AtlBo's Security Configuration

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Added NoVirusThanks. Working on the rest, especially password manager and UAC. UAC is blocking proper functionality of a program that I require for the setup I have for this PC, which I use to test optimization scenarios. NVT is the workaround, since it doesn't block this functionality.

Tried first VoodooShield, but it blocks a script operation that is important on this PC. NVT developers have managed to overcome this situation in which a batch file executes a batch file. Seems this is treated by NVT as a unique command line operation, which can be whitelisted in itself. VS does not do this and instead issues a block and requires all the elements of the operation to be whitelisted again. The operation runs 5 times an hour, so, for me, choosing NVT was unavoidable, although I can see that VS is perfectly acceptable for most scenarios and seems like a very good program.
 

XIII

Level 5
Verified
Sep 20, 2016
162
Added NoVirusThanks. Working on the rest, especially password manager and UAC. UAC is blocking proper functionality of a program that I require for the setup I have for this PC, which I use to test optimization scenarios. NVT is the workaround, since it doesn't block this functionality.

Tried first VoodooShield, but it blocks a script operation that is important on this PC. NVT developers have managed to overcome situations where a batch file executes a batch file. Seems this is treated by NVT as a unique command line operation, which can be whitelisted in itself. VS does not do this and instead issues a block and requires all the elements of the operation to be whitelisted again. The operation runs 5 times an hour, so, for me, the switch was unavoidable.

Same reason I hopped off the VS bandwagon. Having to mark cmd.exe as safe each time you compile code is ridiculous. And safe, but mostly ridiculous. Despite the unappreciative consumer focus, I do recommend Appguard if you decide to move away from NVT.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Added NoVirusThanks. Working on the rest, especially password manager and UAC. UAC is blocking proper functionality of a program that I require for the setup I have for this PC, which I use to test optimization scenarios. NVT is the workaround, since it doesn't block this functionality.

Tried first VoodooShield, but it blocks a script operation that is important on this PC. NVT developers have managed to overcome this situation in which a batch file executes a batch file. Seems this is treated by NVT as a unique command line operation, which can be whitelisted in itself. VS does not do this and instead issues a block and requires all the elements of the operation to be whitelisted again. The operation runs 5 times an hour, so, for me, choosing NVT was unavoidable, although I can see that VS is perfectly acceptable for most scenarios and seems like a very good program.
if you have paid version of VS, you can edit command lines, like in NVT ERP. I've done it, and it solved some probs for me, although it seems to work better in NVT ERP for some reason.
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I was curious about that. Thanks for the information. So far, I have been able to operate using NVT without any issues using simple "command line" allows in the Alert mode.

Looking forward to learning how to harden NVT and make the most of its capabilities. I should take it slow, though. I have the same setup on 5 systems and moving quickly can cause for me duplication of work to correct an error. I try to confine testing of security to one system, and that can take basically months as I guess all of us can confirm.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I was curious about that. Thanks for the information. So far, I have been able to operate using NVT without any issues using simple "command line" allows in the Alert mode.

Looking forward to learning how to harden NVT and make the most of its capabilities. I should take it slow, though. I have the same setup on 5 systems and moving quickly can cause for me duplication of work to correct an error. I try to confine testing of security to one system, and that can take basically months as I guess all of us can confirm.
the idea of editing the command line is for those situations where you keep getting a prompt over and over for the same operation. This is often because of a random string of characters that gets inserted, or a file name that keeps changing, both of which can be replaced by a * and then you don't get repetitive prompts.
 
Last edited:

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks for the information. Very helpful.

Now I understand the issue I was having with VS. I sent a report, but I didn't hear back, so I guess they are committed to leaving the free version this way. I can understand.

Maybe the NVT developers have gotten a little bit further overcoming the actual block problem. I guess I would say so, since I haven't experienced it with NVT so far with the configuration of apps and scripts I am running. If I do run into issues later, I'll take a look at the fixes or try AppGuard if I run into real troubles. :)
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Reinstalled Windows 7 64 Pro, so alot of changes:

Remaining from previous installation:
360 Total Security

Dropped:
MBAM Pro (license expired)
Private Firewall
NoScript
Ghostery
EMET 5.2-out of date and very little support :( for for the platform, which I like personally. 5.5 has already been bypassed in the wild.

Added:
Comodo Firewall 10 (Proactive, auto-sandbox/run restricted)
NoVirusThanks Exe Radar Pro
Https Everywhere
uBlock origin
MBAM on demand scanner
WPTSecurity Toolbox (TDSSKiller/Spybot/Housecall/BlueScreenView and others)

Enabled: UAC set to Always notify

WPTSecurity Toolbox is something I found searching for a security toolbox. I like this tool very much. It runs from an executable that contains several portable scanners and other portable programs. I put the exe in the PortableApps folder on drive 2 and pinned it to the task bar. The programs can be installed by option from the program main menu. Might install EMET 5.5 but not sure yet. Should I go for it, or is this too much?
 

