DacoZ's Security Configuration

[DaCoZ]

Why is my config still reads "take caution" ?

I've updated a lot of things.

In summary:
Got Kaspersky Total Security (all option in ON), Anti-malware in real time / scan, 2 x Anti-exploit, Try&Decide 2016 as test environment (replaces virtualisation tools) with my external US3 HDD with personals datas disconnected, Rogue killer & MBAM Premium as scan, Tor Browser with HTTPS Everywhere and NoScript, uBlock Origin, etc

Any clue ? What should I change / add / remove ?

 

[DaCoZ]

Added Zemana Anti-malware Premium as 2nd scanner

 

[DJ Panda]

Why is my config still reads "take caution" ?

I've updated a lot of things.

In summary:
Got Kaspersky Total Security (all option in ON), Anti-malware in real time / scan, 2 x Anti-exploit, Try&Decide as test environment (replaces virtualisation tools) with my external US3 HDD with personals datas disconnected, Rogue killer & MBAM Premium as scan, Tor Browser with HTTPS Everywhere and NoScript, uBlock Origin, etc

Any clue ? What should I change / add / remove ?

I don't know if you corrected it but do you still play with malware samples on your host PC? It is better do do a Vm or sandbox.

 

[DaCoZ]

I don't know if you corrected it but do you still play with malware samples on your host PC? It is better do do a Vm or sandbox.

I play with malware samples on my host PC with Try&Decide 2016 enabled ( virtualisation of changes , like Shadow Defender), with my USB3 (personnals data) disconnected. Static Scan first, and for the malwares not detected : dynamic scan.

 

[Captain Awesome]

Good config,Try&Decide is not secure as Shadow Defender.

 

[Deleted Member 3a5v73x]

VirtualBox is free, and its easy to learn. "Try&Decide" may be good in situations when you want to test out new programs and then just revert if you aren't satisfied, but if you test malware on the host machine it is matter of time when "human-error" steps in and your data may get encrypted

 

[DaCoZ]

VirtualBox is free, and its easy to learn. "Try&Decide" may be good in situations when you want to test out new programs and then just revert if you aren't satisfied, but if you test malware on the host machine it is matter of time when "human-error" steps in and your data may get encrypted

I've already run a ransomware locky, which encrypted my files, but protected by "Try&Decide" : all changes were done virtually. When I canceled them and reboot, all was as if I had never launched the ransomware.
With Acronis true image, I make backups of my system very often. In case of "human error", 10 min max to restore my host PC.
What is Try&Decide | Acronis True Image Home

Good config,Try&Decide is not secure as Shadow Defender.

A lot of people on this forum refer to Shadow Defender. I will test it, and see if there are lot of differences with Try&Decide

 

[Captain Awesome]

The main difference is Try&Decide stop developing by Acronis.My point is stop using backdated products it is harmful for your pc.
My alternative suggestions are:1.VirtualBox (free),2.VMWare Player 3.Shadow Defender

 

[DaCoZ]

Try&Decide was removed from severals versions of Acronis True Image, but came back with Version 2016 (Try&Decide last version is signed on 26/04/2016)
If I change, one day, it would certainly be for Shadow Defender, I think

 

[Captain Awesome]

Can you give me the link of version 2016?

 

[LabZero]

@DaCoZ about our Risk Assessment you can take a look here:

https://malwaretips.com/threads/must-read-requirements-for-replying-to-virus-exchange-forum.59514/

 

[DaCoZ]

Can you give me the link of version 2016?

Acronis True Image 2016: FAQ | Knowledge Base

In part : "What's new un Acronis True Image 2016?"

"...
Try&Decide is back in the product—By popular demand, Acronis Try&Decide was returned to Acronis True Image 2016. You can find this feature in the Tools section.
...
"

 

[LabZero]

Acronis T&D relies on Acronis loader about the MBR. Currently I do not have documented certainty that AT&D protect the MBR.

 

[DaCoZ]

Acronis T&D relies on Acronis loader about the MBR. Currently I do not have documented certainty that AT&D protect the MBR.

I 'm only sure that Try&Decide cannot be used to protect GPT disks.

If my PC have a hard reboot, or reboot for another reason (with Try&Decide enabled), Acronis loader ask me to choose between "reboot" or "discard".

I will investigate about the MBR protection. If I don't find MBR protection, I will use another software (certainly Shadow Defender)

 

[Duotone]

Shadow Defender key features are:
1) MBR protection; and
2) Drive protection

and if you Shadow protect the drive(ex: D: containing backups/files) and you did mess up drive C: even if a restore was done you'll see D: drive is still in shadow mode after the restoration.

Out of curiosity will Try&Decide survived and attack from Rombertik or PETYA ransomware?!

Acronis T&D relies on Acronis loader about the MBR. Currently I do not have documented certainty that AT&D protect the MBR.

But considering @Klipsh comment , then again I maybe wrong ...

 

[DaCoZ]

Shadow Defender key features are:
1) MBR protection; and
2) Drive protection

and if you Shadow protect the drive(ex: D: containing backups/files) and you did mess up drive C: even if a restore was done you'll see D: drive is still in shadow mode after the restoration.

Out of curiosity will Try&Decide survived and attack from Rombertik or PETYA ransomware?!


But considering @Klipsh comment , then again I maybe wrong ...

Thanks for this information.
I will test them all (software and malwares - if I find samples).
(All tests I make are with Try&Decide enable, Kaspersky Total Security, MBAM & MBAE Premium, ZAM Premium, C: avaiable and protected. First : Static Scan , Second : Dynamic Scan on malwares not detected).

Edit: samples not found, can't test

 

[DaCoZ]

I Purchased Shadow Defender 1.4.0.629 to replace Try&Decide (as I didn't find any information about MBR protection)
I will now test malwares samples with this Software.
First post Updated.

 

[DaCoZ]

Updated A lot of things, my config still reads "PC:TAKE CAUTION" ?
What should I change to read "PC:SECURE" ?