Advanced Plus Security DeepWeb's Security Config

Last updated
Dec 17, 2018
Windows Edition
Enterprise
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Kaspersky Total Security (GDPR)
Firewall security
Periodic malware scanners
Norton Power Eraser
Run PE Detector
VT Hash Checker
Root Certificate Check
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Browsers:
Chrome
Firefox Nightly
Edge

Extensions:
Nano Adblocker & Defender
HTTPS Everywhere
Privacy Possum
Searchonymous
Temporary Container (FF)
Maintenance tools
None - They break more than they fix
File and Photo backup
Windows Backup using File History
System recovery
Macrium Reflect

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
If you are talking to protect against infected USB devices then there are some like MCShield, USB Disk Security etc

They are sig-less and use heuristics for scanning
Oh I meant offline antivirus in case I lose connection.
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
You can ask those who use Deeparmor. It is a sig-less AI antivirus.
I applied for the beta. Still waiting. In the meantime I read some whitepapers on it. All the signature-less analysis happens on their servers. Very disappointing if true.
 
  • Like
Reactions: Sunshine-boy

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
there is no need for an USB protection in offline because voodooshield or comodo firewall already cover it. They can block files in offline

VS can block but there is no file ratings but we can still block/allow
CF doesn't need the internet to work. Everything is still intact except the cloud lookup
 
  • Like
Reactions: Sunshine-boy

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
there is no need for an USB protection in offline because voodooshield or comodo firewall already cover it. They can block files in offline

VS can block but there is no file ratings but we can still block/allow
CF doesn't need the internet to work. Everything is still intact except the cloud lookup
Yes, they can just like Crystal Security which has anti-exe feature.....on the condition if you execute the file(s) on the USB devices.

If you copy the files over from your USB device to your PC then VS, CF and Crystal Security cannot block, right?

And, without execution, detecting and stopping the malware at the USB device become more important, no?
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,251
Oh good thing I immediately uninstalled it. :) This is horrible.
Regarding offline protection I use brain.exe and default-deny. Comodo Auto-containment is set up to contain anything that is not signed. VoodooShield will also default-deny until I connect to the Internet. But do you have some suggestions for offline real time antiviruses?
Use defender in offline scan mode.
 
  • Like
Reactions: Sunshine-boy

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Yes, they can just like Crystal Security which has anti-exe feature.....on the condition if you execute the file(s) on the USB devices.

If you copy the files over from your USB device to your PC then VS, CF and Crystal Security cannot block, right?

And, without execution, detecting and stopping the malware at the USB device become more important, no?
yes, after execution, the malware will be blocked by VS, CF, crystal so no problem
but having an AV is still better because these products mentioned above doesn't have on-access scanning and signatures
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I just noticed that Crystal Security has its own signature database so no need for me to enable Windows Defender.

Added Emsisoft Emergency Kit to my portable offline scanners. Emsisoft and Zemana both download signatures and both scan the system faster than anything.
Also added TrendMicro's Housecall for IoT Devices to scan my Wifi for vulnerable devices. It is essentially a simplified reskin of Nmap.

Also created 4 guardian processes to protect my anti-malware programs. "Restart on Crash" and "Keeprun". These two are programs that will restart other programs when they are closed or crash. Restart on Crash will restart all of my security programs the moment they are closed. But, I was worried what would happen if a process just closes Restart on Crash. So I use Keeprun which will restart "Restart on Crash" if it crashes or gets terminated by something including me. You can set up Restart on Crash to restart Keeprun. So now you have them protecting each other. But juuuuust in case something manages to kill both of them as well, I have two more instances of Keeprun, all at different locations and triggered by different mechanisms to protect my processes. I stripped all user accounts of the ability to delete the programs :D
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Removed AppCheck and 0patch.
Added Voodooshield 4.09b.

I'm thinking Voodooshield and CW with cruelsisters settings essentially do the same thing so I might remove CW at some point because it is giving me trouble blocking updated Windows store apps. I might also remove MBAE if the Mitigation feature in Fall Creators Update is superior or at least equal. Feedback welcome.
 

