- Jul 1, 2017
- 1,396
DeepWeb's Security Config
- Thread starter DeepWeb
- Start date
- Apr 1, 2017
- 1,782
You can ask those who use Deeparmor. It is a sig-less AI antivirus.
- Jul 1, 2017
- 1,396
I applied for the beta. Still waiting. In the meantime I read some whitepapers on it. All the signature-less analysis happens on their servers. Very disappointing if true.
there is no need for an USB protection in offline because voodooshield or comodo firewall already cover it. They can block files in offline
VS can block but there is no file ratings but we can still block/allow
CF doesn't need the internet to work. Everything is still intact except the cloud lookup
VS can block but there is no file ratings but we can still block/allow
CF doesn't need the internet to work. Everything is still intact except the cloud lookup
Yes, they can just like Crystal Security which has anti-exe feature.....on the condition if you execute the file(s) on the USB devices.
If you copy the files over from your USB device to your PC then VS, CF and Crystal Security cannot block, right?
And, without execution, detecting and stopping the malware at the USB device become more important, no?
Use defender in offline scan mode.Oh good thing I immediately uninstalled it.This is horrible.
Regarding offline protection I use brain.exe and default-deny. Comodo Auto-containment is set up to contain anything that is not signed. VoodooShield will also default-deny until I connect to the Internet. But do you have some suggestions for offline real time antiviruses?
yes, after execution, the malware will be blocked by VS, CF, crystal so no problem
but having an AV is still better because these products mentioned above doesn't have on-access scanning and signatures
- Jul 1, 2017
- 1,396
I just noticed that Crystal Security has its own signature database so no need for me to enable Windows Defender.
Added Emsisoft Emergency Kit to my portable offline scanners. Emsisoft and Zemana both download signatures and both scan the system faster than anything.
Also added TrendMicro's Housecall for IoT Devices to scan my Wifi for vulnerable devices. It is essentially a simplified reskin of Nmap.
Also created 4 guardian processes to protect my anti-malware programs. "Restart on Crash" and "Keeprun". These two are programs that will restart other programs when they are closed or crash. Restart on Crash will restart all of my security programs the moment they are closed. But, I was worried what would happen if a process just closes Restart on Crash. So I use Keeprun which will restart "Restart on Crash" if it crashes or gets terminated by something including me. You can set up Restart on Crash to restart Keeprun. So now you have them protecting each other. But juuuuust in case something manages to kill both of them as well, I have two more instances of Keeprun, all at different locations and triggered by different mechanisms to protect my processes. I stripped all user accounts of the ability to delete the programs
Added Emsisoft Emergency Kit to my portable offline scanners. Emsisoft and Zemana both download signatures and both scan the system faster than anything.
Also added TrendMicro's Housecall for IoT Devices to scan my Wifi for vulnerable devices. It is essentially a simplified reskin of Nmap.
Also created 4 guardian processes to protect my anti-malware programs. "Restart on Crash" and "Keeprun". These two are programs that will restart other programs when they are closed or crash. Restart on Crash will restart all of my security programs the moment they are closed. But, I was worried what would happen if a process just closes Restart on Crash. So I use Keeprun which will restart "Restart on Crash" if it crashes or gets terminated by something including me. You can set up Restart on Crash to restart Keeprun. So now you have them protecting each other. But juuuuust in case something manages to kill both of them as well, I have two more instances of Keeprun, all at different locations and triggered by different mechanisms to protect my processes. I stripped all user accounts of the ability to delete the programs
If you are using the free AppCheck Anti-Ransomware then take note this software does NOT protect you against MBR-type ransomware
- Jul 1, 2017
- 1,396
I use GPT on all drives and installed MBR Filter.
- Jul 1, 2017
- 1,396
Removed AppCheck and 0patch.
Added Voodooshield 4.09b.
I'm thinking Voodooshield and CW with cruelsisters settings essentially do the same thing so I might remove CW at some point because it is giving me trouble blocking updated Windows store apps. I might also remove MBAE if the Mitigation feature in Fall Creators Update is superior or at least equal. Feedback welcome.
Added Voodooshield 4.09b.
I'm thinking Voodooshield and CW with cruelsisters settings essentially do the same thing so I might remove CW at some point because it is giving me trouble blocking updated Windows store apps. I might also remove MBAE if the Mitigation feature in Fall Creators Update is superior or at least equal. Feedback welcome.
- Oct 11, 2014
- 112
Comodo has behavior detection in the sandbox (viruscope) .. so it would help detect malware -
If you want to purde work out of sandbox. ..
If you want to purde work out of sandbox. ..
- Apr 13, 2014
- 254
Which one of ESET IS and Avast Free have on-access scanning and signatures? Thanks
almost all AVs have on-access scanning
very very few AVs don't have such as zemana (100% doesn't have), webroot (not so sure)
products like: VS, crystal, appguard or other anti-exes don't have because they are not AVs
test to define if an AV has on-access scanning:
copy a malware to you computer (eicar test file), of an AV doesn't respond -> no on-access scanning
or you can copy a large folder with files and watch the CPU and disk usage, if it's 0%, doesn't have on-access scanning
- Jul 1, 2017
- 1,396
Got an important reminder now during update season: Your backups beat ANY other form of security. There is nothing better than just going back to what you remember was working and running smoothly.
