What is your security setup these days?

Im using Comodo Internet Security. Any reason why cmdagent.exe has CPU spikes?

 

The little I ran both I had no problem or slow down. I just wanted to see how WSA reacted with little or no interference from another AM so uninstalled MBAM.

 

Explained

Safe Admin
https://www.wilderssecurity.com/showpost.php?p=1970516&postcount=62

Pimped Chromium
https://www.wilderssecurity.com/showpost.php?p=1970518&postcount=63

 

@Kees,

not too shabby a setup you have Just a few questins regarding the Deny elevation of unsigned programs:

1. does it cause some delay when you elevate a pocess (it did for me)?

2. how does the PKI (Public Key Infrastructure) come in to play with it?

 

Nope, I have set UAC to elevate silently. Don't use PKI. In the old days of usefull SRP (run as basic cuser) with certificate rules caused delays in a simular way, so maybe you use AppLocker (which works in a simular way)?

 

Well, I don't know, maybe I don't understand the PKI aspect of it. Doesn't there have to be an approved certification path validation before UAC elevates an executable when this option is enabled?

If you take a look at the ss, doesn't all this have to be set up for that UAC option to work properly?

 

made some changes in my own 32 system uninstall nod antivirus and very soon i will introduce
NoVirusThanks EXE Radar Pro

 

If I may ask, how did you do that? Did you adjust the UAC slider to a lower setting?

But when you enable the option: "only elevate signed executables that are signed and validated", it enforces PKI signature checks on any executable that attempts to elevate, so I don't think there's a choice to decline it.

I temporarily cleared the AppLocker policy, but there's still a delay when attempting to elevate with that option ("only elevate signed executables that are signed and validated") enabled.

 

Added Geswall back and added it in the AppGuards,Guarded App list.

 

GesWall Pro is so powerfull that sandboxie and appguard are not needed
i hope they update it soon

 

Panda Cloud Free
Sandboxie
Shadow Defender
Keriver Free
Mailwasher
LastPass

 

Yes can be done though group policy, regedit or the UAC slider.

Just try UAC with the PKI, download winrar and try to install for instance

 

I set the UAC slider to lowest (is this where you have yours set at?), then enabled the "only elevate executables that are signed" option, then when I try to execute a non-signed executable, I get a pop-up "A referral was returned from the server" message and the executable won't launch. I go this anyway when I had UAC at max. This isn't a bad option to enable, I guess, but it does introduce a considerable lag before the executable either launches or the message appears, unless it's a Windows signed executable, then the lag isn't there.

It makes sense, to me at least, if you keep UAC at "Default" along with that option to elevate only signed executables, because this way UAC will auto-elevate Windows signed executables only that are in secure locations (where Users can't write to) and in some cases UAC will even check for a "autoElevate" property in the executable's manifest. This should give you a niice combination of UAC benefits because you will retain the UIPI integrity mechanisms, while not having to manually elevate signed Windows processes.

Anyway, I will keep things status quo, with UAC at Max. Thanks for your help

 

set the UAC slider to the max

 

you only get protection for Windows and Program Files folders with UAC at default or maximum.

 

ofcourse plus spyshelter,Nod antivirus and mbam pro and hitman pro

 

I agree that its powerfull as it is but I hope its not being abandon.I set up my sons pc with Geswall and Eset Smart Security 5 trial and he loves this set up. Its Fast, light and pretty secure IMO.

 

yeap

 

There is a difference between lowering UAC protection, using the slider, and allowing silent elevation for administrators.

Those changes are not the same.

http://technet.microsoft.com/en-us/library/dd835540(WS.10).aspx

 

Right, I understand that. I'm just trying to figure out what Kees is doing

 

See GPO settings

 

SecPol (software restriction policies)

 

GPO settings, my banking Pin code is 1958 P )

 

That clarifies things perfectly, Kees, thanks!

CONGRATULATIONS!! You just posted the one millionth quote on Wilders Security. All you need to do to collect your Grand prize is to mail me your bank card to pay a small processing fee...

 

Fedora 16 and SeLinux + Sandboxing. Running nice and light.