I was wondering what some of the best programs for default deny protection are, i already use vs is there anything else I should use along with it?
Do not use multiple default deny security software together, if you are using VS continue with it, its very good one. Multiple default deny security software together wont improve your security, on the contrary it will cause issues in day to day working of your pc.I was wondering what some of the best programs for default deny protection are, i already use vs is there anything else I should use along with it?
for real time protection Norton 360 premium, what is the best the security posture in vs in terms of how vs functions mine is set to aggressive should I change this or leave it as is also should I be adding any custom rules or folders these sections are currently blank?Stick with VS , you do not need anything else. But it would help us if you let us know what other protection you are using.
I find that VoodooShield works best for me on default settings.for real time protection Norton 360 premium, what is the best the security posture in vs in terms of how vs functions mine is set to aggressive should I change this or leave it as is also should I be adding any custom rules or folders these sections are currently blank?
thank you for your feedback on this
OS_Armor blocks execution of programs and command parameters. It is not a default deny program, which whitelists stuff, works as a blacklist program, with build-in exception (allow) rules to prevent false positives. OS-Armor has an option to write your own rules and make it a default deny. OS-Armor also has some options to further tighten protection by blocking execution of unsigned programs from certain folders and block execution from folders which normally are not used for updating/installing programs.My vote for a default-deny security app would have to go to OSArmor, set to maximum security. It'll deny everything that's not on the exclusion list. This would not be used in conjunction with Voodoo Shield but instead of it.
OS_Armor blocks execution of programs and command parameters. It is not a default deny program, which whitelists stuff, works as a blacklist program, with build-in exception (allow) rules to prevent false positives. OS-Armor has an option to write your own rules and make it a default deny. OS-Armor also has some options to further tighten protection by blocking execution of unsigned programs from certain folders and block execution from folders which normally are not used for updating/installing programs.
The rational behind the yearly license fee is the effort the developer puts in maintaining the blacklist and the exception list in the blacklisted items.
Using your definition behavioural blocking would also be considered default-deny, as it's nothing more than a collection of rules detailing malicious behaviours, which are blocked when a process infringes upon those rules.If you tick an OSA option, enabling the rule, and then try to execute whatever that rule intends to block what happens? Is that command and/or application allowed to execute? No. It's not. In my option that makes OSA deny by default; without exclusion the rule will be enforced and action denied. So, if you disagree you're saying that you believe one of two things, either that the rules are inadequate and thus OSA is ineffective or that every possible action (regardless if it can harm your system or not needs an allow rule. I don't believe either of those is true. OSA is an deny by default.
Security works always best with system internal stuff, so Windows SRP or Applocker.
SRP rules can be easily handled with Hard_Configurator tool from Andy.
Combine that with Microsoft Defender hardened with ConfigureDefender tool from Andy and you're done.
I'm definitely in favour of this approach, although complimenting this with OSArmor, for instance, should further enhance security, as it detects and blocks all kinds of different techniques used by malicious attacks.
I seconds this + Hard Configurator/Simple Windows Hardening if someone wants to stay with built-in protection.Microsoft defender + cloud set to zero tolerance: blocks all unknown executables