DracusNarcrym's Security Config

[illumination]

You should turn WD and SmartScreen on

SmartScreen filtering at the desktop level, performing reputation checks, can be at times ironically hilarious! I downloaded Sysinternals Process Explorer the other day and Smart screen flagged it as an unkown Really Microsoft, you bought out ntinternals in mid 2000 and now these applications are a part of Micorosofts TechNet Website. This happens when a file is newer, such as Process Explorer V16.1 which was released in Jan of this year. Although i do leave it enabled, one can not always go by this system, as legit files, such as new versions of an application can be flagged as not trusted. You are better off to check files yourself.

@ OP, Nice changes, simplifying

 

[DracusNarcrym]

SmartScreen filtering at the desktop level, performing reputation checks, can be at times ironically hilarious! I downloaded Sysinternals Process Explorer the other day and Smart screen flagged it as an unkown Really Microsoft, you bought out ntinternals in mid 2000 and now these applications are a part of Micorosofts TechNet Website. This happens when a file is newer, such as Process Explorer V16.1 which was released in Jan of this year. Although i do leave it enabled, one can not always go by this system, as legit files, such as new versions of an application can be flagged as not trusted. You are better off to check files yourself.

@ OP, Nice changes, simplifying

Spot on, regarding SmartScreen.

As for the simplification: It really feels good knowing that you have fewer, stricter and more compact measures, including one's own behavior as a cautious user, to rely on and make the most out of, than be overburdened with an immense set of security applications which simply sit on top of each other.

I am not referring to the average user, of course, rather referring to users who are experienced when encountering questionable files. The only real threat to such users are exploits, which however can be avoided by not surfing randomly online and using proper browsers and security extensions for them (rarely do experienced users have the need for 3rd party security software protecting them at browser level).

And thus I decided on my current config.

 

[DracusNarcrym]

[UPDATE] Thursday, 28th January, 2015

ADDED: herdProtect, MicEnum
REMOVED: N/A
CHANGED/UPDATED: Updated KeePass from version 2.30 to version 2.31

COMMENTS: herdProtect is an excellent on-demand scanner, which I mostly added for its "Examine a process" and "Examine a file..." functions, which facilitate tasks like quickly analyzing a file for suspicious properties, or listing all DLL handles of running processes in a clean, organized log.
As far as MicEnum (Mandatory Integrity Control Enumerator) is concerned, I use it because provides me with graphical user interface for managing integrity level properties of various potentially vulnerable objects in my system (folders, files, registry keys, etc), since using icacls.exe is rather time-consuming and impractical without using batch scripts.

 

[SloppyMcFloppy]

herdProtect is decent for me but I still prefer Zemana and SecureAPlus over herdProtect because of one reason, and that reason is outdated signatures. Last time I ran herdProtect, its detected some of Microsoft files on my machine as malicious, and it detected by Avira and QuickHeal, than i decided to uploaded it to virustotal.com and found out that Avira,QuickHeal, and others said safe. I then waited for few days to re-ran the scan, and what astonished me is Avira and QuickHeal still detected same files as malicious previous.

 

[DracusNarcrym]

herdProtect is decent for me but I still prefer Zemana and SecureAPlus over herdProtect because of one reason, and that reason is outdated signatures. Last time I ran herdProtect, its detected some of Microsoft files on my machine as malicious, and it detected by Avira and QuickHeal, than i decided to uploaded it to virustotal.com and found out that Avira,QuickHeal, and others said safe. I then waited for few days to re-ran the scan, and what astonished me is Avira and QuickHeal still detected same files as malicious previous.

herdProtect is not going to be used for removal - I am only going to use it as a second opinion scanner to facilitate easier detection of potentially malicious (suspicious) files, which I am going to manually analyze and manually remove, if I deem them unsafe.
In any case, I added herdProtect to my config just because it is a very small program in terms of disk size, and it is also portable.
In other words, it is only a "just-in-case" application, and I will probably not be using it at all unless the need arises (which is unlikely ).

 

[illumination]

herdProtect is decent for me but I still prefer Zemana and SecureAPlus over herdProtect because of one reason, and that reason is outdated signatures. Last time I ran herdProtect, its detected some of Microsoft files on my machine as malicious, and it detected by Avira and QuickHeal, than i decided to uploaded it to virustotal.com and found out that Avira,QuickHeal, and others said safe. I then waited for few days to re-ran the scan, and what astonished me is Avira and QuickHeal still detected same files as malicious previous.

