Battle Best programs for default deny protection

Software comparison
Vs comodo
Feature comparison
  1. Ease of use
  2. Proactive protection (anti-exploit, behavior blocker, IDS-HIPS, sandbox)
  3. Machine learning and A.I. capabilities

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
591
3,128
I was wondering what some of the best programs for default deny protection are, i already use vs is there anything else I should use along with it?
Do not use multiple default deny security software together, if you are using VS continue with it, its very good one. Multiple default deny security software together wont improve your security, on the contrary it will cause issues in day to day working of your pc.
 

carl fish

Level 6
Verified
Mar 6, 2012
288
776
Stick with VS , you do not need anything else. But it would help us if you let us know what other protection you are using.
for real time protection Norton 360 premium, what is the best the security posture in vs in terms of how vs functions mine is set to aggressive should I change this or leave it as is also should I be adding any custom rules or folders these sections are currently blank?

thank you for your feedback on this
 
Last edited:

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,204
40,887
for real time protection Norton 360 premium, what is the best the security posture in vs in terms of how vs functions mine is set to aggressive should I change this or leave it as is also should I be adding any custom rules or folders these sections are currently blank?

thank you for your feedback on this
I find that VoodooShield works best for me on default settings.
Wouldn't change anything there.
Maybe @danb and other VS users can share their opinion or advice on some custom settings?
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
6,457
My vote for a default-deny security app would have to go to OSArmor, set to maximum security. It'll deny everything that's not on the exclusion list. This would not be used in conjunction with Voodoo Shield but instead of it.
OS_Armor blocks execution of programs and command parameters. It is not a default deny program, which whitelists stuff, works as a blacklist program, with build-in exception (allow) rules to prevent false positives. OS-Armor has an option to write your own rules and make it a default deny. OS-Armor also has some options to further tighten protection by blocking execution of unsigned programs from certain folders and block execution from folders which normally are not used for updating/installing programs.

The rational behind the yearly license fee is the effort the developer puts in maintaining the blacklist and the exception list in the blacklisted items.
 

n8chavez

Level 3
Feb 26, 2021
106
311
OS_Armor blocks execution of programs and command parameters. It is not a default deny program, which whitelists stuff, works as a blacklist program, with build-in exception (allow) rules to prevent false positives. OS-Armor has an option to write your own rules and make it a default deny. OS-Armor also has some options to further tighten protection by blocking execution of unsigned programs from certain folders and block execution from folders which normally are not used for updating/installing programs.

The rational behind the yearly license fee is the effort the developer puts in maintaining the blacklist and the exception list in the blacklisted items.

If you tick an OSA option, enabling the rule, and then try to execute whatever that rule intends to block what happens? Is that command and/or application allowed to execute? No. It's not. In my option that makes OSA deny by default; without exclusion the rule will be enforced and action denied. So, if you disagree you're saying that you believe one of two things, either that the rules are inadequate and thus OSA is ineffective or that every possible action (regardless if it can harm your system or not) needs an allow rule. I don't believe either of those is true. OSA is a deny by default application.
 
Last edited:
F

ForgottenSeer 85179

Security works always best with system internal stuff, so Windows SRP or Applocker.
SRP rules can be easily handled with Hard_Configurator tool from Andy.

Combine that with Microsoft Defender hardened with ConfigureDefender tool from Andy and you're done.
 

Arequire

Level 27
Verified
Content Creator
Feb 10, 2017
1,654
7,031
If you tick an OSA option, enabling the rule, and then try to execute whatever that rule intends to block what happens? Is that command and/or application allowed to execute? No. It's not. In my option that makes OSA deny by default; without exclusion the rule will be enforced and action denied. So, if you disagree you're saying that you believe one of two things, either that the rules are inadequate and thus OSA is ineffective or that every possible action (regardless if it can harm your system or not needs an allow rule. I don't believe either of those is true. OSA is an deny by default.
Using your definition behavioural blocking would also be considered default-deny, as it's nothing more than a collection of rules detailing malicious behaviours, which are blocked when a process infringes upon those rules.

Personally I subscribe to a very simple but strict definition of default-deny: Whitelisted items are allowed to run. Non-whitelisted items are blocked.
OSA doesn't fit that criteria for me as most of its rules are built around thwarting post-execution malicious behaviours. And while I'm sure it has rules in place to block the execution of certain files, and may even be able to be configured to act as a default-deny solution, if it doesn't do so uniformly by default then it shouldn't be considered one.
 

wat0114

Level 4
Verified
Apr 5, 2021
182
1,277
Security works always best with system internal stuff, so Windows SRP or Applocker.
SRP rules can be easily handled with Hard_Configurator tool from Andy.

Combine that with Microsoft Defender hardened with ConfigureDefender tool from Andy and you're done.

I'm definitely in favour of this approach, although complimenting this with OSArmor, for instance, should further enhance security, as it detects and blocks all kinds of different techniques used by malicious attacks.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,269
42,708
I'm definitely in favour of this approach, although complimenting this with OSArmor, for instance, should further enhance security, as it detects and blocks all kinds of different techniques used by malicious attacks.

OSA is very similar to SRP. Most of the OSA protection is prevention based on attack surface reduction kinda similar to SRP and Windows Policies. Furthermore, OSA (like SRP, Applocker, etc.) will not prevent most techniques used by PE executables (if EXEs are allowed to run).
I would not use the term "detect" in the case of OSA, because OSA cannot see if something is malicious or not.:unsure:
 
Last edited:
Top