Battle Best programs for default deny protection

Compare list
Vs comodo

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
883
I was wondering what some of the best programs for default deny protection are, i already use vs is there anything else I should use along with it?
Do not use multiple default deny security software together, if you are using VS continue with it, its very good one. Multiple default deny security software together wont improve your security, on the contrary it will cause issues in day to day working of your pc.
 

carl fish

Level 7
Thread author
Verified
Mar 6, 2012
333
Stick with VS , you do not need anything else. But it would help us if you let us know what other protection you are using.
for real time protection Norton 360 premium, what is the best the security posture in vs in terms of how vs functions mine is set to aggressive should I change this or leave it as is also should I be adding any custom rules or folders these sections are currently blank?

thank you for your feedback on this
 
Last edited:

Gandalf_The_Grey

Level 82
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
for real time protection Norton 360 premium, what is the best the security posture in vs in terms of how vs functions mine is set to aggressive should I change this or leave it as is also should I be adding any custom rules or folders these sections are currently blank?

thank you for your feedback on this
I find that VoodooShield works best for me on default settings.
Wouldn't change anything there.
Maybe @danb and other VS users can share their opinion or advice on some custom settings?
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
My vote for a default-deny security app would have to go to OSArmor, set to maximum security. It'll deny everything that's not on the exclusion list. This would not be used in conjunction with Voodoo Shield but instead of it.
OS_Armor blocks execution of programs and command parameters. It is not a default deny program, which whitelists stuff, works as a blacklist program, with build-in exception (allow) rules to prevent false positives. OS-Armor has an option to write your own rules and make it a default deny. OS-Armor also has some options to further tighten protection by blocking execution of unsigned programs from certain folders and block execution from folders which normally are not used for updating/installing programs.

The rational behind the yearly license fee is the effort the developer puts in maintaining the blacklist and the exception list in the blacklisted items.
 

n8chavez

Level 19
Well-known
Feb 26, 2021
945
OS_Armor blocks execution of programs and command parameters. It is not a default deny program, which whitelists stuff, works as a blacklist program, with build-in exception (allow) rules to prevent false positives. OS-Armor has an option to write your own rules and make it a default deny. OS-Armor also has some options to further tighten protection by blocking execution of unsigned programs from certain folders and block execution from folders which normally are not used for updating/installing programs.

The rational behind the yearly license fee is the effort the developer puts in maintaining the blacklist and the exception list in the blacklisted items.

If you tick an OSA option, enabling the rule, and then try to execute whatever that rule intends to block what happens? Is that command and/or application allowed to execute? No. It's not. In my option that makes OSA deny by default; without exclusion the rule will be enforced and action denied. So, if you disagree you're saying that you believe one of two things, either that the rules are inadequate and thus OSA is ineffective or that every possible action (regardless if it can harm your system or not) needs an allow rule. I don't believe either of those is true. OSA is a deny by default application.
 
Last edited:
F

ForgottenSeer 85179

Security works always best with system internal stuff, so Windows SRP or Applocker.
SRP rules can be easily handled with Hard_Configurator tool from Andy.

Combine that with Microsoft Defender hardened with ConfigureDefender tool from Andy and you're done.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
If you tick an OSA option, enabling the rule, and then try to execute whatever that rule intends to block what happens? Is that command and/or application allowed to execute? No. It's not. In my option that makes OSA deny by default; without exclusion the rule will be enforced and action denied. So, if you disagree you're saying that you believe one of two things, either that the rules are inadequate and thus OSA is ineffective or that every possible action (regardless if it can harm your system or not needs an allow rule. I don't believe either of those is true. OSA is an deny by default.
Using your definition behavioural blocking would also be considered default-deny, as it's nothing more than a collection of rules detailing malicious behaviours, which are blocked when a process infringes upon those rules.

Personally I subscribe to a very simple but strict definition of default-deny: Whitelisted items are allowed to run. Non-whitelisted items are blocked.
OSA doesn't fit that criteria for me as most of its rules are built around thwarting post-execution malicious behaviours. And while I'm sure it has rules in place to block the execution of certain files, and may even be able to be configured to act as a default-deny solution, if it doesn't do so uniformly by default then it shouldn't be considered one.
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
619
Security works always best with system internal stuff, so Windows SRP or Applocker.
SRP rules can be easily handled with Hard_Configurator tool from Andy.

Combine that with Microsoft Defender hardened with ConfigureDefender tool from Andy and you're done.

I'm definitely in favour of this approach, although complimenting this with OSArmor, for instance, should further enhance security, as it detects and blocks all kinds of different techniques used by malicious attacks.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,458
I'm definitely in favour of this approach, although complimenting this with OSArmor, for instance, should further enhance security, as it detects and blocks all kinds of different techniques used by malicious attacks.

OSA is very similar to SRP. Most of the OSA protection is prevention based on attack surface reduction kinda similar to SRP and Windows Policies. Furthermore, OSA (like SRP, Applocker, etc.) will not prevent most techniques used by PE executables (if EXEs are allowed to run).
I would not use the term "detect" in the case of OSA, because OSA cannot see if something is malicious or not.:unsure:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top