What is your security setup these days?

Did as instructed Bo and it`s working great.

Thanks, Eck

 

No, there's no problem. But by running Windows explorer in a dedicated sandbox, sandboxing works better. For example, by using separate sandboxes for the browser and Windows explorer, you could keep programs that are allowed to run in the dedicated WE sandbox from connecting to the net, that is something that you could not do if you run explorer in the DefaultBox with your browsers, etc.

So you know, in case you are using the free version, you can create and use more than one sandbox, you just cant use multiple sandboxes at the same time.

Bo

 

Hardened Windows 7 Ultimate with router and NAS
- Windows Fire Wall set to block outbound connections (GPO)
- Use full UAC, DEP, SEHOP, ASLR and EMET for scripting programs
- Set UAC to only elevate executables that are signed and validated (GPO)
- Deny basic users to execute LUA-writeable in windows and user folders (SRP)
- Running internet facing software as basic user (SRP) with secured settings (GPO)
- Disabled risk-ware services/features (GPO) and write access to HKCU autoruns (ACL)
- Set a Deny execute for every one in all user folders except Temp Folder for install (ACL)
- Don't run autoplay of USB-drives and deny execute access for all user to USB drives (GPO)

Lock down system with registry changes (reg file executions)
- Switch executable download from IE-zone (1806) from warn to block and vice versa
- Switch default protection level (SRP) from unrestricted to deny and vice versa

 

the said context was few posts before.

https://www.wilderssecurity.com/thre...etup-these-days.111264/page-1391#post-2373700

especially this line:

"just got ridoff shadow defender I don't know but it is difficult to be re-starting all the time to see changes and if by accident the pc is re-booted I loose all my data"

@bo elam : i am not brushing Chris, just point that he may he missed something , then that maybe why my scenario was weird to him.

yes of course, but Jmonge was worried to loose his files when exiting SD by accident so he can't test the said file (he didn't know about exclusions/commit features of SD) , i just added that he could add Sbie to protect its working folder; so when forced in Sbie he can test the file in a safe way.

hope i explained properly, i am not English native speaker.

 

very well explain my friend

 

thanks my friend, so did you reinstalled SD?

 

I will today I like it a lot and with the folder ex-clution it will be more easy to manage thanks for the advise

 

Pretty much

 

you are welcome

 

Good Evening! Couldn't pass up a 2yr 1PC purchase for Avast A/V Pro from the Download Crew Store...for $29.99 Cdn...running harmoniously with WSA Security Plus...and SAS Pro...the new Hardening Mode and Deep Screen Technology is up and fully functional and very effective. And unlike another product I had been using there's no problem with lengthy boot-up and network connects...refreshing. Sincerely...Securon

 

the hardening tool is very handy dandy tool

 

Yes, I'm using paid version and have created separate sandboxes for my browser, outlook, RSS reader... Till now I even didn't use Default box, except when testing some software and was thinking to use it for Explorer. Thanks Bo for all your answers.

 

English is not my first language also and you explained it great.

 

thanks mate

 

Yeah, I'd read that but didn't get the forced folder vs Crypto malware context from it. Still don't really.

Anyway, my post was only meant as a warning to those less skilled or knowledgeable than you that that placing an item in a forced folder won't protect it from crypto malware running outside that folder and Shadow Mode when you exclude a folder offers no crypto protection for the excluded folder.

We've both made valid points I think, just misunderstood each other. Time to move on .

Cheers

 

absolutely

 

ok I learn how to exclude a folder withing shadow defender it was easy but now to be more secure I will not exclude any folders just in case of crypto locker attack in real time just reboot and gone is the malware

 

My trick is to sync my works in the cloud while being under Shadow Mode , so i dont care of an unwanted reboot

 

Jmonge, probably the safest way to save files out of Shadow mode is by right clicking files that you downloaded or want to save and clicking Commit.

Bo

 

Might want to encrypt any personal documents. Not much for cryptolocker to encrypt if it's already encryped.

 

thank you to all of you I will see if I just want to run sandboxie alone or with shadow defender and or if I want or need to run a resident antivirus all your advises are welcome

 

Updated Sandboxie to 4.10 final version. Re-added NoScript along with Ghostery and Adblock Edge to Palemoon extensions. Have been running without an A/V but am thinking about installing Panda free. Made a backup with Macrium just in case it don't work out.

 

Changed things up. Had to pull Appguard off my machines, it was 'freaking' on too many things, and requiring too much micromanagement from me.

Ditched:
MalwareBytes
Appguard

New Setup:
ESET Smart Security 7 - Max Settings
Adguard w/Malware Database+SafeSearch
BotRevolt Paid (1.3 BILLION bad IP addresses)
Adblock w/Malware Domains ONLY
NortonDNS (Malware Domains)
Watchguard Security Appliance (Trend Malware Domains)
K9 Web Protection (Malware/Phishing/Spam domains ONLY)

I figure I am blocking 2 BILLION bad IP addresses/malware domain hosting locations, questionable websites. Currently I my network, and machines are harvesting bad IP addresses from the following sources;

NortonDNS
K9 Database (Malware/Spam/Phish/Fraud Only)
Trend IP Resource
COMMTouch Resource
Google SafeSite Database
Malware Domain List Proper
Opera Domain Scanner
Adguard Malware Domain Database
Adblock Malware Domain Database
Stop, Think, Connect
SpamHaus
OnlineguardOnline.gov
Internet Defense League
Fraudwatch International
Emerging Threats Opensource
SpamCop
iBlocklist
BlocklistPRO

I am unsure of what database ESET and Opera pull from. But Opera has recently become rather impressive with it's ability to filter compromised domains. Nevertheless my systems pull from all of these directly, and it is EXTREMELY UNLIKELY any Malware/Spam/Phishing/Compromised IP address is going to be accessible on my computers. I personally feel this kind of protection is at least as importantas actual desktop protections in many cases. (if not more)

 

very true

 

Removed Sandboxie and enabled Software Restriction Policies.