CyberGhosT's "No-Sig" Configuration

Status
Not open for further replies.

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
lol sorry yes I mean DA ^^ also I'm an advanced user
There is nothing that is necessary to change in DeepArmor, within the install location you can view and edit the whitelist for DA but
it really is not necessary unless you by accident add something, in which case it can be removed by entering folder indicated in
red with the numeral (1)....... In the folder indicated with the numeral (2) even if you clear the alert list from the Cpanel you can find all
past alerts in there:
DA_SS.png

Please note that the Whitelist file is in CSV format, edit it then save it to your desktop, then delete the original CSV from it's location, then drop in the edited version. If you leave in the original and try to drop it in over it, it will not take.
 
Last edited:

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
In my quest for a fast and secure Sig-Free config I am testing running MBAE alongside HMPA
MBAE is still in development as a standalone, found here: MBAE 1.10 - Latest Standalone BETA
I had a key, but you don't need it seeing it allows for premium features seeing the "Standalone" is in perpetual beta.
It seems light and non conflicting with HMPA which is good and can be yet another tool for us Sig-Free adventurers.
** Changes are reflected in my Config. I will report here any issues. PeAcE
 

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
MBAE is sad. Less sad than Malwarebytes Anti-Malware but still sad and not comparable to HMPA.
Yeah I set the advanced settings as max while I test it, I more had in mind to add it as a companion to other
solutions like HMPA, it will for sure not be replacing any of them ;)
Thanks for the feedback brother.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
In my quest for a fast and secure Sig-Free config I am testing running MBAE alongside HMPA
MBAE is still in development as a standalone, found here: MBAE 1.10 - Latest Standalone BETA
I had a key, but you don't need it seeing it allows for premium features seeing the "Standalone" is in perpetual beta.
It seems light and non conflicting with HMPA which is good and can be yet another tool for us Sig-Free adventurers.
** Changes are reflected in my Config. I will report here any issues. PeAcE
Didn't know MBAE is still under development under beta. They must be trying to gather concentrated feedback and testing on standalone to later benefit the MB package.

Exploits are very uncommon to come across anyway. Having two anti-exploits may not cause any trouble in regular use.
However, one might not get a chance to evaluate how the two of them (HMPA and MBAE) function at that critical time due to the rare possibility of exploit occurrence on your system.
There are chances that two anti-exploits covering the same application(s) with say similar mitigation strategies can cause serious conflict during the crucial time and eventually result in user loss.
 

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Didn't know MBAE is still under development under beta. They must be trying to gather concentrated feedback and testing on standalone to later benefit the MB package.

Exploits are very uncommon to come across anyway. Having two anti-exploits may not cause any trouble in regular use.
However, one might not get a chance to evaluate how the two of them (HMPA and MBAE) function at that critical time due to the rare possibility of exploit occurrence on your system.
There are chances that two anti-exploits covering the same application(s) with say similar mitigation strategies can cause serious conflict during the crucial time and eventually cause user loss.
Yeah I agree, and I put to sleep VoodooShield for this, HMPA and VS play nice, so I figured "why not" and decided
to try MBAE as well. I may clone this and look for a exploit to test on the clone and see if the protection falls apart,
but I have a sneaking suspicion that HMPA will arrest an exploit before MBAE makes a peep. I only want to try this because
even if it is half ass decent, it is a good addition or companion for those that like free companion apps of this caliber.
Thanks for the feedback brother :)
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Yeah I agree, and I put to sleep VoodooShield for this, HMPA and VS play nice, so I figured "why not" and decided
to try MBAE as well. I may clone this and look for a exploit to test on the clone and see if the protection falls apart,
but I have a sneaking suspicion that HMPA will arrest an exploit before MBAE makes a peep. I only want to try this because
even if it is half ass decent, it is a good addition or companion for those that like free companion apps of this caliber.
Thanks for the feedback brother :)
Cool! Sure there are higher chances of HMPA blocking the badman. Does the HMPA Beta that you've installed include Anti-malware feature now?

I got a small interesting read on MBAE against EB and similar exploits :)
An updated test of MRG we'd seen here immediately after the attack demonstrated that HMPA could block the various attempts.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
In my quest for a fast and secure Sig-Free config I am testing running MBAE alongside HMPA
MBAE is still in development as a standalone, found here: MBAE 1.10 - Latest Standalone BETA
I had a key, but you don't need it seeing it allows for premium features seeing the "Standalone" is in perpetual beta.
It seems light and non conflicting with HMPA which is good and can be yet another tool for us Sig-Free adventurers.
** Changes are reflected in my Config. I will report here any issues. PeAcE
Isn't having HMPA more than enough? It should be much much better than MBAE, right?
 

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I agree with all of you, MBAE is not for pairing with HMPA, your correct the hooks are blocked, but it is a tool none the less and with the premium features being free in the perpetual beta, it is another tool in the chest of Sig-free solutions.
It may be better paired with VS, or cloud based solutions. I will wake up VS.
Remember how new the concept of Sig-free solutions is, all the tools are not ideal yet, but as a whole major
strides are being made by those of us willing to take the leap and test things like this.
The thing that I like is the journey and being a part of the trail being blazed that shows just how dated Sig-Based
solutions have become.
I don't expect to hit it out of the park every time as I learn what fits where, but I do this here openly so we all lean
as we go. Thanks guys for all your feedback that's promoting growth. :)
 
Last edited:

_CyberGhosT_

Level 53
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Made some changes to my main Windows 10 drive, they are reflected within my security profile.
They are as follows.
Added:
GlassWire Pro 1.2.109 (LifeTime)
Sophos Home (Beta) 1.2.3 Premium
Removed:
Hitman Pro Alert Beta (Premium)
Hitman Pro Beta (Premium)

WFC (Windows Firewall Control) Premuim
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,857
Made some changes to my main Windows 10 drive, they are reflected within my security profile.
They are as follows.
Added:
GlassWire Pro 1.2.109 (LifeTime)
Sophos Home (Beta) 1.2.3 Premium
Removed:
Hitman Pro Alert Beta (Premium)
Hitman Pro Beta (Premium)

WFC (Windows Firewall Control) Premuim
So it's not sig-free anymore :)
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
So seeing Sophos sneaks in sigs I do have to change my Configuration title :(
Ok fixing it now @pablozi :)
Changed it to "Lite" config instead of "Sig-Free"
Yeah, even hmpa will have sigs soon on the cloud like intercept and the home beta. Nothing bad with that as long as they are not on your pc to waste resources. The higher the detection the better.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top