Advanced Plus Security AtlBo's HP 8460p Laptop Security Config 2019

Last updated
Aug 29, 2019
Windows Edition
Pro
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Kaspersky Security Cloud Free
NVT OSArmor 4 (Most items checked)
Firewall security
Microsoft Defender Firewall
About custom security
All but a small number of the items in NVT OSArmor are checked. These are mostly where there is a slightly more aggressive version of a setting available. I don't mind going to the trouble of making exclusions for portables on flash drives, etc. All script engines are blocked with OSArmor. Part of the price of operating safely. BIOS is updated so PC is protected from Meltdown and Spectre. Considering hardening KSC security, but it seems strict in the first place.
Periodic malware scanners
Emsisoft Emergency Kit portable
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Internet Explorer 11 with SmartScreen
Google Chrome: HTTPS Everywhere, Netcraft Anti-pfishing, uBlock with 10 custom hosts links, uBlock Extra, Privacy Badger, The Great Suspender (suspend unused tabs)
Maintenance tools
Wise Cleaner Free (run cleaner once a day), RegOrganizer, EraserDrop (secure delete all files), CCleaner (Wipe free space monthly), Startup Sentinel (Manage startups), Comodo Programs Manager (uninstall programs and leftovers). I use them to maintain privacy, so they are the same. Also, Autoruns, System Explorer, and TreeSizeFree
File and Photo backup
File syncing via FreeFileSync to a flash drive on every boot when the flash drive is attached.
System recovery
Paragon Backup and Restore 10 (2012). Rock solid for me acquired via giveaway, thanks Paragon...
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Downloading software and files from reputable sites
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
HP 8460p
Intel i5-2500
8 GB RAM
Samsung 120 GB SSD
Standard graphics

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I feel fairly confident with Kaspersky Security Cloud at the center of things, especially with NVT OSArmor underneath. It's a laptop, but I don't feel at this point a firewall is in order. I did have Comodo FW on the PC before Kaspersky, but Kaspersky didn't like Comodo and vice versa. I don't mind. I am still considering adding Binisoft. Would like to find something like Easy File Locker, because it doesn't seem to work well on this system. Not sure why. I would like to protect synced user files on the flash drive. I do have a large number of pdfs and eBooks that I cannot afford to lose. They are in a Paragon backup for now, but I would still like to have the flash drive protected from attack at least. Since I run portables, I will need read and some write for select applications as EFL provides. BTW, this PC has a fingerprint reader which I will be activating. For now, computer is used almost exclusively at home.

This is possibly the leanest security setup I have attempted, but I think it works with KSC. I use the PC alot now, but I am wise to activities out there. Still I know it can happen. Looking forward to the comments.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
It's a laptop, but I don't feel at this point a firewall is in order. I did have Comodo FW on the PC before Kaspersky, but Kaspersky didn't like Comodo and vice versa. I don't mind. I am still considering adding Binisoft.

If you're considering a firewall then you might consider TinyWall 2.1.12.0 which is a recent release with some bug fixes and works on W10. I can verify it works well on my machine. Nice and simple and comparable to MBWFC. Meanwhile @ultim is working on a completely new version 3.0 which is in Beta right now with active testers @ Wilders.
 

Deletedmessiah

Level 25
Verified
Top Poster
Content Creator
Well-known
Jan 16, 2017
1,469
Like @oldschool, I'd also recommend Tinywall, simplewall or WFC. Either of them are pretty solid in my opinion. Other than that, a solid config.
I use Secure Folders which is abandoned but works well on Windows 10 so likely would work on 7 too. It can be good replacement for Easy File Locker but again, while it works well, it is abandoned and I'm looking for a replacement myself.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I would start thinking to upgrade to W10 (and get the new security integrated system features), since W7 will soon stop getting Support...

A PassWord Manager would be also welcome, You may consider to run bakups in some cloud service also and a VPN Service for Web Privacy (if needed), apart from that system is secure.

