What is your security setup these days?

agree buddy

 

Lite HIPS? Was it ever without weakening security?

 

Please rate my setup since I had to uninstall G-DATA IS 2013 because it was causing me grief like hanging my pc after login.

sandboxie
firefox - noscript, lastpass, WOT
malwarebytes antimalware
zemana antilogger paid
MSE and windows firewall (installed after uninstalling G-DATA)
just installed Truseer Rapport

so there you have it. I'd probably seek to use something other than windows firewall or MSE, but these seem stable.

 

Easter, I know your preference of hooking every entry of the System Service Dispatch Table at least twice, but with kernel protection of x64 and third Integrity Level trust zone (LOW and UNTRUSTED or Protected Mode and AppContainor) the HIPS function has changed.

Comodo FW can be adapted to your needs
1. Add a general security layer for all programs by adopting the default D+ rule (for every program) to allow all except ASK for
a. Loading a driver
c. Memory Access
d. Interproces Memory Access

2. Add a restriced layer to risky (internet facing programs) programs
a. Sandbox all internet facing software as partially limited
b. Add a rule for (drive letters of) your USB drives to run every program as partially limited

3. Completely sandbox all other binaries
a) Clear the list of trusted vendors of the Behavioral Blocker
b) Apply the virtual kiosk regsitry tweak

ADD UAC and EMET 4.0 Beta to reduce risk of Exploits. Browse with Chrome, use alternative Media Player (e.g. Classic Media Player) and alternative PDF reader (e.g. Evince) to reduce attractiveness/economy of scale for malware writers.

This is a lite setup with three trust zones to cover all:
- trust zone = installed programs: better than UAC protection for ALL (memory violations + loading driver)
- trust zone = Threat gates: run internet facing software as partially limited with additional EMET 4 protection
- trust zone = Unknown: fully sandbox all other binaries

Really is strong, not intrusive and light (in combo with kernel protection, UAC and policy sandbox of Chrome)

Regards Kees (old nick name Kees195

 

On demand:

Hitman Pro

Comodo Cleaning Essentials

Heurists scan level "low"
http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1[report_no]=131497

(Too many FP)

 

IE10
Appguard
Deepfreeze
EMET
OpenDNS
DriveSnapshot
GPO Tweaks
UAC
VirusTotal Uploader

best Setup I've ever used.

 

I love scotty

 

Linksys Router with Norton DNS

Realtime:
Look 'n' Stop Firewall 2.07,
DefenseWall HIPS 3.21,
EMET

Encryption:
Jetico BestCrypt Volume Encryption
TrueCrypt

On-demand (scan once per month):
HitmanPro
MBAM

Backup:
ShadowProtect Desktop (cold imaging to external drive)
Back to SyncBack Free for sensitive/critical data backup


Additionally...
Chrome (built in DNT enabled, no-referrer, geoloc disabled, js disabled globally, no 3rd cookies, http cookies blocked with exceptions for specific websites, java not installed, internal sandboxed pdf reader enabled, flash player for chrome not installed only PAPI in use, browser password manager disabled, autofill feature disabled, check for server certificate revocation enabled).

 

Good Evening! Just added Exploit Shield 0.9.1Beta...in concert with WSA Security Plus...Ikarus...and Outpost Firewall Pro. Sincerely...Securon

 

Added WinPatrol

 

I've been using it for a few months now and I've liked it's detection, low resources and it even notifies when you uninstall a program. I have yet to upgrade to add the registry monitor, but I may just do so in the near future.

Have you noticed any negative compatibility with any other programs in your set up? I was looking to play with EXEwatch, being similar in nature and wasn't sure if having two similar programs operating would cause some errors or not?

 

MRF71 good job man
are you running the plus version? or free version?
winpatrol plus is a mini hips

 

I run it at default settings and everything is smooth sailing

 

Plus jmonge

 

Using webroot.

 

Meh, back to using an AV. I hate it when I have to dumbing down the HIPS protection so I won't get too many popups. Guess I prefer to have bars on my windows.

To those who are using WinPatrol Plus, does Scotty respond quick enough to system changes?

 

it is slow not like hips that are at the moment the changes want to happen with winpatrol plus is alitle too late as it wants to pull the changes out the system when real time hips will push it out before it enters the system

 

MRF71

 

Still interesting though, at least you can rollback the changes if I'm not mistaken.

 

yes it does but just becarefull with the fake antivirus as they defeat winpatrol plus very easilly i tested it with some fake antivirus and it fails to pull the changes back also i try a rootkit and winpatrol also fail to rollback the system back

 

I agree it needs to speed up the alerts

 

this one is faster and it is for 64 bit also
http://www.security-projects.com/?Patriot_NG

 

Awesome, but what is WinPcap?

 

Good Evening! Re-installed Eset S.S.6...WSA Security Plus...and AppGuard...Light...Stealth...Lethal...Sincerely...Securon

 

trying tinywall firewall sincerely jmonge