What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    908
    Location:
    Canada
    For everyday use it is not heavy at all, I have a 10 year old desktop and can see no slowdowns at all for normal use. Some say opening a folder with a lot of programs is slow, maybe, I don't know, 4 seconds or 6 seconds, no big deal for me. People also say that transferring files to One Drive or another cloud service may be slow, again, I don't know as I've only done this with MD. So basically everyday use there is absolutely no issues, for some opening a large folder or uploading files there may be a slight slowdown, for me I don't care as I rarely do either one of these.
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,621
    Location:
    U.S.A. (South)
    With this new system running 20H2 TODAY Windows Defender is rather impressive (Very Light). My 8.1 and now this fresh Windows 10 are worlds apart as its a new experience for me.

    So todays setup (First Day) has it fully updated. Installed WiseVector as an additional safety net. Perfectly compatible with WD but took the first scan hours to sweep. Secure Folders for folders i know it locks down tight. Even though its 10 Home w/o gpedit it also now has Group Policy Editor displayable to configure if needed. Configure Defender added too. Miss the v4.0 ERP Beta and if i can find my installer it will be added too. The granularity is ideal. I can't see anything having a snowball's chance with only these few security measures set up now.

    It took a couple of Exclusions and recovery to drop a text file with Power Shell Keylogger that works like a charm. Yes i keylog myself. Its a personal keylogger/safe but was tagged instantly after being read by WD. Good catch!

    Running Default Windows Firewall for now. Also EDGE Browser.
    Late additions overnight:Shadow Defender / v4.0 ERP Beta

    I believe that is the correct amount of defenses for our purposes
     
    Last edited: May 29, 2021
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    @EASTER -- You wrote: "With this new system running 20H2... "

    20H2?
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,621
    Location:
    U.S.A. (South)
    Last edited: May 29, 2021
  5. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,353
    Location:
    Milan and Seoul
    I have often posted that MS Defender nowadays is as light as Avira Pro and Kaspersky (last paid AVs I had on this machine). Even when I disable MS Defender with Defender Control, there is no perceivable improvement in speed, however I do believe that in some machines it might be heavy, conflicts, hardware incompatibility, and what not. I have postponed using it for years because it used to be real heavy, not any longer. My reply is not in lieu of digmor crusher, just my two cents...
     
  6. Quassar

    Quassar Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    193
    Location:
    Poland
    Well its depen what they mean..
    ex1) some software use more ram and don't slow system performance,
    ex2) some soft eat less ram and slow system performance more than this first one.

    Technicaly i disabled defender brutaly and for me i feel system is more faster but on old pc in my new not matter what i install all work smooth bc new its too strong even for bloat software ^^

    And important point some peoples are just trash talker they dont read test(even this over ads/lied for marketing puporse) they dont test by myself way... the just hit first better ******** created in thier empty head and they stick with it and keep repeat..

    Sry if too agresive i just saying true.. and we need beeware of kind of peoples to not fail in fake news..
     
    Last edited: May 29, 2021
  7. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    733
    Location:
    U.S. Citizen
    @Quassar

    I agree with comments from above 1000% And /or talk to individuals within the area you are seeking knowledge in.
    Also, learn from others mistakes. All this requires,is time and a-lot of homework.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,339
    Location:
    Hawaii
    Congrats on the new computer. I hope it gives you many years of great service.

    By the way, how was the learning curve moving from 8.1 to 10?
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    @Osaban & @Quassar & @Moose World -- I am convinced. Many thanks to all 3 of you.

    Hey Quasser -- you're kind of new. First of your posts I have seen. Very good information. Welcome aboard!!! :)
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,621
    Location:
    U.S.A. (South)
    Actually after so many years with windows, but more importantly, now after this decision to finally step over and into Windows 10, absorbing our members feedbacks, experiences, and reading/comparing numerous posts associated with Windows 10 FULLY; it feels as if there is no learning curve at all with the 10 system for me but more rather becoming acquainted to today's new hardware aspects and simply ensuring long relied upon Windows 8.1 security and other apps continue unabated working just as expected. Which seems it is. Smooth transition actually.
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,285
    Location:
    Canada
    Windows 10 Pro, 20H2

    -Lenovo E580 Laptop: Full Bitlocker encryption, Memory integrity, Core isolation, Security processor,
    -Software Restriction Policy: Default deny, Enforcement= All files, Security Level= Disallowed, Applies to= All users
    -ConfigureDefender: Protection Level= High
    -OSArmor: Defalts plus additional Protections enabled
    -Windows Firewall: Default deny in/out, using Malwarebytes Firewall Control
    -Browser: Firefox, Site Isolation enabled with uBlockO, HTTPS Everywhere & CSS Exfil Protection add-ons

    BTW, if you want to plat Netflix videos in Firefox, you will need this Path rule: C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\gmp-widevinecdm\*

    It may not properly log in Event Viewer or Advanced logging via registry.
     
