Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
Do you disable Windows Defender?
Absolutely, yes. One of the first things that I take out. Although I do leave it on for client machines that I work on for other users. But for myself, I disable it entirely with Winaero Tweaker.
Standard User Account
Deny unsigned files to elevate
UAC to max
3rd party policy restriction/virtualization
Sandboxie (all internet facing applications except Chrome, Steam, Gog, Origins)
AppGuard (guards all internet facing applications)
Chrome (Guarded by AppGuard and not run in Sandboxie, AppContainer enabled, ControlFlowGuard, not signed in to Google account)
Lastpass extention (with Google Authentificator and restricted access from all countries except my own)
Privacy Badger extension
Mullvad (connected via Viscosity an system startup)
Onedrive (only encrypted private family photos uploaded)
Thanks. I will check out Winaero Tweaker as my next question was going to be 'how?'
you can also use o&o shutup 10
If you are using Pro version you can disable it using GPEdit:
More and more I am using Linux Mint 17.3 and there you don't need any security related software because I have checked to only update known safe site software. I have kept Windows7 Home Premium only because Linux does not have compatibility with some of the graphic programs I have on the windows side and Wine on Linux is flatly not that great. On the windows side for security I use Windows Defender, SpywareBlaster and SuperAntiSpware.
You can install VirtualBox or VMware Player @ Mint and run Windows inside.
Of course, you will have to check whether or not graphic driver works fine with your software.
windows defender pua enabled , ublock origin in all browsers
I've run an Admin account for as long as I can remember, however my recent sojourn into Linux has given me an appreciation that having to validate changes that require escalated privileges is not a bad thing. I've also noticed a number posts extolling the virtues of SUA and built in security on Windows 10 so thought I'd give it a go. Surprisingly I don't hate it. Current set-up on Win10 x 64 Pro:
SRP deny for all files other than DLLs for everyone other than administrators and a few additional files types added to the default list
Some tweaks via Group Policy to deny Autorun for removable drives etc
Windows Defender off (via GPO) disabled any autoruns for WD processes I could find.
Shadow Defender on demand
Mulvad on demand
O & O shut-up (largely to make me feel better rather than thinking it really makes Windows private)
Using privacy based Chromium build with AppContainer switch as primary browser (Last Pass & UBlock Origin) and Edge sometimes.
Universal Apps rather than third party where possible.
I couldn't find a way of getting Office365 apps to work with SRP deny on the SUA account when including DLLs in the disallowed settings (anyone know how?) so have a few concerns around how comprehensive the cover is but not enough to make me do anything about it for now.
Only really use Windows now for anything I need to do with Office or to keep up to date for family members so reckon that will do. Thinking of replacing HMP.A. with MemProtect and FIDES if I can be bothered. Distro hopping keeps me occupied so a lot less tweaking of Windows than in previous times.
Anything obviously missing wouldn't mind hearing about (other than blacklisters, can't be doing with them any more).
Even though I'm sure this was a rhetorical question on your part, I will answer it for those reading that may be curious. Appguard being policy restriction, blocks the execution before it takes place, unlike Voodooshield that allows the execution but then suspends the process. I can tell you from testing, Appguard will block the sample every time before VS will even have a chance to intercept it. I'm assuming it would be the same with CFW and Appguard, as CFW would have to allow the execution in order to sandbox it ect.
Autopilot mode does not utilize the whitelisting portion "anti-executable" of VS, Smart does. This means Smart mode is actually more secure then Autopilot mode. Smart mode works locking the system when you are at risk, and the rest of the time when you do not have a web facing application open, VS is fine tuning your snapshot for max compatibility and usability. When I run Voodooshield, I use and test VS, it is always in smart mode.
I've had similar problems with some other program (can't remember which) if I left default rules in Additional rules. If I deleted them and replaced them by actual paths (program files + x86 + windows) the problem disappeared. IDK if it would help with Office365, but you can give it a try.
I agree about Smart mode being more secure than Autopilot, but I think VS uses whitelisting also on Autopilot.
