What is your security setup these days?

Firewall:
NAT Router (Password Protected)
Look’n’Stop Firewall 2.07 (Phant0m’s Ruleset)

Anti-Virus:
Emsisoft Anti-Malware 7.0.0.21

HIPS/Blocking/Hardening:
DefenseWall HIPS/Personal Firewall 3.21
VoodooShield 1.08
EMET 3.5 (Internet facing applications & MS Office)
SpywareBlaster 5.0 (Ad-Aware custom blocking list)

 

Nothing should get thru your fortress

 

Hope not, my setup has evolved over the years to its current form.

 

How do you like looknstop? have you ever tried windows firewall control?

 

Not yet, I am happy with LnS, using Phant0m's ruleset. I see no current need to switch yet. I am using Windows 7 x86. If I did WFC or Tinywall would be high on my priority list to try. With my other security software I want a firewall that's just a firewall (no HIPS included).

 

Yep... you need .NET FW 2.0 at least to "install" EMET. But afterward you can remove most of the framework and retain EMET's functionality. Another poster in here in another thread mentioned the exact specifics of what you need to keep to retain it's functionality, though I forget what thread. What I did was use Revo in advanced uninstall mode to remove 2.0... it pretty much took v1 with it, lol. Then I used CCleaner & Auslogics registry cleaners, and they removed more traces. I like both of these programs because they don't remove too much. What I had left was just enough to keep EMET functional in the end.

But I decided this time not to do that, fearing it could somehow render EMET vulnerable. So I kept 2.0 and patched it fully. I recommend you do the same... there's a SP2 for .NET FW 2.0. Install it, and then check for Windows Updates, there were like 5-6 updates for the SP2. Then you have a fully patched .NET FW 2.0... I think that's the best trade off of keeping attack surface low while gaining EMET's functionality.

v3.5 adds a bunch more surface/bloat, and I just quite frankly don't need it for anything. And I also tried many, many different ways of gaining EMET's abilities on my box without having .NET FW touch it... it just isn't possible... period. NEMET's redeployment packs flat out don't take to the box you try to transfer it to... ever. It only serves as an alternate GUI. And WehnTrust will conflict with any other form of shellcode injection protection you have in place... which pretty much every FW and/or HIPS program will have these days, or even CPU's have them integrated in your hardware. And IMHO you're better served trusting the latter solutions over 5 year old abandonware.

Here's the link for .NET FW 2.0 SP2: Again, after installing it check for Windows Updates, and you'll see some critical updates for it.

https://www.microsoft.com/en-us/download/details.aspx?id=1639

 

Is LnS very talkitive? I tried tinywall awhile back and it blocked my internet and a few other issues so I got tired of it quick

 

You don't need both DW and VS in this setup.
It's an overkill.
EAM has BB so I would leave only DW.
In case of 64-bit OS, use VS instead of DW.

 

You don't need both DW and VS in this setup.
It's an overkill.
EAM has BB so I would leave only DW.
In case of 64-bit OS, use VS instead of DW.

 

Not here, occasional popup for new or modified program wanting Internet access. I don't have the dll monitoring activated.

 

There's really no reason not to use the latest beta (another coming soon, I'll post in your thread). They're just calling the new experimental mitigations "beta." Other stuff should still be the same as previous versions. Don't worry about the DEP not working (let's see what next release is like!), since that would only affect people using OptIn system DEP. OptOut/AlwaysOn has DEP enabled for everything regardless of EMET. Oh, how could I forget, well OK EMET's DEP being broken won't make DEP Permanent for its processes (only really an issue on XP + OptOut), but...

With OptOut, DEP is probably actually still enabled for your sound driver and emulator (if you didn't make an explicit System Control Panel exception, of course), assuming the EXE doesn't use a certain type of "packed loader" or such that implicitly disables DEP (check status in Process Explorer), which doesn't happen with AlwaysOn. I noticed the same on my Dell laptop's audio driver installer (but DEP still on w/ OptOut). What the issue seems to be with more of these AlwaysOn failures is that these programs (older?) need something called "ATL thunk emulation," which is where Windows handles special (safe) cases of DEP being triggered. See description of SetProcessDEPPolicy.