    Last edited: May 29, 2021
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Good set up
     
  12. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,285
    Location:
    Canada
    Thanks jmonge!
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Your welcome buddy
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,386
    Location:
    Slovenia
    Real time protection on my Windows 10 21H1:

    Macrium Reflect with Macrium Image Guardian
    Kaspersky Internet Security with "minimal" setup
    uBlock Origin in Firefox

    - uninstalled Kaspersky VPN
    - disabled Software Updater, Application Manager, Private Browsing and Safe Money
    - set Action on detection to Notify for all manual Scans, for Full scan I disabled scan of archives
    - disabled Background scan after initial scan was performed

    - File Anti-Virus: Files are scanned by extension; scan mode is set to On execution
    - Web Anti-Virus: Light Heuristics Analysis enabled; disabled URL advisor
    - Mail Anti-Virus: Light Heuristics Analysis enabled; disabled Attachment filter
    - Firewall: Network type for my network is changed from Trusted to Local
    - Application Control: option Trust Digitally Signed Applications is disabled
    - Network Settings: Inject script into web traffic and Scan of encrypted connections are disabled

    - Kaspersky Security Network feedback is disabled
    - News notifications and Promotional materials are disabled
    - On-Screen Keyboard and Secure Keyboard Input are disabled
    - Dump Writing in Debug information section is disabled
     
  15. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    908
    Location:
    Canada
    Protection: Microsoft Defender ( with Configure Defender), Simple Windows Hardening
    Browser Extensions: UBO and Lastpass
    Backup: Macrium Reflect
    VPN: Windscribe
    Funtime: Shadow Defender
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Very powerful my friend
     
  17. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    908
    Location:
    Canada
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,621
    Location:
    U.S.A. (South)
    Contemplated adding OSA 1.4.3 last free version. Still may at some point if nothing else to measure the added functions. (I also enjoy it's pop up alerts)
    I see no need at this point to subscribe to new OSA.

    MD + WiseVector is ideal so far. Both with controlled folder access ON/exclusions etc.

    Added SetACL Studio today. I found an old copy on 8.1 that was used or experimented with and jogged my ambition to set personalized ACL permissions to user preference folders as an awesome supplement. I downloaded/installed their newest version.
    The same im sure could be easily grouped through MD and WiseVector folder features but SetACL is sort of similar to Secure Folders but with some granularity.

    Grateful shout out to @digmor crusher for nudging my interest toward Simple Software Restriction Policy. Its in my sig but i want to do some supplemental reading up on it to help better be informed to where it might fit in.

    Macrium and Drive Snapshot Imaging are the two backup/restore programs i trust. Both are excellent.
     
  19. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    110
    Location:
    Finland
    Testing this setup now on my 7 years old 2.2 ghz dual core / SSD laptop / Windows 10 Enterprise LTSC:
    McAfee Endpoint Security (self managed, firewall component not installed, custom settings)
    Symantec Endpoint (only firewall component installed)
    HiBit Startup Monitor (monitoring task scheduler and startup entries)
    KeyScrambler Pro
    uBO
    McAfee Web Boost (stops annoying auto-play videos, thus saving laptop battery and overall performance when surfing the net)

    Working really good so far...
     
    Last edited: Jun 2, 2021
  20. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    110
    Location:
    Finland
    Here's my tweaked McAfee Endpoint settings, for daily use (installing softwares, web surfing, playing games etc.)
    ATP Settings are set to "Security"
    GTI Reputation Threshold:
    Unknown files - Auto Dynamic Application Containment
    Might Be Malicious - Auto Block
    Known Malicious - Clean and Revert Changes (enhanced remediation) and/or Remediate Deleted and File Changes


    Windows Script Command Restriction – Batch Mode
    Windows Script Command Restriction – Use Engine
    Suspicious Behavior: Malicious DLL Injection Detected
    Suspicious Behavior: Malicious Shellcode Injection Detected
    Suspicious Behavior: Malicious DLL Injection Detected
    Suspicious Behavior: Malicious Shellcode Injection Detected
    Suspicious Data Sequence in JavaScript