The difference is, on Smart mode, when VS is ON, any non-whitelisted app is blocked, no matter whether is good or bad.
In Autopilot, it depends on VoodooAi. If a new app is deemed safe by VoodooAi and all the 57 blacklist engines (from VirusTotal) say there's no threat, then the app will run; otherwise it will be blocked.
I kept VS on autopilot on 1 day and now its in smart mode. I do feel a little slowdown with both modes . Hopefully it settles in a few days
I was under the impression Autopilot only uses Voodooai and VT engines, hence it being less secure then Smart Mode. Something to reconfirm with @VoodooShield.
As for my security set up to keep on topic, im using...
Windows 10 Pro
On Desktop without Wifi adapter "ethernet only", no Webcam, no Microphone.
Norton Wifi Privacy "VPN"
IMO, the best, lightest combination i have run. NS with its Smart Firewall and excellent Network protection, Appguard with needed apps added to Guarded Apps for "Lock Down Mode" and Norton Wifi "that yes works with ethernet only" for securing my Traffic and spoofing my IP.
I should mention the above is a shared system, and also my testing system. I keep 2 Guest systems, one strictly for testing malware/analysis and looking for bugs, the other just for testing applications to learn about them before installing on the main system.
Windows 7 Pro SP1 x64
Firewall & Anti-Virus:
Router NAT/SPI (Password Protected)
Emsisoft Internet Security 2017.2.0.7219 (with hpHosts file)
HitmanPro.Alert 3.6.3 Build 586
Norton ConnectSafe DNS (Malware, Phishing)
Avira Browser Safety
Thanks Minimalist. That worked. Much appreciated.
You're welcome. Nice to see it helped you too
I removed Avast as its web shield started to block almost all sites in Google Chrome without warning that it's Avast tricks. I had to waste some time to find out the reason.
Windows 7 x64 Ultimate
Standard User Account
User Account Control - max, with password
MalwareBytes AntiExploit with additional shields for some routine apps.
I don't know if I really need MBAE with KIS, but they seem to get along. This combo is rather lite.
For one of my family member PC, just migrated to Win10
Win10 x64 Home
Bitdefender Internet Security 2016 (updated to 2017)
VoodooShield v3.53 Autopilot Mode
Browser (Google Chrome)
On demand scanners/cleaners
Don't know if i should had any other RT protection to Bitdefender IS or if this is enough...
Windows 10 Education 64 bit
User Account Control - max, with password
-Kaspersky Internet Security 2017 (Default setting, ONLY uncheck "trust digitally singed application" ).
-Hitman Pro Alert.
-Voodoshield Pro (Smart default setting).
On demand scan:
Kaspersky Password manger.
-Adguard add on extension.
-Windscrib VPN Pro.
-HTTPS every where extension.
IMO BD is enough if they are careful and use safe computing habits.
Added FlashControl for Chrome 57 (Click to Play on).
The extension prevents the display of Flash Font:
(Flash leak Test)
OS: Windows 7 x64 (built in: User Account Control on max, Standard User Account for daily computing, Firewall inbound only, various tweaks and modifications)
Antimalware - realtime: Emsisoft Anti-Malware; on demand: Avira PC Cleaner, Malwarebytes AM, HitmanPro, Virustotal Uploader
Sandbox: Sandboxie for Chrome
Backup: Macrium Reflect (grandfather - father - son backup scheme)
Privacy: F-Secure Freedome VPN; uBlock Origin (easy mode) and uBlock Origin extra in Chrome; CCleaner; PrivaZer; Tor Browser
Virtualisation: Virtualbox (guest OSs: Windows XP, Windows 7, Windows 10, Linux Mint)
Other tools: Autoruns; Process Explorer; Recuva; TCPView
Thanks for your answer. Finally I let BD and Voodooshield together. BD 2017 has RT protection and seems to be efficient against exploits and malicious web sites. What I dont like in BD 2017 is that when you click on the virus definition update button, it searches for updates for a long time (bug??). This is strange behaviour. With Malwarebytes it's very quick.
Separate names with a comma.