What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    All understood.
    Hopefully you have reported such bugs so they can be fixed.
     
  2. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Sandboxie and AppGuard.
     
  3. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Why I like SBIE....
    SBIE.PNG
    ... this time I just tried Dashline inside the Sandboxie among other things.


    Cheers!
     
  4. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Hello there Wilders, I have to say every time I come here I get great advice and enjoy reading what's going on. Great forum and great posters here.

    That being said I'm looking for a little advice on my current test set up. It's just a regular laptop used for a little gaming and regular home production, not much heavy lifting, a little banking.

    OS- Windows 10 64 bit

    -Emsisoft Anti-malware (free trial)
    -Emsisoft Emergency Kit
    -UAC on always ask
    -Malwarebytes Premium
    -Malwarebytes Anti-exploit (free)

    -Comodo Firewall (Chirons config. With hips off, proactive)- funny thing I noticed, upon activation it didn't turn off Windows FW and I left it on until I hear otherwise from someone more expert than me. I'm reading conflicting opinions on this one.

    -Spyshelter Anti-Keylogger (free)- high protection on.
    -Had EMET, but I felt it's really over my head so removed it.
     
    Last edited: Oct 19, 2015
  5. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    @Dragonsteel

    IMHO having armaments such as EAM and Comodo (Proactive) i'd happily discard MBAM Premium and SpyShelter.
    Don't know exactly what extra they would bring to the party.
     
  6. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Thank you for the response NSG001,

    My thoughts are that MBAM offers overlapping malware protection and it seems to rank a bit higher than EAM on removal from what I found to read, so thought it complimentary.

    I don't see any anti keylogging mentioned in any of my security sw so I thought the SpyShelter Anti Keylogger would cover that.
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,691
    Still with....
    DefenseWall
    Shadow Defender
    Macrium Reflect
    On Xp Home 32bit
     
  8. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    571
    Location:
    USA
    • I can't see the wisdom in ditching a proven commercial-grade firewall (Windows Advanced Firewall) with a notoriously buggy one (Comodo...I had several bugs in it a few months ago that it didn't firewall anything without constant micromanaging it, which may be why WF didn't stay disabled)
    • I can't really see the need for an anti-keylogger: either your intrusion prevention and detection setup worked and you don't have malware or all of it failed and you do and your system is compromised anyhow. I know, arguably it is another layer but at that point it is too late anyhow and any data on it must be treated as compromised
    • EMET looks more intimidating than it is. I switched from MBAE free to it and I have better control and better protection and I get to keep my money. Grab the 5.5 beta and read the User's Guide to it: Set it to "recommended" and add your PDF programs and other browsers as a wildcard; i.e. "*\chrome.exe" (sans quotes)
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I agree 100% with Rolo42, once you take a bit of time to gain a good understanding of EMET, it's quite easy. Plus once you have it configured to your liking, it is easy to Import/Export your app configuration settings between versions. And if there is any difficulty with troubleshooting mitigations, there's a handful of users here in the EMET thread (https://www.wilderssecurity.com/threads/emet-enhanced-mitigation-experience-toolkit.344631/) that would be more than happy to assist with any troubleshooting.
     
  10. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Thank you Rolo and Wild. I'll look at EMET again.
     
  11. Windows 10 PRO policy restrictions
    1. Disabled 16bits, remote, active, share, sync, cypher, etc
    2. Block unsigned executables to boot/install/elevate
    3. Default deny, except run as Admin in %TEMP%
    4. Block User running scripts/shell/autostarts
    5. Block outbound connections in firewall

    Browser security measures
    1. Click to play flash, only allow javascript at NL & COM domains
    2. Chrome with build-in sandbox plus Adguard (ads & privacy)
    3. Deny execute Everyone in internet facing folders (ACL)

    4. Malwarebytes Anti-Exploit for browsers (Edge=pdf)
    5. Safe Browsing & Smartscreen reputation block

    My policy is 1=reduce surface, 2=sandbox untrusted, 3=deny execution, 4=mitigate exploits, 5=filter internet
     
    Last edited by a moderator: Oct 26, 2015
  12. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    2,015
    Sometimes Google Safe Browsing kicks in
    Google Safe Browsing.PNG

    when it's enabled
    Enable.PNG .
     
  13. EMET vs MBAE Free, EMET indisputably has broader protection, but whether it has better protection is disputable :)
     
  14. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,603
    Good point. I can only hope that the anti-exploit protection of MS is more advanced than their anti-virus software solution. I'm currently using MBAE and still like it. Easy to use, good protection and excellent support. That's all I want from an anti-exploit app.
     
  15. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    I have read that EMET is pretty easy to turn off by an exploit, but used with MBAE should be a good combination. When I have time I'll re install it and play around with its configuration.