Thanks for sharing :giggle:
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks cc. I have already installed Comodo Firewall. I made the mistake of installing Comodo before installing Kaspersky Security Cloud, and I had some issues with Comodo primarily. I removed Comodo about a month ago and decided tonight to reinstall it based on the combined advices of you guys here. So some specifics about the Comodo setup that seem to be helping:

1. Turned off the web filtering which was causing Kaspersky to go crazy
2. Added Custom HIPs rule for ProcessLasso and made an exclusion in the interprocess memory rule for CIS.exe. Then did the same thing for CIS.exe with ProcessLasso. Lasso has a memory cleaning agent that was spamming the memory access of Comodo in the logs. It was either that or Lasso's normal polling of processes, not 100% sure. Think this was a source of performance issues with Comodo, driving the logging to eat 25% of the processor. CleanMem will do the same thing with the Comodo logs but to a less degree.

So this is two things that seem to have been remedied. The ProcessLasso log spams have stopped now, and I have saved the Comodo settings. Plan to get a good backup of this setup soon.

ADDED: Comodo Firewall more or less CS but HIPs enabled (Web filtering off and no Internet Security Essentials)
 
Last edited:

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
My opinion is that Kaspersky works better and without problems with OSArmor or syshardener. You will have some problems with the Comodo firewall. I think it would be best to combine the Comodo firewall with some other lightweight Antivirus and with CS settings. From what I remember when I had Comodo firewall the best combination was with immunet antivirus and 360 TS essentials.
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Update from today

Over the last 4 days:
Added:
Comodo Firewall 12
Added 3 days ago to test with Kaspersky and NVT OSArmor. Worked for a couple days, then Comodo could not catch a test .bat from the desktop yesterday. I was actually testing to see if HIPs setting in Protected Objects would protect a location from deletes. The test failed two ways instead of one so Comodo was removed. Comodo didn't even notice the .bat when it was started.

Removed:
Comodo Firewall 12

Decided to try Zone Alarm free Firewall. It's better than it used to be, but not what I need. I want to be able to protect location. With the Kaspersky powered a-v, it's probably fairly good, but who wants Zone Alarm's second hand Kaspersky signatures with the firewall but not HIPs? I knew within an hour Zone Alarm wasn't for me, even if it is getting better.

Added:
ZoneAlarm Firewall
Removed:
ZoneAlarm Firewall

So last night back to Comodo Firewall along with these other changes:

Added:
Comodo Firewall 12 (Readded)
OPSWAT download scanning engine
LastPass (Chrome and Internet Explorer)
Adblock (Internet Explorer)
HTTPS (Internet Explorer)

After readd, Comodo acts as if nothing was ever wrong.

Comodo needs to get away from buggy settings linkages...between settings and the run-time elements, too. Whatever is going on, the program is not reliable now. This is the worst case error scenario for sure. At least when the program quits, some kind of error is generated or something noticeable happens. With this kind of failure there is nothing to indicate a problem. No error of any kind, and the .bat just ran. So now with the same settings reimported it seems to be working as expected or at least the HIPs. It's blocking attempts to delete files in a location on a remote drive from the .bat file as hoped.

There must something missing in the coding of Comodo. Is it too oversimplistic and clumsy choices in Comodo in the settings dialogs? And/or is it poor linkage between settings and the protection code (or something along those lines)? Is there somehow overreliance on .html or inefficient design? Don't understand what is causing the run-time fails from the program. Maybe a coder would have a comment on what could be the problem. Hate to say it, but I have seen more than a dozen major run-time protection fails from Comodo over the last 5 years...probably over 20+ in that time.

Still have Kas and NVT OSA, so, again, I have good confidence.

OPSWAT was a great find. Many thanks @conceptualclarity. It automatically checks downloads against almost 40 virus engines. On the advice of @harlan4096 I have added LastPass. This is my first go with a password manager, because I didn't like them being managed online. I don't know about LastPass whether it encrypts passwords locally etc. Haven't had time to read up on the program yet.

Adblock and HTTPS Everywhere were strictly added for use with IE 11. Not a big deal, but I just want to cover the bases. I might end up uninstalling IE in Programs and Features.

Hope I get a chance to test WiseVector and Huorong av-s soon. Anything that @Evjl's Rain likes I know is good. Test results have been impressive with WiseVector, but not sure what PC to commit at this point. I ran three cleaners and backed up the system today, so I am a step closer to looking into WiseVector at least. Not sure when, though...
 