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
shmu26 said:
nice config.
just curious: why do you use both Comodo Firewall(Proactive) and NVT ERP?

I guess for now just to see what Comodo Firewall doesn't sandbox or block, until I get comfortable with the method of sandboxing Comodo's unknowns. I feel like there is more I can drag from Comodo (or at least learn about it), and it bothers me. I've sandboxed the browser, since I don't have real time protection beyond the sandbox and 360 for protection against exploits...that is without NVT.

Maybe I should choose between seeing the pop ups of NVT or just counting on EMET? I think I would still feel better seeing the pop ups at this point, just because I don't 100% trust CFs unrecognized label. I didn't see much activity from EMET while using it. I think I recall 8 or 10 blocks over 2 years maybe.

Just to clarify. CF unrecognized does include unsigned? Is there anything else it includes?

Well EMET is more on lockdown to protect against exploits and most of the time it does not conflict with majority of security.

So it is fine.

Maybe I will reinstall it after all. I had it set up to run all the MS Office 2007 apps and all the vulnerable Windows processes (that I knew of) and then browsers. I got a block notice from EMET and an event viewer log of a block event occasionally that was Firefox itself usually (browser I was using). So either the browser was exploiting itself or something running as the browser. I would like to know if it was malware honestly, and I have the debug reports/dumps, but I don't think I'll get an answer to that.

I am correct that EMET would technically be blocking mostly injections of "protected" applications?
 
Last edited:

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
shmu26. I just learned something about NVT that I hadn't known. It does pick up on unsigned applications and notifies that they are unsigned. I didn't realize that, even though I used the program for I think 2 months before reinstalling Windows. I didn't even realize there is a quarantine either o_O. I suppose that I never needed it was one reason. Anyway, those are big plusses for the program. It does bring into question a little more for me using both, but I think I will stay with them for now. They actually seem to be working OK with each other for now.

I focus so hard on the system-wide scope of the functionality of programs, including security, that I have a really hard time with settings details. Because of this, I know I'm going to fumble with CF too. That said, I do wish Comodo would think more about a way to bring logs and trust and block lists together into a dialog or place them close together. Comodo's language doesn't help me much either. I mean on the widget "Unblock applications" could literally mean anything. I guess it means the internet connection based on what I have seen of the processes in there right now, but all these controls should be in one place I feel, if not in the same interface.

C'mon Comodo. 10 is better I would say for sure, but please be more creative with this GUI...:oops:
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
shmu26. I just learned something about NVT that I hadn't known. It does pick up on unsigned applications and notifies that they are unsigned. I didn't realize that, even though I used the program for I think 2 months before reinstalling Windows. I didn't even realize there is a quarantine either o_O. I suppose that I never needed it was one reason. Anyway, those are big plusses for the program. It does bring into question a little more for me using both, but I think I will stay with them for now. They actually seem to be working OK with each other for now.

I focus so hard on the system-wide scope of the functionality of programs, including security, that I have a really hard time with settings details. Because of this, I know I'm going to fumble with CF too. That said, I do wish Comodo would think more about a way to bring logs and trust and block lists together into a dialog or place them close together. Comodo's language doesn't help me much either. I mean on the widget "Unblock applications" could literally mean anything. I guess it means the internet connection based on what I have seen of the processes in there right now, but all these controls should be in one place I feel, if not in the same interface.

C'mon Comodo. 10 is better I would say for sure, but please be more creative with this GUI...:oops:
I never cease to be amazed by the things I failed to understand. there seems to be no end to it. It all seems so obvious, with hindsight...
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@AtlBo: Yes EMET will block it, basically anything which are under of protected category should prevent any external programs or scripts to execute since that behavior is related to exploits.
 
  • Like
Reactions: shmu26 and AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Thanks for the information jamescv7. Based on your post I have added EMET 5.5 (most recent version). Used settings rules from I have in previous installation from EMET 5.2 to configure.

I like this setup now.
 
Last edited:

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Sorry, here it is:

Qihoo 360 TS max settings
Comodo Firewall (auto-sandbox (restricted)/HIPS off)
NoVirusThanks Exe Radar Pro (max settings including self protect/include "Allow Windows system..." and "Allow all software from Programs..." unchecked).
EMET 5.5 fully configured for maximum protection of vulnerables (Office/browser/Windows...settings maxed for best possible security and functionality for programs-this took quite some hours to do on the previous install of Windows)

Browser:
Comodo Dragon
Extensions:
uBlock Origin
HTTPS Everywhere
360 Safe Browse (in conjunction with 360 this I like this, but it runs an .exe, so some apparently some programs don't like the plugin. I think VoodooShield flags it and maybe even Comodo. Head is spinning with settings, but I think the reason is the .exe for an extension)

No small feat getting all this to work together, I'll say that...

EDIT: Moving around like a beagle without a brain. Forgot UAC settings:

UAC max settings-password protected limited rights user account and admin account
 
Last edited:
  • Like
Reactions: shmu26 and frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top