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
Comodo has behavior detection in the sandbox (viruscope) .. so it would help detect malware -
If you want to purde work out of sandbox. ..
 
  • Like
Reactions: Rebsat and Vasudev

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Which one of ESET IS and Avast Free have on-access scanning and signatures? Thanks
almost all AVs have on-access scanning
very very few AVs don't have such as zemana (100% doesn't have), webroot (not so sure)

products like: VS, crystal, appguard or other anti-exes don't have because they are not AVs

test to define if an AV has on-access scanning:
copy a malware to you computer (eicar test file), of an AV doesn't respond -> no on-access scanning
or you can copy a large folder with files and watch the CPU and disk usage, if it's 0%, doesn't have on-access scanning
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Got an important reminder now during update season: Your backups beat ANY other form of security. There is nothing better than just going back to what you remember was working and running smoothly.

1. Before you update to Fall Creators Update 1709, make sure to backup all partitions on the system drive, especially System Reserved partition and that tiny insignificant looking 16 MB partition. Also, don't delete any partitions Microsoft creates. It will free up a little bit of space, but if Windows cannot find that little 16MB Microsoft Reserved Partition, it refuses to update your OS. Just little lessons I learned. Keep them all. They don't use up more than 500-900 MB of space anyway. Make that full system backup before you upgrade. I found myself reverting back to 1703 multiple times before my upgrade to 1709 succeeded. I don't know what I would have done without it. Probably would have put a fork in it and do a clean install losing everything.

2. From my experience, Windows update just leaves me with a slow and buggy OS. You get the best results doing an in-place upgrade by downloading the ISO, extracting it and clicking on setup.exe. Instructions here. Follow the instructions religiously, disable group policies that block the installation of drivers/programs, and disable ALL security software. You would think it doesn't run during the install process... nope. Windows is still running in the background and your antivirus will scan every file installed and block unknown files corrupting your upgrade.

Repair Install Windows 10 with an In-place Upgrade
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
-Voodooshield
-Ghostpress


+Keyscrambler
+Stream Armor

I gave SecureAPlus a try. Interesting AV but I could not find a way to whitelist commandline processes. Stream Armor is a fascinating program that reveals Alternate Data Streams and lets you check its findings in VirusTotal.
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I just had to whitelist Windows from CFW Auto Containment after the recent update.. just be aware this might be a thing.
vty0FnE.png


Update: Discovered why Comodo is blocking Windows. This appears to happen while I'm checking for a Windows update. Windows is trying to contact computers on my wifi network. ARP will prevent Windows from establishing that connection.
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
-MBAE beta
-Zemana Antimalware
-F-Secure Ultralight Antivirus

+Virtualization-based security
+Emsisoft Anti-Malware


Windows 10 Hyper-V System Requirements
Enable virtualization-based protection of code integrity

Why Microsoft doesn't enable this out of the box is understandable. But I wish they made it more straightforward to enable this incredible feature. MBAE and Zemana no longer work using this configuration. I guess Microsoft won't allow their practice of dll injections?
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
My experience with Emsisoft has been mixed so far. I only got it to work well after whitelisting so so many programs.... and it still feels heavy. Now it's crashing Windows Explorer most likely because it is messing with system processes which I have configured to strictly belong to Windows... using virtualization-based security. We will see. One more crash and it's gone.

Update: Decided to whitelist a few shell extensions... so far so good. My philosophy is zero tolerance. I'm allergic to AVs that break any other software. It's just not worth it.

Update 2: Another Windows Explorer crash... yeah no thanks. Investigating this now.

Update 3: Seems to be a conflict with Windows Defender Security Center. It appears to happen in F-Secure as well so I was wrong to blame EAM. Will uninstall and see what happens.
Very puzzled why opening Windows Defender Security Center is crashing Windows Explorer...
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top