Question Easy setup for security aware user

[Max90]

Hi, today Microsoft Defender started to "eat" shortcuts from start and the taskbar on my wife's laptop, because an ASR was triggered. It started with office macro warnings (while I have used Andy's Documents Anti-Exploit and disabled macros' etc in Office trustcenter) and it got worse. She was working on Office documents for work, which she had gotten from a supplier. Because I needed a quick fix I set MD to default and rebooted and the problem was gone. Did a quick Sophos Scan & Clean check and all was good.

I quickly installed Avira Free and Neushield data Sentinel free. I use Andy Full's SWH because I remembered from the tests of Shadowra that Avira does not do well against script based malware. I also remembered that Cruel Sister gave a thumbs up for Neushield Data Sentinel (and Avira has no free anti-ransomware module). I already have Sophos scan & Clean which I will use from time to time to clean up left overs.

I have added some MD exploit Protection hardening on her PC also (like Office apps only allowed to load Microoft signed DLL's and not allowing starting child processes), so AV's injecting DLL's as part of their behavioral blocker or exploit protection will fail to load (like Avast and Bitdefender).

Question: any (other) free easy to use and non-chatty software which you recommend?

 

[ScandinavianFish]

Happened to me too, seems like it may have been an faulty security intelligence update that caused it.

 

[WhiteMouse]

Kaspersky free + Syshardener, I installed them on my cousin pc and I have never get a call from him about security software blocks legitimate file.

The deferder issues you guys mention above hasn't happened to me yet.

 

[pxxb1]

Hi, today Microsoft Defender started to "eat" shortcuts from start and the taskbar on my wife's laptop, because an ASR was triggered. It started with office macro warnings (while I have used Andy's Documents Anti-Exploit and disabled macros' etc in Office trustcenter) and it got worse. She was working on Office documents for work, which she had gotten from a supplier. Because I needed a quick fix I set MD to default and rebooted and the problem was gone. Did a quick Sophos Scan & Clean check and all was good.

I quickly installed Avira Free and Neushield data Sentinel free. I use Andy Full's SWH because I remember Avira does not do well against script based attacks. I also remembered that Cruel Sister gave a thumbs up for Neushield Data Sentinel (and Avira has no free anti-ransomware module). I like Avira over Avast, because I have added some MD exploit Protection hardening on her PC also (like Office apps only allowed to load Microoft signed DLL's and not allowing starting child processes).

Question: any (other) free easy to use and non-chatty software which you recommend?

Someone else over at Wilders also had problems with shortcuts - W10.

Easy non-chatty, look in the WiseVectorStopx thread here at M-tips.

 

[Guilhermesene]

I'm also having this problem, maybe @Andy Ful has more information about the cause of the problem (and even knows how to solve it)

 

[ScandinavianFish]

Microsoft Defender ASR rules cause apps and icons to vanish

Happy Friday 13th sysadmins! Techies find workarounds but Redmond still 'investigating'

www.theregister.com

The cause seem to be the 1.381.2140.0 signature update.

 

[Max90]

Thanks for the replies, I will check the suggestions out

 

[Stopspying]

.....I quickly installed Avira Free and Neushield data Sentinel free.........

How do you find NeuShield Data Sentinel?

I ask because I tried it, wanting to like it, but found like some of those who posted in the linked thread that it really slowed things down and proved to be a right pain when uninstalling it. Is it better than that now?

Battle - For anti Ransomware should I purchase or install AppCheck or NeuShield?

Also would the free version of those offerings be sufficient for a home environment?

malwaretips.com

 

[oldschool]

Question: any (other) free easy to use and non-chatty software which you recommend?

Why not stick with SWH instead of adding another app?

 

[Max90]

How do you find NeuShield Data Sentinel?

I ask because I tried it, wanting to like it, but found like some of those who posted in the linked thread that it really slowed things down and proved to be a right pain when uninstalling it. Is it better than that now?

Uhh no problems yet, and have not tried to uninstall it. I was not aware of those problems, thanks for warning me and doubting my decision

EDIT: de-installs without problems showing a progress bar,. Seems solved

Why not stick with SWH instead of adding another app?