    Powershell – Suspicious WMI Script Execution
    Powershell - Suspicious Access from Powershell
    Powershell - Execution Policy Bypass
    Powershell - Hidden Powershell Detected
    Powershell - Suspicious Downloadstring script execution
    Powershell - Key Capture using Powershell detected
    Powershell - Command Restriction - Command
    Powershell - Command Restriction - Encoded Command
    Powershell - Command Restriction - ExecutionPolicy Unresticted
    Powershell - Command Restriction - File
    Powershell - Command Restriction - Invoke Expression
    Powershell - Command Restriction - NoLogo
    Powershell - Command Restriction - Non Interactive
    Powershell - Command Restriction - No Profile

    Fileless Threat: Reflective Self Injection
    Fileless Threat: Reflective EXE Self Injection
    Fileless Threat: Reflective DLL Remote Injection
    Fileless Threat: Process Hollowing
    Fileless Threat: Shellcode Self Injection
    Fileless Threat: Reflective Loading of Mimikatz using DotNetToJScript technique
    Fileless Threat: Malicious Powershell Behavior Detected
    Fileless Threat: Suspicious Powershell Behavior Detected
    Fileless Threat: Spoof Parent Process

    Malicious Behavior: Directory Junction Attempt Detected
    Malicious Behavior: Directory Junction Attempt Detected II
    Malicious Behavior: Possible Encryption attempt on a Directory Detected
    Malicious Behavior: Variants of Trickbot, Ryuk, FareIt Detected
    Malicious Behavior: Windows EFS Abuse Detected

    Mimikatz LSASS Suspicious Memory Read
    Mimikatz LSASS Suspicious Memory DMP Read

    Weaponized OLE object infection via WMI
    Evasion Attempt: Suspicious AMSI DLL Creation
    Evasion Attempt: Suspicious AMSI DLL Loading Detected
    Attempt to Dump Password Hash from SAM Database
    Unintended Lsass.exe access detected
    LSASS memory read attempted to dump Credentials
    Windows Explorer MSHTA Script Execution

    And for M$ Office installed, i've block and report these also:
    Illegal Execution of winword.exe
    Illegal Execution of Excel
    MS Word Trying to Execute Unwanted Programs
    Word Application Using MSHTA - VBS and JScript

    Other settings that i recommend to Block and Report:
    Behavior Based Exploit Protection
    Block User Creation
    DPAPI Encryption Credential Theft Detected
    Disttrack Malware Infection
    Illegal Execution of Services.exe
    Illegal Execution of svchost.exe
    Possible Exploit Behavior
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,386
    Location:
    Slovenia
    Windows 10 21H1

    Real-time: Macrium Reflect, Kaspersky Internet Security, uBlock Origin

    On-demand: SUMo, HitmanPro, Norton Power Eraser, Keepass, Veracrypt, CCleaner
     
  22. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,158
    Location:
    Slovakia
    Realtime: Panda Dome Free & Windows Firewall with WFC, Windows 10 Home 64-bit Dev, IPv6 & WSH disabled, NextDNS via Windows DoH
    Passive: Microsoft Edge (AdGuard/Bitwarden/CookieAutoDelete), EaseUS Todo Backup, WiseDiskCleaner, Windows Hello with UAC at max
     
  23. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    733
    Location:
    U.S. Citizen
    Hi,

    Containers below: Both work together.

    * Comodo Firewall
    * Sandboxie


    Virus Total to Check what, I download software ect....

    Cleaners and removal of Malware so far:
    * Malwarebytes
    * UnHackMe

    To recover certain files like encrypted:
    * Macrium Reflect latest with Ransomware prevention/protection.

    * Raxco Instant Recovery: is not free, take a snapshot to restore.
    * RollBack Rx Professional Free Version to roll back .....


    Anti-viruses:
    Your choices Avast Free, BitDefender or KasperskySecurity Cloud.
    * Kaspersky need to be connect to Wi-Fi /internet.
    * Avast Free, you can use in passive mode. Can be use with Kaspersky.
    * BitDefender Free

    Prevention:
    Your choices, AppGuard Solo, Shadow Defender.
     
    Last edited: Jun 15, 2021
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    Good 0roductß buddy
     
  25. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    733
    Location:
    U.S. Citizen
    Hi,

    You are welcome....:thumb:
    Buddy!
     
    Last edited: Jun 15, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.