1. Before you update to Fall Creators Update 1709, make sure to backup all partitions on the system drive, especially System Reserved partition and that tiny insignificant looking 16 MB partition. Also, don't delete any partitions Microsoft creates. It will free up a little bit of space, but if Windows cannot find that little 16MB Microsoft Reserved Partition, it refuses to update your OS. Just little lessons I learned. Keep them all. They don't use up more than 500-900 MB of space anyway. Make that full system backup before you upgrade. I found myself reverting back to 1703 multiple times before my upgrade to 1709 succeeded. I don't know what I would have done without it. Probably would have put a fork in it and do a clean install losing everything.
2. From my experience, Windows update just leaves me with a slow and buggy OS. You get the best results doing an in-place upgrade by downloading the ISO, extracting it and clicking on setup.exe. Instructions here. Follow the instructions religiously, disable group policies that block the installation of drivers/programs, and disable ALL security software. You would think it doesn't run during the install process... nope. Windows is still running in the background and your antivirus will scan every file installed and block unknown files corrupting your upgrade.
Repair Install Windows 10 with an In-place Upgrade
1. Before you update to Fall Creators Update 1709, make sure to backup all partitions on the system drive, especially System Reserved partition and that tiny insignificant looking 16 MB partition. Also, don't delete any partitions Microsoft creates. It will free up a little bit of space, but if Windows cannot find that little 16MB Microsoft Reserved Partition, it refuses to update your OS. Just little lessons I learned. Keep them all. They don't use up more than 500-900 MB of space anyway. Make that full system backup before you upgrade. I found myself reverting back to 1703 multiple times before my upgrade to 1709 succeeded. I don't know what I would have done without it. Probably would have put a fork in it and do a clean install losing everything.
2. From my experience, Windows update just leaves me with a slow and buggy OS. You get the best results doing an in-place upgrade by downloading the ISO, extracting it and clicking on setup.exe. Instructions here. Follow the instructions religiously, disable group policies that block the installation of drivers/programs, and disable ALL security software. You would think it doesn't run during the install process... nope. Windows is still running in the background and your antivirus will scan every file installed and block unknown files corrupting your upgrade.
Repair Install Windows 10 with an In-place Upgrade
- Jul 1, 2017
- 1,396
-Voodooshield
-Ghostpress
+Keyscrambler
+Stream Armor
I gave SecureAPlus a try. Interesting AV but I could not find a way to whitelist commandline processes. Stream Armor is a fascinating program that reveals Alternate Data Streams and lets you check its findings in VirusTotal.
-Ghostpress
+Keyscrambler
+Stream Armor
I gave SecureAPlus a try. Interesting AV but I could not find a way to whitelist commandline processes. Stream Armor is a fascinating program that reveals Alternate Data Streams and lets you check its findings in VirusTotal.
Last edited:
- Jul 1, 2017
- 1,396
I just had to whitelist Windows from CFW Auto Containment after the recent update.. just be aware this might be a thing.
Update: Discovered why Comodo is blocking Windows. This appears to happen while I'm checking for a Windows update. Windows is trying to contact computers on my wifi network. ARP will prevent Windows from establishing that connection.
Update: Discovered why Comodo is blocking Windows. This appears to happen while I'm checking for a Windows update. Windows is trying to contact computers on my wifi network. ARP will prevent Windows from establishing that connection.
Last edited:
- Jul 1, 2017
- 1,396
-MBAE beta
-Zemana Antimalware
-F-Secure Ultralight Antivirus
+Virtualization-based security
+Emsisoft Anti-Malware
Windows 10 Hyper-V System Requirements
Enable virtualization-based protection of code integrity
Why Microsoft doesn't enable this out of the box is understandable. But I wish they made it more straightforward to enable this incredible feature. MBAE and Zemana no longer work using this configuration. I guess Microsoft won't allow their practice of dll injections?
-Zemana Antimalware
-F-Secure Ultralight Antivirus
+Virtualization-based security
+Emsisoft Anti-Malware
Windows 10 Hyper-V System Requirements
Enable virtualization-based protection of code integrity
Why Microsoft doesn't enable this out of the box is understandable. But I wish they made it more straightforward to enable this incredible feature. MBAE and Zemana no longer work using this configuration. I guess Microsoft won't allow their practice of dll injections?
Last edited:
- Jul 1, 2017
- 1,396
My experience with Emsisoft has been mixed so far. I only got it to work well after whitelisting so so many programs.... and it still feels heavy. Now it's crashing Windows Explorer most likely because it is messing with system processes which I have configured to strictly belong to Windows... using virtualization-based security. We will see. One more crash and it's gone.
Update: Decided to whitelist a few shell extensions... so far so good. My philosophy is zero tolerance. I'm allergic to AVs that break any other software. It's just not worth it.
Update 2: Another Windows Explorer crash... yeah no thanks. Investigating this now.
Update 3: Seems to be a conflict with Windows Defender Security Center. It appears to happen in F-Secure as well so I was wrong to blame EAM. Will uninstall and see what happens.
Very puzzled why opening Windows Defender Security Center is crashing Windows Explorer...
Update: Decided to whitelist a few shell extensions... so far so good. My philosophy is zero tolerance. I'm allergic to AVs that break any other software. It's just not worth it.
Update 2: Another Windows Explorer crash... yeah no thanks. Investigating this now.
Update 3: Seems to be a conflict with Windows Defender Security Center. It appears to happen in F-Secure as well so I was wrong to blame EAM. Will uninstall and see what happens.
Very puzzled why opening Windows Defender Security Center is crashing Windows Explorer...
Last edited:
Similar threads
