- Feb 24, 2017
- 1,661
you download the usual installer then deselect the modules you don't want to install.
be prepared, the UI is not user friendly and in some cases can bug out (like it did on me)
CF with CS - Good Enough Alone?
- Thread starter SearchLight
- Start date
- Status
be prepared, the UI is not user friendly and in some cases can bug out (like it did on me)
- Feb 24, 2017
- 1,661
how would you not look over UAC when it pops up every time something opens? it can't be used as an indicator to spot something malicious.
and smartscreen only works on executables downloaded straight from the internet..
Using UAC is no different then using a product that prompts the user for choices. It intercepts, and you have to determine. UAC also has different presented formats/prompts, not just would you like to allow this.
If you would like to see something you would not expect, place UAC at max, windows defender on, download a pack from the Hub, and open it, then launch what is left, and tell me if Smartscreen intercepts. If you really want to test it, go to Hybrid-Analysis or similar site and download each sample one at a time with all enabled. Use MS Edge as your main browser while doing so... Should be interesting the results you find. I have done it many times, and have seen serious marked improvement over time.
As you stated, the mark of the web, certainly helps the chances of them being intercepted, it also happens to be the most common method of downloading and executing any applications for common users.
Last edited by a moderator:
i totally agree.
exact unless they look for a particular feature.
Even "professional" test labs disable UAC and Smartscreen, if they don't they can't "sell" you their results.
yes i remember a cool video where the tester ( a good buddy of mine) let those enabled, the tested product had almost nothing to do , all was blocked by UAC/SS.
- Jan 5, 2018
- 163
DEP enabled for all programs, Hypervisor enabled Code Integrity with DMA, Secure Boot, Credential Guard etc.
Require trusted path for credential entry enabled.
All this running on a SUA + the before mentioned hardening tweaks for Defender.
Yes I'd say no need for 3rd party AV.
- Apr 16, 2017
- 2,094
suggest you also download the administration guide pdf. I'm finding it helpful.
- Apr 16, 2017
- 2,094
I just installed forticlient 5.6.6.1167, just the webfilter. seems to play nice with other security apps seems not to slow down browsing and it did block a webpage, which I found curiously interesting and digging deeper into that one as it was not expected. Plus the newer extensions for chrome. Almost feels safe
seems not to slow down browsing and it did block a webpage, which I found curiously interesting and digging deeper into that one as it was not expected. Plus the newer extensions for chrome. Almost feels safe 
- Jan 29, 2017
- 1,201
To which I would ask... if the AV does detect it, how do you know it's not a false positive... See what trouble you've gotten yourself into? CS said it best...
mmmm I guess if more than 3 respectable AV engines detect it, then I assume it's malicious.
- Jan 29, 2017
- 1,201
If you know that all three detected it, then sure maybe... but most AV's with multiple detection engines throw an alert if any of the engines find fault, and you generally are not informed which engine(s) alerted and which didn't unless you dig more deeply, or submit to VT.
- Apr 13, 2013
- 3,144
This is an important comment! The issue here is that one can infer that if either 2 or 1 or even 0 scanners showed a file to be malicious it must be good, right?
Obviously this is far, far from the case, and is the major weakness in the traditional AV. Most professional malware authors know that, as a rule of thumb, that a true Zero-day file sent out to the masses will have an initial detection by some scanner at the 12 hour mark (and at this point in time a respectable Blackhat will morph the original and send it out again).
Even worse a more targeted malicious file may go undetected for weeks (remember CCleaner?) and malware sent to a single organization can get past security protection for many months (like the Scriptors used in the Target and Home Depot breaches).
So although VT results are fun to watch and one with frequent use can see which vendors react the quickest (and those that do not react at all!) to new malware, one does not know the timeframe between initial malware release and initial AV detection.
- Jul 6, 2017
- 2,392
Well here with the configuration of the cruel Sister. You have to have clear concepts. For example, "I will not install anything that is not necessary and that is a program known as good." In this way, it is difficult to infect with a zero day. and of course, signatures are still necessary. Why do I know that I am clean if it is not for the signatures of AVs?
If you want to try a new program, use Shadow Defender.
If you want to try a new program, use Shadow Defender.
FortiClient has no true firewall, the firewall would be the FortiGate. Without a FortiGate you won't have a traditional firewall and Windows Firewall will be left running. It has an APPLICATION firewall, which is different, it's an application control firewall that gives you granular control over applications and their activities.
That link is correct.
- May 26, 2014
- 1,339
Well here with the configuration of the cruel Sister. You have to have clear concepts. For example, "I will not install anything that is not necessary and that is a program known as good." In this way, it is difficult to infect with a zero day. and of course, signatures are still necessary. Why do I know that I am clean if it is not for the signatures of AVs?
If you want to try a new program, use Shadow Defender.
Good comment, I second that.
- Status
Similar threads
