Basic Security Chri.Mi Security Config 2020

Last updated
May 2, 2020
How it's used?
For home and private use
Operating system
Linux
Log-in security
Security updates
Check for updates and Notify
User Access Control
Real-time security
Is Linux!
Firewall security
About custom security
Hardening Chromium
Periodic malware scanners
N/A
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chromium
Maintenance tools
Pacman
Pamac
Manjaro Settings Manager
File and Photo backup
N/A
System recovery
Timeshift
Risk factors
    • Gaming
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
N/A

Chri.Mi

Level 7
Thread author
Well-known
Apr 30, 2020
337
Yes, it's my top choice every time I remove FortiClient to try another AV. But FortiClient is very light and stable and I haven't found any viable alternative yet (not that I have to find one actually ;) )
Forticlient is nice... but dont like them strategy to give old version free. Had more sense if them could make a free version (with less features of course).
I think a good combo can be windows defender MAX setting (block any unrecognized PE, thk @Andy Ful for nice explanation), comodo firewall for autocontainment (vs doc, script, etc) and blocksi for internet surf (block all dangerous+unrated). In this way i think have more chance to block 0 days. Is like a preventive threat setup, then protective threat setup. And in my experience prevention is always better the remediation.
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
Forticlient is nice... but dont like them strategy to give old version free. Had more sense if them could make a free version (with less features of course).
I think a good combo can be windows defender MAX setting (block any unrecognized PE, thk @Andy Ful for nice explanation), comodo firewall for autocontainment (vs doc, script, etc) and blocksi for internet surf (block all dangerous+unrated). In this way i think have more chance to block 0 days. Is like a preventive threat setup, then protective threat setup. And in my experience prevention is always better the remediation.
I agree with you on Forticlient
but I don't think blocksi and two default deny suites is a good idea .
Use only Andy H_C or CF cruel.
About blocksi I have no experience with it so I can't tell if it's good or not.
But since it has unrated I gotta test it .
 

Chri.Mi

Level 7
Thread author
Well-known
Apr 30, 2020
337
I agree with you on Forticlient
but I don't think blocksi and two default deny suites is a good idea .
Use only Andy H_C or CF cruel.
About blocksi I have no experience with it so I can't tell if it's good or not.
But since it has unrated I gotta test it .
Is good enough

If i should chosen will go with H_C for sure, but thinking if can make a combo (some security config have this combo). Have to see what are the pros and the cons, and balance them.

Yes, it's my top choice every time I remove FortiClient to try another AV. But FortiClient is very light and stable and I haven't found any viable alternative yet (not that I have to find one actually ;) )
In some way Blocksi is better, if u use warn unrated, and 1 of your favorite site is unrated u can allow it. On forticlient i could not do with unrated (dunno if was my fault)
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
Forticlient is nice... but dont like them strategy to give old version free. Had more sense if them could make a free version (with less features of course).
I think a good combo can be windows defender MAX setting (block any unrecognized PE, thk @Andy Ful for nice explanation), comodo firewall for autocontainment (vs doc, script, etc) and blocksi for internet surf (block all dangerous+unrated). In this way i think have more chance to block 0 days. Is like a preventive threat setup, then protective threat setup. And in my experience prevention is always better the remediation.

I think that it's more probable that windows defender got affected from zero days, as it is the default antivirus software on all Windows PCs. Once a malware exploits Windows Defender (I mean specific malwares that capable of exploit security softwares) it doesn't matter whether you block unknown executables or not, am I wrong?

Such an incident ever happened before?
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
If i should chosen will go with H_C for sure, but thinking if can make a combo (some security config have this combo). Have to see what are the pros and the cons, and balance them.
Con of CF is clearly the attack surface , flagging malware is trusted, possible to get a certificate to bypass Comodo cheaply mostly because of stupid contractors.
H_C is a SRP comparable to group policy.
 

Chri.Mi

Level 7
Thread author
Well-known
Apr 30, 2020
337
I think that it's more probable that windows defender got affected from zero days, as it is the default antivirus software on all Windows PCs. Once a malware exploits Windows Defender it doesn't matter whether you block unknown executables or not, am I wrong?

Such an incident ever happened before?
Y but there is difference between default windows and MAX settings with hard configurator. This dont means is invulnerable, but how u can see in malware sample test is not easy to bypass.
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
Y but there is difference between default windows and MAX settings with hard configurator. This dont means is invulnerable, but how u can see in malware sample test is not easy to bypass.

Sure, it's very hard to bypass while using default deny method. But just wait for a specific malware that is capable of exploiting the default security software installed on most computers (Windows Defender).

I don't know how it works but does it also protect you from unknown scripts or fileless malware?
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
I think that it's more probable that windows defender got affected from zero days, as it is the default antivirus software on all Windows PCs. Once a malware exploits Windows Defender (I mean specific malwares that capable of exploit security softwares) it doesn't matter whether you block unknown executables or not, am I wrong?

Such an incident ever happened before?
It's actually more hardened then many AV software.
But you can bypass the max Defender settings with a script .
But you can technically block the script it self via a SRP.
 

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
In some way Blocksi is better, if u use warn unrated, and 1 of your favorite site is unrated u can allow it. On forticlient i could not do with unrated (dunno if was my fault)
You can also set FortiClient to warn instead of blocking.
The main difference between Blocksi and FortiClient is that the former is browser-limited while the latter is system-wide (it can prevent any app to reach a bad website)
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
Installed Voodooshield and Sandboxie. Replaced Bitdefender traffic light, netcraft, fair adblocker, blocksi with adguard. Hardened edge chromium with some flags. Applied custom settings on Windows Defender
Great lower attack surface!
 

Chri.Mi

Level 7
Thread author
Well-known
Apr 30, 2020
337
Removed sandboxie. Removed ghostery, popup blocker and smart https. Now i am using adguard, redirector, and skip redirect

Adguard -> enabled almost all filters except the obsolate ones and languages ones (only 2 italians using).
Redirector -> made rules for redirect http to https
 

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,147
Removed sandboxie. Removed ghostery, popup blocker and smart https. Now i am using adguard, redirector, and skip redirect

Adguard -> enabled almost all filters except the obsolate ones and languages ones (only 2 italians using).
Redirector -> made rules for redirect http to https
You can use built in flags / policies as an alternative to Redirector .
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top