Yesterday W10 had a cumulative update come out and at the same time, Nvidia pushed a new driver out. Herd Protect uploaded 128 files to the cloud as it did not recognize them, today, when I ran a scan, the analysis was done, and declared safe, system was clean. The few false Positives I have found with it, were contributed mainly by Avira, one engine of 68. Of those few files detected as FP's 3 were windows system, and of course all 3 only detected by that one engine.

 

[jamescv7]

My experience with Herdprotect is opposite where Avira engine does not act weird nor produce FP rates but rather other engines which are considered minor player that flag those legitimate programs.

 

[Deleted member 178]

More engines = more FPs = more incoming troubles.

 

[DracusNarcrym]

Thanks for your input/feedback, guys.

Just as I said, I mainly intend to use herdProtect as an auxiliary tool, and I will definitely not base any of my actions solely on its detection and/or its automated verdict for files.
In fact, I will manually test, and manually perform the removal process of, any potentially suspicious files detected by herdProtect (mainly newly downloaded software during their first test-run in a virtual machine), after I personally deem them overally suspicious.
Also, I avoid running full scans with any scanner - the same principle applies to herdProtect. Various reasons behind this, including the fact that my system has had persistent real-time protection since its installation (before I even connected to my home's LAN).

Concluding, I considered adding herdProtect to my toolkit solely due to its efficient size, portability, and its useful non-scanning functions.
It's a just-in-case application that complements my set of tools, which I am going to use on a per-case basis, and not regularly.

 

[Mihir :-)]

You have the most suitable configuration for you and i like that

 

[XavierGaming]

@DracusNarcrym, can you update your config? I've always been interested with yours.

 

[Deleted member 178]

please update your config as shown below :

[MUST READ] How to update your security config without creating a new thread!

 

[frogboy]

What can i say but a great config to be sure.

 

[DracusNarcrym]

What can i say but a great config to be sure.

Thank you very much, I appreciate such comments!

@XavierGaming Tagging you to check out my updated configuration, as you requested it.

 

[Deleted member 178]

i have to put you "at risk" because you disabled most Windows built-in security (and uninformed beginners reading your config may do the same). However i won't rely on Comodo anymore to protect me

 

[NullByte]

Why did you disable UAC and OS File Reputation? Even with Comodo you should have them enabled. BTW, nice Firewall Configuration I would set Not Show Alerts and set to block for extra protection (in firewall settings).

 

[DracusNarcrym]

i have to put you "at risk" because you disabled most Windows built-in security (and uninformed beginners may do the same). However i won't rely on Comodo anymore to protect me

Granted, however after prolonged use of Windows UAC and/or SmartScreen in Internet Explorer (ever since Vista, it's been 10 years!), and now globally in Windows 10, I have deemed them unnecessary for my case.

Perhaps you are right, one day I might regret it, but I do not see that happening any time soon: I have stopped testing software on my main machine (virtual machine or otherwise), which is the primary purpose of protection for SmartScreen and/or UAC. Also, in my opinion, Windows built-in components are unrelated to my choice of COMODO or any realtime security software I might have running, so any comparison is unnecessary.

Again, it might not be a wise choice, but I have valid reasons to believe that UAC/SmartScreen, while obviously not completely useless, are also not "miraculous" - they will not necessarily make the difference in my config.

I consider the probability for infection rather slim, due to the combined factors of my computing habits and the purpose of the computer on which I have installed this PC (gaming/graphics/coding/etc).

I already have taken into account the possibility of exploits, browser drive-by downloads/infections, malicious game servers, and have taken precautions for those cases, as I'm constantly on guard for any such malicious activity.


Thank you for noting these specific aspects of my config, I'm grateful you took the time to read my updated version, @Umbra!!

 

[DracusNarcrym]

Why did you disable UAC and OS File Reputation? Even with Comodo you should have them enabled. BTW, nice Firewall Configuration I would set Not Show Alerts and set to block for extra protection (in firewall settings).

Thank you for the reply, @NullByte! As for UAC/SmartScreen, refer to my post above.

As for Not Show Alerts, I highly dislike that option, because I specifically want to see alerts.

 

[Deleted member 178]

If you are happy with your config and can handle some "openings" (and i'm sure you can) , it is fine for me.

 

[DracusNarcrym]

If you are happy with your config and can handle some "openings" (and i'm sure you can) , it is fine for me.

Thank you. Of course, I acknowledge that there are obvious security holes in my config - it is not, in any way, bulletproof - however these security issues are almost impossible to be exploited in my case, and so I tend to "oversimplify" and just turn off certain security features.