Anyway, so now you could use my Permanent DEP DLL too then, which will make everything like AlwaysOn, but still allow everything to work (since it doesn't disable "ATL thunk" stuff, among other things). I thought it would be available NOW (maybe later this week I'll have a page, etc. up). After waiting over a month, I finally rewrote it in assembly (unexpectedly simple to "set up" compiler) last week. Now I just need to finish the companion SetDEP program (should've yesterday ), the purpose of which is primarily to set Permanent DEP on csrss.exe (optional; DLL doesn't work on it for some reason), although you can also use an option to see how DEP can be easily disabled on non-Permanent processes.

 

When you mentioned it "tried to block my sound drive and an emulator", do you mean it blocked the installers? If that's the case, then you might want to temporarily revert back to Opt Out/Opt In for the installers to work and then revert back to Always On. I don't know about emulators but I did that as a workaround for Realtek HD Audio.

 

thx

 

Real-time:
Webroot SecureAnywhere

On demand:
Hitman Pro
MBAM
Sandboxie (some browsing and program and file testing)

Browser:
Opera + Adblock + WOT

 

Safe Admin's eleven tricks to keep the 'rings' of my Windows7 Ultimate x32 safe and clean

Home network (LAN) protection
1. Router (inbound) and Windows FireWall also blocking outbound applications, with IE locked (IP's+HTTPS) for banking.

Local Machine (PC) protection
2. LUA-sandbox-unsigned: deny installation/elevation of unsigned drivers/executables/activeX/COM through GPO/UAC
3. UAC set to full, disabled redundant options in GPO, signed programs mandatory medium integrity level through icacls.exe
4. Exploit-mitigation: DEP/SEHOP/ASLR (maximum), EMET (for Explorer and all non-system programs)

User space protection
5. Basic User deny execute for all (executable) files in all user(s) folders except for (run as) admin through SRP
6. Locked User Configuration (logon, shell, scripts, tasks and HKCU-autostarts) for basic users through GPO

Threatgate protection
7. Internet Explorer, Outlook, Chrome (with ABP) settings are locked through GPO (nsa.gov templates)
8. Deny execute for Everyone to entry/landing folders (USB, download, Mail, etc) through GPO/ACL
9. Untrusted/Low rights internal sandbox of Chrome/IE10 and LUA sandbox to Outlook (StripMyRights)

On demand
10. HitmanPro Free Scan before monthly Data (to NAS) and Image (to 2nd HD) backup
11. Practice safe-hex: download from trusted sites and check with VirusTotal and CIMA online sandbox before install

 

what happened to your previous account Kees?

 

My ISP offers two aliasses for each e-mail addresses (e.g primary is kees1958@serviceprovider[dot]nl alias is spamKees01@etc. All mail sent to spamKees01 will be delivered in kees1958 inbox).

I use alias e-mail addresses when I first enter something When site sends no spam, I change alias into real. Totally forgot that I still used alias at Wilders.


Decided to change password after hard disk crash. Wilders requires a confirmation after password change. This conformation bounces because old alias does not exist (I am now at spamkees64). Thought it was easier to create a new nick name.

 

Perhaps, but they work fine together and do different things.

 

i will stay with my best choice emsisoft antimalware and online armor premium
what a killer combo

 

Thanks...I usually go to the Microsoft update site. Usually custom install updates. Running Emet 3.0, can't remember how many .NET FW updates I have done. Will check on that ASAP....Peace~Out~Zitch

 

In my personal opinion,
Emsisoft Antimalware + Comodo Firewall is a bigger Killer if you are in x64 environment

 

The problem with just using Windows Updates for .NET FW is that, if memory serves, after installing v1.1 it jumps right to 3.5 (XP)... leapfrogging v2.0 altogether. So I go to that website and download v2.0... then check Windows Updates to patch it. Then throw on SP2 for 2.0, and check WU again for yet more critical updates, till there aint no more for v2. Then I stop there.

I reboot and let it do it's little run once "optimization" thing... then I disable the service (+ the aspnet one... also delete the account). Run CCleaner to clean up a slew of junk files & keys the whole process leaves behind. Defrag. And then finally throw EMET on there.

 

Hello and welcome Windows_Security, Infrequent Poster. Let me know if I can help you with your newbie security questions.

Not much new to report here. In fact nothing new, still happy with the Sandboxie/WSA first line of defense.

 

i have trendmicro emsisoft and kaspersky antivirus sincerely jmonge..

 

Whoa!!!
everything on real time?