldr If you don't have the sandboxie skills of Bo Elam i woudn't disable "block on first sight" or "smart screen" (if you stay with WD)
     
    Last edited: Apr 8, 2019
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,691
    Location:
    U.S.A.
    As far as "Mark-of-the-Web" on Win 10 1809 goes pertaining to archives goes, as long as the archive has the "Mark-of-the-Web," any .exe extracted from it will also. The first time the extracted .exe is run, the "Mark-of-the-Web" is removed. This might be by design since native SmartScreen really doesn't have to keep checking it every time it is run?

    The real question is what happens if WD is the active AV? WD also uses "Mark-of-the-Web" as a trigger for its "Block-at-first-Sight" cloud scanning. Hopefully, the "Mark-of-the-Web" is retained until WD is done with it. When using a third party AV, native SmartScreen appears to remove the "Mark-of-the-Web" from an .exe.

    -EDIT- Now this is definitely weird behavior. The .exes in the file I extracted need to be run from the command prompt. When I do so, the "Mark-of-the-Web" is retained. However if opened from the extracted folder, the "Mark-of-the-Web" is removed from the file. Definitely looks like a bug to me.
     
    Last edited: Apr 8, 2019
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    This is correct. I use BandiZip, for this very reason. BandiZip adds back zone.identifier if it was removed.
     
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,351
    I heard an explanation like this:
    Running the file.exe from the command prompt is equal to the command: cmd.exe /k file.exe. The file is run by cmd shell that does not trigger the SmartScreen. SmartScreen checks only cmd.exe and ignores file.exe. That is why the MOTW is not removed - simply the file is not checked by SmartScreen, so SmartScreen cannot remove MOTW.

    If one uses the "start" command in the cmd console, then it is equal to:
    cmd.exe /k start file.exe. The SmartScreen is now triggered (like from Explorer) by using the start command. In this case, the MOTW will be removed (if the file.exe is accepted by SmartScreen).
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.