Advanced Security Carl fish security config 2023

Status
Not open for further replies.
Last updated
Nov 26, 2023
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
pro
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Enabled
Real-time security
sophos intercept x
cyberlock pro lifetime
Firewall security
Other - Internet Security (3rd-party)
About custom security
Enabled Core Isolation
enabled Force randomization for images mandatory (ASLR)
Periodic malware scanners
malwarebytes
Malware sample testing
I do not participate in malware testing
Environment for malware testing
n/a
Browser(s) and extensions
Microsoft Edge
Firefox
ad guard lifetime
Secure DNS
default DNS
Desktop VPN
none
Password manager
Last Pass
File and Photo backup
macrium reflect 8 home full system images
System recovery
external hard drive
macrium reflect 8 home full system images
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
Processor AMD Ryzen 7 5825U with Radeon Graphics 2.00 GHz
Installed RAM 16.0 GB
System type 64-bit operating system, x64-based processor



Enabled Core Isolation
enabled Force randomization for images mandatory (ASLR)
Firefox latest
windows 11

Enabled these optional features:
Microsoft defender application guard
Windows sandbox
Notable changes

sophos intercept x​

cyberlock pro lifetime
What I'm looking for?

Looking for maximum feedback.

Notes by Staff Team
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

Victor M

Level 10
Verified
Well-known
Oct 3, 2022
465
@carl fish I think it is best to refer to a basic security principle : DEFAULT DENY. That means anything not specifically allowed should be denied. It also means you keep a white list of what is allowed. The Default Deny principle can be applied to several areas. In this case, you can use an anti-executable. Anti-executables setup a whitelist of all the apps on your drive. And when a new one appears, whether you are installing something or when a malware lands on your PC, it pops up and asks you whether to allow or not. Examples of anti-executables are Faronics AntiExecutable, WDAC, and CyberLock. CyberLock is the more powerful of the 3, it verifies whether the exe is signed and verifiable, then it consults an AI engine and a reputation database. Then if it is not on the whitelist, it pops up and asks you. And if you click on 'details' on the pop up, it shows the full path of the exe, so that may give you another clue as to whether to allow it to run.

Microsoft Windows Defender Application Control (WDAC) is another anti-executable.(free) It keeps a whitelist and checks signatures. But it is more laborious to maintain because you have to add to the whitelist manually. So to install a new program, you have first add the installer hash to the whitelist. Then after you installed the program, you have to add the programs path or publisher to the whitelist. The easiest way to implement WDAC is to use WDAC Toolkit. But you can do it just using Powershell, The file list can also contain black list deny's. One thing about WDAC is that it doesn't ask you, it just tells you it is blocked and reports it in Event Viewer. So this maybe a good feature if you are deploying to n00bs - they can't make a mistake and allow something that they shouldn't.

Faronics is an older anti-executable. It keeps a whitelist and when it encounters an unknown exe, it pops up and asks you. However the pop up doesn't show you the full path, it just shows the file name. So it is harder to decide whether to allow the new exe or not. I find it rather slow.

Many people have shunned antivirus programs because they rely on the vendor capturing malware. From the malware samples, they derive key fragments which serve as a signature so that the malware can be recognized. And they also analyze the behavior of the malware for use in their heuristics AV component. But the key thing is that these things all come from known malware. If a new one appears that is totally unlike older malware, then it will slip through. Anti-executables couldn't care less about whether a new exe is malware or not - it checks the whitelist and if it is new it asks you.

To supplement the anti-excutable, you need a tool that detects malware scripts, because scripts are not exe's. And these malware scripts use native Windows commands to do their deeds. So the anti-executable won't see them. For that task, there is NoVirusThanks' OSArmor. Or you can create a black list using Windows' Software Restiriction Policy or AppLocker or WDAC to deny Windows commands that are commonly abused by malware scripts. The list of these commands is at LOLBAS

I find that it is best not to rely on a single antimalware tool but instead employ different tools to cover different segments of threats.
 
Last edited:
  • Like
Reactions: danb

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
Kaspersky and CyberLock is an overkill. Also, it does take time to get used to Mac. Specially the shortcut key combos. It is best to read the manual.
Oh, but it is soooooo nice to know your computer is locked when you are browsing the web or checking email and are about to click on something you are unsure of ;). That, along with about 20 or so other major features.

Most people who claim VS/CL is overkill with a traditional AV, has most likely never ran VS/CL on their production machine. No offense, but honestly, if someone is going to claim something is overkill, please make sure you are familiar with the product and its capabilities, and that you have used it for several days.
 

simmerskool

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,177
Oh, but it is soooooo nice to know your computer is locked when you are browsing the web or checking email and are about to click on something you are unsure of ;). That, along with about 20 or so other major features.

Most people who claim VS/CL is overkill with a traditional AV, has most likely never ran VS/CL on their production machine. No offense, but honestly, if someone is going to claim something is overkill, please make sure you are familiar with the product and its capabilities, and that you have used it for several days.
yeah, I am not sure what "overkill" means in this context. fwiw, I just paired VS/CL with Kaspersky Standard (on a win10_VM). I am not seeing any conflicts, no slowdowns. Can I prove VS has saved my ass over the past several years, no, but I have not been infected and VS doesn't interfere with my computer usage. (but I'm not running VS with DeepInstinct or with Checkpoint Harmony). Do I need VS with Kaspersky Standard...? I just prefer running VS absent some clear reason not to. So I agree with Dan :) on this one.
 

