WSA tweaks for better security

Discussion in 'Prevx Releases' started by Windows_Security, Oct 14, 2013.

Thread Status:
Not open for further replies.
  1. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Last edited: Oct 14, 2013
  2. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Increase outbound firewall one setting.

    Don't forget to launch all programs you set to monitored in previous post and ALLOW them (remember).
     

    Attached Files:

    • 2.png
      2.png
      File size:
      136.7 KB
      Views:
      35
  3. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Increase heuristics one setting to maximum

    Will monitor programs new programs, when they have poor reputation/are unknown by a fair share of the community WSA will block them
     

    Attached Files:

    • 3.png
      3.png
      File size:
      120.9 KB
      Views:
      19
  4. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Thanks kees! :)

    Also, on a side note, why doesn't Webroot 'monitor' web browsers by default? Is it because of identity shield? I think 'monitoring' Chrome, IE or Firefox isn't really needed to enjoy good protection due to other modules in WSA protecting the browser already. :)
     
  5. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    fouth tweak is not possible anymore, because http and https are now protected in the same way

    My wife shops a lot on the web, she is click happy and complains when functionaliy is limited. Since PrevX4 she uses this setings without issues.

    With these settings I have tested PrevX4 alfa, closed beta and beta with fresh malware samples of a friends honeypot (reverse engineer of malware for a banking corp). When heuristics blocked an unkown sample,I counted that also as a pass.
     
    Last edited: Oct 14, 2013
  6. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    I don't think it has any advantage to put browsers under Monitor. Rather the opposite. All main browsers are automatically labeled Protected, shifting them to Monitor can have impact on their security and overall performance.
     
  7. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Well, I have tested PrevX alfa, pre-beta and beta with these settings, not the latest version. Still with monitored setting the 'protected' status of identity shield is still ON. see picture. These are seperate settings.
     

    Attached Files:

  8. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    The identity shield protects them by default, new infrared seems to have replaces monitored function. Both are on by default.

    Monitored only triggers extra logging (the disk space PrevXHelp mentioned) with simplified GUI, so removed tweak explanation
     

    Attached Files:

  9. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    Thx for the clarification of your settings, I am still curious why a mixture of these settings is better than simply let browsers Protected. Maybe Joe could shed more light ...
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
    Note: This does not apply to Windows 8.X as this setting is NOT available for this platform.

    Thanks,
    Fax
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,729
    Location:
    localhost
  12. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    Yeah Joe actually confirmed WSA concept - "install & forget" is the best approach for majority of users. I for one have the following tweaks:

    Settings->Shields: second (Allow trusted ...) and third option (Silently and automatically ...) from the bottom unchecked. This tweak produce more notifications and warnings but I like to be informed what's going on.

    Settings->Firewall: the last option enabled (Warn if any process ...)

    Settings->Heuristics: Enable maximum heuristics

    I should note though that I am not so often installing/uninstalling, only updating current applications. So the above tweaks might not be applicable for others.
     
  13. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Ah a very good discussion we're having here. Very useful. Learning a lot.:D :thumb:
     
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hey guys it is always recommended to use default settings as 99% of the user-base are just average computer users or Enterprise Controlled by there IT department and Joe already said in the link posted and many other times default is recommended. With that being said the Security Guru's always like to tweak as I do in post #3 that is actually 2 steps higher and I always set to Max without issues as I don't use not well known programs so no extra pop-ups for me and my only other change I do is under Shields I uncheck these 3 as I like to know what's going on please see picture below and that's it.

    TH ;)

    14-10-2013 9-48-26 AM.png clarified
     
    Last edited: Oct 14, 2013
  15. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Checked the settings on the laptop these are indeed added
     

    Attached Files:

  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  17. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    657
    Location:
    Southwestern Massachusetts
    Thanks to ALL that have responded to both this thread and the other thread about changing WSA 2014 default settings for enhanced security from the new product. This is exactly the kind of information that I hoped for, and it is greatly appreciated... :D :thumb:
     
Thread Status:
Not open for further replies.