What is your security setup these days?

J Thx,

trying out AppLocker again. Found out that IE11 breaks ACL limitations on folders (like AppLocker does). It is logical that AppLocker does this (it is running at kernel level), but now IE11 does it also (problably has something to do with the latest enhanced protected mode implementation for Win8 )

See whether it keeps on working allright, all previous AppLocker rules turned out to be more hassle in daily use (easy updating) than a simple SRP with basic user as default and install option using run as admin.

So added again the old 1806-trick to prevent IE downloading executables. IE11 does this quite nicely. It even found that a PDF downlad contained code (a cryptolocker sample), 1806 prevented IE11 from downloading it, so MIME file type detection seems to be good.

Regards K

 

kees that is wonderfull to block this nasty malware
note:removed SandBoxie 4.6 and activate my 1806 browser tweak trick in real time i was inspired by kees

 

Windows Defender, Shadow Defender and Malwarebytes on demand.

 

trojam no firewall at all?

 

ZA is improved also in terms of detection :
https://www.wilderssecurity.com/showpost.php?p=2303881&postcount=6

 

Now you're talking!

 

comodo IS

 

Thought id go back to an old favorite; Comodo firewall version 5.12 with heavily modified settings and a custom trusted vendors list with D+. Iv also added Malwarebytes anti exploit and Hitman pro alert running with chrome with adblock with malware domains list. So far its extremely light and very powerful.

Does anyone know when comodo will cease support for Version 5.12 cloud based behaviour analysis?

 

Malwarebytes anti executable? Which one is this? I've never heard of it.

 

Sorry was meant to say Anti exploit. Ill edit the post.

 

OK. Too bad. You got my hopes up.

 

Just WSA

 

Sorry about that, it sure would be something though lol.

 

Okay, I think I have found out how IE11 & AppLocker works in combination with ACE's on folders (my previous setup did work only partially as happened before when playing with AppLocker ).

First, new IE11 adds a full control ACE to for downloaded files for the user (owner/creator) downloading that file. So when you have a deny execute/traverse ACE on that folder this deny will be bypassed (even when you set the Deny for Everyone). Remember when you cut and paste something ACE's will be kept, when you copy something ACE's of folder will be applied.

Second when you are playing with allow's/deny and Publisher, Hash and Path rules, I think the old SRP sequence is applied first publisher, next hash than path rules. I though AppLocker broke ACE's on folders, but I think ACE's on folder are applied prior to path rules (but after publisher rules).

So when you want to restrict execution to safe folders on publisher/hash AND be able to have a lock-down bypass when installing from Temp Folder AND want to lock-down this installation Temp Folder with an ACE (deny execute/traverse folder), this is how it (seems) to work. This deny has to be for "Administrators" for the installation folder (because many installers unpack to Temp I have made my Temp dir the installation folder).

Remember do not add a deny "execute file / traverse folder" for Administrators on D:\ (root dir of drive), Windows Image Backup will fail when this deny is placed on root directory of a drive.

See picture

Odd side effect Adobe reader refuses to run in Protected Mode, because sandbox of Adobe reader was also stored in Temp Directory. I changed to Foxit, Allthough Adobe Sandbox is better as Foxit, Foxit is less used (with a track record/history of less exploits in the wild).

 

thank you kees

 

On my parents' laptops I am running F-Secure Anti-Virus 2014 alongside AppGuard 4.

 

@Windows_Security
Do you prefer IE11 over Chrome when it comes to security?

 

No, just done playing with Chrome, I think Chrome it is a more secure browser on Windows 7 as IE11

Pro's for IE11:
+ starts surprisingly fast compared to latest Chrome versions
+ IE11 can be easily hardened with Group Policy (chrome adm templates are outdated)
+ privacy policy of Microsoft is slightly better as Google's (removes complete IP address after six months while Google removes last octet after nine months)
+ smart screen is slightly better as chrome's safe browsing

Con's for IE11
- few add-ins (from security perspective a plus), only anti-tracking is included
- I can't get Adblock Plus to work for IE11 on Win7
- Sandbox based on Low IL plus Windows virtualisation (Chrome on Low IL, job object assignment and alternate desktop security)

Just My2Cents, regards

Kees

 

OK, thank you for this comparison!

 

Malware Defender? Did you switch back to 32 bits?

 

I believe he/she did.
edit:

P.S. Tomazyk I like your weebly

 

Well after all these yrs I finally took the major leap and installed Ubuntu and deleted windows Vista from my pc...bye bye security maddness hopefully....lol...very refreshing,..Was time to blaze a new trail w/ a new OS...see ya my friends...

 

i want to make a strong sandbox

 

Bitdefender IS 2014 + Malwarebytes Anti-Malware + CCleaner.

 

Good Evening! Just installed latest version of Zone Alarm Firewall and Anti-Virus Pro...in tandem with WSA Security Plus...and HMP...And HMP 2.5 Alert. Zone Alarm is much lighter than previous version...and still has Kaspersky Enterprise A/V Engine. Sincerely...Securon