Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
Hopefully you have reported such bugs so they can be fixed.
Sandboxie and AppGuard.
Why I like SBIE....
... this time I just tried Dashline inside the Sandboxie among other things.
Hello there Wilders, I have to say every time I come here I get great advice and enjoy reading what's going on. Great forum and great posters here.
That being said I'm looking for a little advice on my current test set up. It's just a regular laptop used for a little gaming and regular home production, not much heavy lifting, a little banking.
OS- Windows 10 64 bit
-Emsisoft Anti-malware (free trial)
-Emsisoft Emergency Kit
-UAC on always ask
-Malwarebytes Anti-exploit (free)
-Comodo Firewall (Chirons config. With hips off, proactive)- funny thing I noticed, upon activation it didn't turn off Windows FW and I left it on until I hear otherwise from someone more expert than me. I'm reading conflicting opinions on this one.
-Spyshelter Anti-Keylogger (free)- high protection on.
-Had EMET, but I felt it's really over my head so removed it.
IMHO having armaments such as EAM and Comodo (Proactive) i'd happily discard MBAM Premium and SpyShelter.
Don't know exactly what extra they would bring to the party.
Thank you for the response NSG001,
My thoughts are that MBAM offers overlapping malware protection and it seems to rank a bit higher than EAM on removal from what I found to read, so thought it complimentary.
I don't see any anti keylogging mentioned in any of my security sw so I thought the SpyShelter Anti Keylogger would cover that.
On Xp Home 32bit
I can't see the wisdom in ditching a proven commercial-grade firewall (Windows Advanced Firewall) with a notoriously buggy one (Comodo...I had several bugs in it a few months ago that it didn't firewall anything without constant micromanaging it, which may be why WF didn't stay disabled)
I can't really see the need for an anti-keylogger: either your intrusion prevention and detection setup worked and you don't have malware or all of it failed and you do and your system is compromised anyhow. I know, arguably it is another layer but at that point it is too late anyhow and any data on it must be treated as compromised
EMET looks more intimidating than it is. I switched from MBAE free to it and I have better control and better protection and I get to keep my money. Grab the 5.5 beta and read the User's Guide to it: Set it to "recommended" and add your PDF programs and other browsers as a wildcard; i.e. "*\chrome.exe" (sans quotes)
I agree 100% with Rolo42, once you take a bit of time to gain a good understanding of EMET, it's quite easy. Plus once you have it configured to your liking, it is easy to Import/Export your app configuration settings between versions. And if there is any difficulty with troubleshooting mitigations, there's a handful of users here in the EMET thread (https://www.wilderssecurity.com/threads/emet-enhanced-mitigation-experience-toolkit.344631/) that would be more than happy to assist with any troubleshooting.
Thank you Rolo and Wild. I'll look at EMET again.
Windows 10 PRO policy restrictions
1. Disabled 16bits, remote, active, share, sync, cypher, etc
2. Block unsigned executables to boot/install/elevate
3. Default deny, except run as Admin in %TEMP%
4. Block User running scripts/shell/autostarts
5. Block outbound connections in firewall
Browser security measures
2. Chrome with build-in sandbox plus Adguard (ads & privacy)
3. Deny execute Everyone in internet facing folders (ACL)
4. Malwarebytes Anti-Exploit for browsers (Edge=pdf)
5. Safe Browsing & Smartscreen reputation block
My policy is 1=reduce surface, 2=sandbox untrusted, 3=deny execution, 4=mitigate exploits, 5=filter internet
Sometimes Google Safe Browsing kicks in
when it's enabled
EMET vs MBAE Free, EMET indisputably has broader protection, but whether it has better protection is disputable
Good point. I can only hope that the anti-exploit protection of MS is more advanced than their anti-virus software solution. I'm currently using MBAE and still like it. Easy to use, good protection and excellent support. That's all I want from an anti-exploit app.
I have read that EMET is pretty easy to turn off by an exploit, but used with MBAE should be a good combination. When I have time I'll re install it and play around with its configuration.
I thought I'd play a little last night so I got crazy with it and downloaded Hitman Pro, Herd Protect and Reason Core Security and am running them now to, but I removed Comodo Firewall as it felt resource heavy.
ASUS RoG laptop as current main system until I can get around to building a new desktop. Also looking around for either an appliance or old pc to try out Sophos UTM (very excited to try setting up Endpoint security as I've never tried before)
Win 10 64 bit, 8gbs RAM, Core i5, 360M nvidia graphics.
UAC on always ask
Windows Firewall (but looking for something else just to play around with and learn more about firewalls)
Malwarebytes Anti-Exploit (free)
Spyshelter Anti Keylogger (free)
Reason Core Security (free)
Hitman Pro (free/trial)
Emsisoft Emergency Kit
So far Reason Core, Herd Protect and Hitman Pro have already given me some false positives. Hitman Pro thinks Reason Core is a Trojan. Herd Protect and Reason Core think Glary Utilities and World of Warcraft updater files are malware.
I have too much on this system now heh, but no conflicts, bsods or slowdowns yet (it's only been one day).
Eset running great with EMET
ESS & HitmanPro.Alert 3.1.0 build 324 beta on Win 7 Pro
Waiting for VS 3 stable
As far as I know, HerdProtect is redundant with Reason Core Security, because it is integrated in the latter anyway (along with Unchecky).
RE VT-scan products
PRO: Nice thing about products using (all) VT scan engines. It feels good to harbour the safety of using a lot of Anti Virus engines
CON: Most of the AV's in VT use default or lighter SCAN settings (to prevent FP)'s. Every AV engine uses additional ON-EXECUTION techniques to increase detection (PE meta data analysis, heuristics, code emulation, behavioral analysis, reputation scoring, virtualization, et cetera). In practice I doubt whether the protection level of say 60 AV-scan's exceeds the protection level of build-in Windows Defender
On a side note: I enabled VT-scan in Sysinternals Autoruns and ProcessExplorer, so when it comes as extra on the side, I show ambiquous behaviour myself ( which is typical for a stray-man).
Added Hitman Pro.Alert. I really like this so far. I'm thinking of purchasing EAM bundled with HMP+HMP.Alert for the $39 deal on SurfRights site. This in addition to MBAM Premium. Then I'd probably uninstall Reason Core (too many fps) Thoughts?
HMP + MBAM are top performers in post-infection detection, so Reasoncore would be redundant
You might also considering dropping CFW w/D+ BB on/HIPS off, 360 Internet Security when you buy EAM+HPMA
Yeah my profile it's old, I'm not using 360 or Comodo currently.
I'll drop Reason Core too, thanks!
A bit of advice needed. Running EAM, MBAM, MBAE and Appguard. I have lifetime licenses for MBAM, ZAM and WinPatrol, yearly license for EAM and free licenses for AG and MBAE for beta testing. Trying to wean myself off AG as I've been using it for over a year and the only thing its blocked is software on my computer from updating or using. So trying if I try to use all or most of my licenses I'm thinking of running EAM, MBAE, MBAM and Winpatrol, I know WP has fallen on hard times here but if I have a license may as well use it. So my only concern is if this setup will cover ransomware, will the EAM behaviour block it or should I use something like Cryptoprevent. Seeing I`m not the only one using this computer I need a install and forget solution, popups, warnings will not work for the other person using this computer (eg NVT, AG, SS,VS etc) Thanks.
And I have a question for Securon, whats the best combo you`ve ever used. I know best can be defined many ways, you can decide that, but just wondering if you have a favourite combo. Your a good guy to ask as your always trying new setups.