    I thought I'd play a little last night so I got crazy with it and downloaded Hitman Pro, Herd Protect and Reason Core Security and am running them now to, but I removed Comodo Firewall as it felt resource heavy.

    Currently running:

    ASUS RoG laptop as current main system until I can get around to building a new desktop. Also looking around for either an appliance or old pc to try out Sophos UTM (very excited to try setting up Endpoint security as I've never tried before)

    Win 10 64 bit, 8gbs RAM, Core i5, 360M nvidia graphics.

    Active-
    UAC on always ask
    Windows Firewall (but looking for something else just to play around with and learn more about firewalls)

    EAM (trial)
    Malwarebytes Premium
    Malwarebytes Anti-Exploit (free)
    Spyshelter Anti Keylogger (free)
    Reason Core Security (free)
    Hitman Pro (free/trial)
    Ublock Origin
    Ghostery
    AdBlock plus

    On Demand-
    Emsisoft Emergency Kit
    Herd Protect

    So far Reason Core, Herd Protect and Hitman Pro have already given me some false positives. Hitman Pro thinks Reason Core is a Trojan. Herd Protect and Reason Core think Glary Utilities and World of Warcraft updater files are malware.

    I have too much on this system now heh, but no conflicts, bsods or slowdowns yet (it's only been one day).
     
  16. wildman

    wildman Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    2,185
    Location:
    Home on the range.
    Avast FREE
    Malwarebytes FREE

    Always,
    Wildman
     
  17. x ZauX x

    x ZauX x Registered Member

    Joined:
    May 8, 2010
    Posts:
    139
    Eset running great with EMET :)
     
  18. colorado13

    colorado13 Registered Member

    Joined:
    Apr 16, 2005
    Posts:
    117
    Location:
    Orihuela, Spain
    ESS & HitmanPro.Alert 3.1.0 build 324 beta on Win 7 Pro
    Waiting for VS 3 stable :)
     
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,435
    Location:
    Under a bushel ...
    As far as I know, HerdProtect is redundant with Reason Core Security, because it is integrated in the latter anyway (along with Unchecky).
     
  20. RE VT-scan products

    PRO: Nice thing about products using (all) VT scan engines. It feels good to harbour the safety of using a lot of Anti Virus engines

    CON: Most of the AV's in VT use default or lighter SCAN settings (to prevent FP)'s. Every AV engine uses additional ON-EXECUTION techniques to increase detection (PE meta data analysis, heuristics, code emulation, behavioral analysis, reputation scoring, virtualization, et cetera). In practice I doubt whether the protection level of say 60 AV-scan's exceeds the protection level of build-in Windows Defender

    On a side note: I enabled VT-scan in Sysinternals Autoruns and ProcessExplorer, so when it comes as extra on the side, I show ambiquous behaviour myself (;) which is typical for a stray-man).
     
    Last edited by a moderator: Oct 23, 2015
  21. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Added Hitman Pro.Alert. I really like this so far. I'm thinking of purchasing EAM bundled with HMP+HMP.Alert for the $39 deal on SurfRights site. This in addition to MBAM Premium. Then I'd probably uninstall Reason Core (too many fps) Thoughts?
     
    Last edited: Oct 23, 2015
  22. @Dragonsteel

    HMP + MBAM are top performers in post-infection detection, so Reasoncore would be redundant

    You might also considering dropping CFW w/D+ BB on/HIPS off, 360 Internet Security when you buy EAM+HPMA
     
  23. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Yeah my profile it's old, I'm not using 360 or Comodo currently.

    I'll drop Reason Core too, thanks!
     
  24. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    970
    Location:
    Canada
    A bit of advice needed. Running EAM, MBAM, MBAE and Appguard. I have lifetime licenses for MBAM, ZAM and WinPatrol, yearly license for EAM and free licenses for AG and MBAE for beta testing. Trying to wean myself off AG as I've been using it for over a year and the only thing its blocked is software on my computer from updating or using. So trying if I try to use all or most of my licenses I'm thinking of running EAM, MBAE, MBAM and Winpatrol, I know WP has fallen on hard times here but if I have a license may as well use it. So my only concern is if this setup will cover ransomware, will the EAM behaviour block it or should I use something like Cryptoprevent. Seeing I`m not the only one using this computer I need a install and forget solution, popups, warnings will not work for the other person using this computer (eg NVT, AG, SS,VS etc) Thanks.
     
  25. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    970
    Location:
    Canada
    And I have a question for Securon, whats the best combo you`ve ever used. I know best can be defined many ways, you can decide that, but just wondering if you have a favourite combo. Your a good guy to ask as your always trying new setups.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.