Advice Request AppGuard + ERP + Sandboxie = A Strong Combo?

[Wraith]

Either Eset + ApGuard or Eset + SpyShelter would be enough. More important is a proper configuration (attack surface reduction) than adding another security applications.

The cautious users are pretty much safe if they can:

• open the unsafe files (from the Internet or removable sources) in the properly restricted environment or blocks them (if not needed, like scripts);
• disable SMB protocols, and remote services;

It is not especially important if SRP or Anti-Exe, or Sandboxing, is used for that. That is usually, also a strong anti-exploit prevention, because the exploit is unarmed in the restricted environment or cannot be executed, or if executed, then cannot run/download something else.
Things are more complicated with the kernel exploits, but fortunately, Windows Updates can provide the sufficient protection, so far.

In-memory attacks (from the network) are dangerous for organizations and for the people, who use the public networks. In the second case the strong firewall should be sufficient.
In the case of organizations, the ATP features will be required, which are
based on: Memory Isolation + Memory & Network Monitoring + Machine Learning & Artificial Intelligence + Credential Protection + Data Encryption, etc.

An excellent summation. But between SpyShelter and AppGuard with ESET I personally would choose AG all the way.

 

[JM Safe]

So it's not gonna help Chrome

The browser that creates more processes ever. But at least is secure!

 

[JM Safe]

An excellent summation. But between SpyShelter and AppGuard with ESET I personally would choose AG all the way.

SpyShelter is also very very good and secure. It depends on what software you prefer for usability, performance and security.

 

[shmu26]

The browser that creates more processes ever. But at least is secure!

Right. Chrome is not so much of a security issue these days.

 

[shmu26]

Hey shmu, I think ReHIPS permits some more tweaks than SBIE. SBIE can be tweaked also but less.

I'll tell you what I mean: in ReHIPS, I can't grant direct file access to any folder in real user space. For instance, if I want isolated Word to be able to save a file onto my desktop, I need to move my desktop folder out of the Users directory, and locate it somewhere else, such as C:\Desktop. But with SBIE, I don't need to do that.
Also, with SBIE I can drag and drop a file onto a Gmail message, but ReHIPS doesn't support this. I need to do the whole "attach file" process.

 

[Andy Ful]

Hey shmu, I think ReHIPS permits some more tweaks than SBIE. SBIE can be tweaked also but less.

I have the opposite opinion.
Sandboxie sandbox can be easily configured to run only one application (one EXE file) and automatically & silently block execution of all other EXE files. Another Sandboxie sandbox can run all executables. Both sandboxes can be used simultaneously. I think that it would be hardly possible in ReHIPS.
Sandboxie can configure the access to Registry keys and the IPC object resource. It is also possible to manage exclusions for COM classes and Window classes. The Internet access has the option to block the particular ports.

 

[Deleted member 178]

I'll tell you what I mean: in ReHIPS, I can't grant direct file access to any folder in real user space.

I can so you could. You have to tweak the IE access rights.

I use Word or Excel isolated and can save the file on a selected folder in another partition. In my case in the Mega cloud folder.

Also, with SBIE I can drag and drop a file onto a Gmail message, but ReHIPS doesn't support this. I need to do the whole "attach file" process.

Never used this feature.

 

[Andy Ful]

Comodo FW has nothing special, SEP one however is in another league.

Comodo Firewall is far stronger than Windows Firewall (default settings). The CIA and NSA did not love it. SEP (Symantec Endpoint Protetcion) firewall is from another league because of many configurable options, but it would be hard to prove that is far stronger than CF + some Windows hardening, for protecting the computer in the public network.
Anyway, It is probably true that SEP firewall is far better for Enterprises.

 

[shmu26]

Comodo Firewall is far stronger than Windows Firewall (default settings). The CIA and NSA did not love it. SEP (Symantec Endpoint Protetcion) firewall is from another league because of many configurable options, but it would be hard to prove that is far stronger than CF + some Windows hardening, for protecting the computer in the public network.
Anyway, It is probably true that SEP firewall is far better for Enterprises.

Andy, could you elaborate a little on the potential threats when using a public network? What is the typical attack sequence, and how does an interactive firewall such as Comodo stop it? Does the attacker drop a malicious file on the targeted computer, and then execute it?

 

[shmu26]

I can so you could. You have to tweak the IE access rights.

I use Word or Excel isolated and can save the file on a selected folder in another partition. In my case in the Mega cloud folder.

Is your Mega folder in real user space, for instance, a path like this: C:\Users\Umbra\Mega
Because if it is, you have to be a magician to coax ReHIPS into allowing you access to it.

 

[SHvFl]

Is your Mega folder in real user space, for instance, a path like this: C:\Users\Umbra\Mega
Because if it is, you have to be a magician to coax ReHIPS into allowing you access to it.

You can't do that in any way as writes are hardcoded and redirection will happen to the rehips user account used by excel (or whatever application you are using). Umbra said another partition though so it's not user space as windows is concerned so you can allow access if you wish.

 

[Andy Ful]

Andy, could you elaborate a little on the potential threats when using a public network? What is the typical attack sequence, and how does an interactive firewall such as Comodo stop it? Does the attacker drop a malicious file on the targeted computer, and then execute it?

My knowledge about those topics is not great, but there are some well known facts.
If you are not sure that the public network is legitimate and solid, then you have to use VPN and disk encryption. The hackers can make a rogue Wi-Fi hotspot to do man-in-the-middle (MITM) attacks, so the personal firewall cannot help much.
The legal public networks can often have many vulnerabilities because of the old (or poorly configured) routers, so the hackers can easily compromise them.
When the hackers have compromised the network, they can use the well known pentesting tools (Metasploit, Kali Linux, etc.) to compromise the particular computers via exploits, open ports, etc. They can perform in-memory attack and steal the passwords or drop and execute payloads. In this point Comodo Firewall can help, because of the strong outbound attack protection. Also, well patched Windows 10 + blocked SMB protocols + blocked remote access features + blocked Windows scripts, can help a lot to mitigate/stop the attacks.
Firewall Outbound Attacks Protection Test (July 2013) - Anti-Malware Test Lab
Why are public WiFi networks insecure?

 

[Wraith]

Also, well patched Windows 10 + blocked SMB protocols + blocked remote access features + blocked Windows scripts, can help a lot to mitigate/stop the attacks.

I totally agree on this point. I also disable all Incoming connections in windows firewall just to be on the safe side.