Last edited:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Update from today

Over the last 4 days:
Added:
Comodo Firewall 12
Added 3 days ago to test with Kaspersky and NVT OSArmor. Worked for a couple days, then Comodo could not catch a test .bat from the desktop yesterday. I was actually testing to see if HIPs setting in Protected Objects would protect a location from deletes. The test failed two ways instead of one so Comodo was removed. Comodo didn't even notice the .bat when it was started.

Removed:
Comodo Firewall 12

Decided to try Zone Alarm free Firewall. It's better than it used to be, but not what I need. I want to be able to protect location. With the Kaspersky powered a-v, it's probably fairly good, but who wants Zone Alarm's second hand Kaspersky signatures with the firewall but not HIPs? I knew within an hour Zone Alarm wasn't for me, even if it is getting better.

Added:
ZoneAlarm Firewall
Removed:
ZoneAlarm Firewall

So last night back to Comodo Firewall along with these other changes:

Added:
Comodo Firewall 12 (Readded)
OPSWAT download scanning engine
LastPass (Chrome and Internet Explorer)
Adblock (Internet Explorer)
HTTPS (Internet Explorer)

After readd, Comodo acts as if nothing was ever wrong.

Comodo needs to get away from buggy settings linkages...between settings and the run-time elements, too. Whatever is going on, the program is not reliable now. This is the worst case error scenario for sure. At least when the program quits, some kind of error is generated or something noticeable happens. With this kind of failure there is nothing to indicate a problem. No error of any kind, and the .bat just ran. So now with the same settings reimported it seems to be working as expected or at least the HIPs. It's blocking attempts to delete files in a location on a remote drive from the .bat file as hoped.

There must something missing in the coding of Comodo. Is it too oversimplistic and clumsy choices in Comodo in the settings dialogs? And/or is it poor linkage between settings and the protection code (or something along those lines)? Is there somehow overreliance on .html or inefficient design? Don't understand what is causing the run-time fails from the program. Maybe a coder would have a comment on what could be the problem. Hate to say it, but I have seen more than a dozen major run-time protection fails from Comodo over the last 5 years...probably over 20+ in that time.

Still have Kas and NVT OSA, so, again, I have good confidence.

OPSWAT was a great find. Many thanks @conceptualclarity. It automatically checks downloads against almost 40 virus engines. On the advice of @harlan4096 I have added LastPass. This is my first go with a password manager, because I didn't like them being managed online. I don't know about LastPass whether it encrypts passwords locally etc. Haven't had time to read up on the program yet.

Adblock and HTTPS Everywhere were strictly added for use with IE 11. Not a big deal, but I just want to cover the bases. I might end up uninstalling IE in Programs and Features.

Hope I get a chance to test WiseVector and Huorong av-s soon. Anything that @Evjl's Rain likes I know is good. Test results have been impressive with WiseVector, but not sure what PC to commit at this point. I ran three cleaners and backed up the system today, so I am a step closer to looking into WiseVector at least. Not sure when, though...
Lastpass encrypts locally and uploads. It’s a pretty solid system.
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Does the free firewall disable Defender?

Great question, and I don't know the answer. I installed ZA on Windows 7, so I could not see. If you install the program, you will see that the a-v and firewall install separately. If you only install the firewall, the a-v module appears grayed out on the main ZA interface dialog. It uses Kaspersky sigs and can be added any time, so I wonder if that might disable Defender. Kind of doubt the firewall would, but it might.

Check Point says it is compatible with Defender:

ZoneAlarm 2019 is only compatible with MS Windows Defender, and is not compatible with any other antimalware software (e.g. AVAST, Symantec, Kaspersky, McAfee, etc.). To install ZoneAlarm 2019, you must first uninstall other antimalware software. Otherwise you may experience OS stability issues and computer performance issues.

Their online installation information guide:

 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Compatible as in they can play together or you don't need to remove Defender?

I can't find anything more than it is compatible. However, I don't see a single complaint in Google searches either. I feel certain there would be complaints if ZoneAlarm Firewall disabled Defender. I will take the word of @stefanos on this one. He has tried every software many times (y). He is an excellent source of knowledge and assistance...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top