Trident

Level 30
Verified
Top Poster
Well-known
Feb 7, 2023
1,967
Oh, but it is soooooo nice to know your computer is locked when you are browsing the web or checking email and are about to click on something you are unsure of ;). That, along with about 20 or so other major features.

Most people who claim VS/CL is overkill with a traditional AV, has most likely never ran VS/CL on their production machine. No offense, but honestly, if someone is going to claim something is overkill, please make sure you are familiar with the product and its capabilities, and that you have used it for several days.
I suggest you get familiar with Kaspersky first. Then you’ll realise you can’t offer anything that they haven’t offered already, as then can already lock a PC down + they can do a lot more than that.
 
  • Like
Reactions: Nevi and harlan4096

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,710
I suggest you get familiar with Kaspersky first. Then you’ll realise you can’t offer anything that they haven’t offered already, as then can already lock a PC down + they can do a lot more than that.
As I have already posted on MT, my local clients run either Kaspersky Small Office or Windows Defender + VS/CL, so I am familiar with it. I was simply recommending that if someone is going to have an opinion on a product, they should use it for a few days first so they can see what all it has to offer.
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
as I windows user is it easy to get used to mac?
Yes, it’s no more difficult than switching to any other OS (ie. Linux, Android, iOS, Chrome OS etc.). The biggest change would be getting familiar with the keyboard shortcuts changes, the rest is a breeze.

A good question is why are you looking to switch?
  • Mac OS is not immune to malware or exploits
  • Mac versions of Antivirus lack extra proactive features that are usually found on the Windows versions
  • An Apple ID is required to use the App Store and other Apple services

The minimum spend for a new Mac is $600 - Mac mini
Apple Silicon M2 (8-Core CPU , 10-Core GPU)
8GB Unified Memory
256GB SSD Storage
2x Thunderbolt 4 ports, 2x USB-A ports, HDMI port, Gigabit Ethernet, headphone jack
  • AppleCare+ is optional. Insurance may cover
  • If you’re buying an older refurb/used model, check they are compatible for Ventura and the upcoming Sonoma upgrade later this year
  • I recommend using your own existing accessories, such as displays, mouse and keyboard. Check if your keyboard is Mac-compatible
Browse Apple and third-party accessories, or Logitech MX

A word of caution, Apple cut corners on the base level for the M2 spec lineup.
 

simmerskool

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,177
Yes, it’s no more difficult than switching to any other OS (ie. Linux, Android, iOS, Chrome OS etc.). The biggest change would be getting familiar with the keyboard shortcuts changes, the rest is a breeze.
My wife switched from windows to macOS and she had some concerns at first, but learned macOS quickly and would not go back to windows.
 

Trident

Level 30
Verified
Top Poster
Well-known
Feb 7, 2023
1,967
Cmon... Unfortunately? I couldn't live without Windows and with all its tweaking possibilities. And I am sure you are feeling the same... ;)
I am not tweaking anything (apart from uninstalling OEM bloatware and disabling startup items). I like it as vanilla and boring as possible. I also have ChromeOS Flex. I gotta keep current with all of them for work.
 

simmerskool

Level 32
Verified
Top Poster
Well-known
Apr 16, 2017
2,177
I am not tweaking anything (apart from uninstalling OEM bloatware and disabling startup items). I like it as vanilla and boring as possible. I also have ChromeOS Flex. I gotta keep current with all of them for work.
really, I have a mac mini with a 4k monitor, a nice backup but I do find it boring...
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
I just brought a 2011 MacBook pro
Paid $50-100?

Newest compatible operating system: macOS High Sierra (Verify Here)

Name and InformationAvailable forRelease dateSupport status
Security Update 2020-006 High Sierra
Security Update 2020-006 Mojave
macOS High Sierra 10.13.6
macOS Mojave 10.14.6
12 Nov 2020Unsupported as of 12 Nov 2020


 

carl fish

Level 7
Thread author
Verified
Mar 6, 2012
333
Paid $50-100?

Newest compatible operating system: macOS High Sierra (Verify Here)

Name and InformationAvailable forRelease dateSupport status
Security Update 2020-006 High Sierra
Security Update 2020-006 Mojave
macOS High Sierra 10.13.6
macOS Mojave 10.14.6
12 Nov 2020Unsupported as of 12 Nov 2020


Paid $50-100?

Newest compatible operating system: macOS High Sierra (Verify Here)

Name and InformationAvailable forRelease dateSupport status
Security Update 2020-006 High Sierra
Security Update 2020-006 Mojave
macOS High Sierra 10.13.6
macOS Mojave 10.14.6
12 Nov 2020Unsupported as of 12 Nov 2020


Would a 2011 Mac book still be able to run a newer version using open core legacy patcher?
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
Would a 2011 Mac book still be able to run a newer version using open core legacy patcher?
It’s something you’d need to investigate/research further.

Related:

Running the latest versions of macOS won’t guarantee your hardware components are free from exploits and unpatched vulnerabilities.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top