I have SWH implemented, only through registry tweaks (added those locations in favourites of regedit, so I can easily manage them). But you make a valid point.

So now I have on wife's laptop
1. Avira Free
2. Simple Windows Hardening + H_C adviced sponsor blocks
3. MD Exploit protection; Code Integrity Guard + Deny child processes for Word/Excel/PowerPoint

 

[Andrezj]

to restore:

disable in configure defender "block win32 api calls from office macros"

go to C:\Program Files (x86)\Microsoft\Edge\Application > msedge.exe > right-click > additional options > add to taskbar

stay in C:\Program Files (x86)\Microsoft\Edge\Application > msedge.exe > right-click > additional options > create shortcut > save to desktop

rename shortcut to "microsoft edge"

move renamed shortcut to C:\ProgramData\Microsoft\Windows\Start Menu\Programs

reboot system

when microsoft fixes it, then re-enable "block win32 api calls from office macros"

 

[Max90]

On my Desktop, I just removed the faulty ASR and added the icons again. There is only one strange quirk. WindowsApp icons don't show in the taskbar. I disabled all security, and problem still remains, so when someone has a suggestion, feel free to post.

 

[Jan Willy]

There is only one strange quirk. WindowsApp icons don't show in the taskbar.

You can manually pin them to the taskbar.

 

[Divine_Barakah]

Personally, I am running Avast Premium with hardened mode enabled on all of my family devices. Avast Free has hardened mode. Thus, Avast is my recommendation.

 

[Max90]

You can manually pin them to the taskbar.

Yes, I could pin them, but they were transparant tile's. I also could start them, but on that empty spot only the taskbar background color was visible.

Personally, I am running Avast Premium with hardened mode enabled on all of my family devices. Avast Free has hardened mode. Thus, Avast is my recommendation.

Yes, but Avast injects DLL's and I have Office, explorer and Edge hardened with MD Exploit Protection (which still works when people install a third-party AV which disables MD virus protection). Some people have problems choosing a printer, but strangely with our printer it is not (when enabling Code Integrity Guard and blocking child processes in Exploit Protection for Office and Edge). That is why I have Avira Free installed (all Avira bloatware can be deinstalled using the uninstallers of those modules).

 

[Divine_Barakah]

Yes, but Avast injects DLL's and I have Office, explorer and Edge hardened with MD Exploit Protection (which still works when people install a third-party AV which disables MD virus protection). Some people have problems choosing a printer, but strangely with our printer it is not (when enabling Code Integrity Guard and blocking child processes in Exploit Protection for Office and Edge). That is why I have Avira Free installed (all Avira bloatware can be deinstalled using the uninstallers of those modules).

Well I have almost never relied on MS protection and Avast/AVG on its own protected my family. Personally, I would rely only on Avast security. Before that I relied upon Kaspersky TAM, but that did not protect from PUPs. So overall, Avast, for me, is the best setup for family who are not tech savvy.

Edit.

Personally I would not use Avira. F-Secure offers better protection and is bloat-free.

 

[Max90]

Update: Avira only annoys their customers with a small dot in the umbrella systemtray icon. When you hover over the icon, it says it found a few issues (which keep coming back over and over again).

Since my wife followed a security awareness training for her work, she is very cautious and neatly responds to the instructions given by the security programs. Withing a day she asked me to remove that annoying AntiVira and put the previous security program back again.

So I put the old config on her laptop again: Malware Defender with ConfugureDefender on MAX and Hard_Configurator in SimpleWindowsHardening mode with some sponsors blocked (H_C enhanced + Microsoft recommended) and Firewall Hardening (recommended)

 

[oldschool]

Since my wife followed a security awareness training for her work, she is very cautious and neatly responds to the instructions given by the security programs. Withing a day she asked me to remove that annoying AntiVira and put the previous security program back again.

It's difficult to find a non-annoying 3rd party AV, especially if you don't want HTTPS scanning.

 

[Max90]

Personally, I am running Avast Premium with hardened mode enabled on all of my family devices. Avast Free has hardened mode. Thus, Avast is my recommendation.

OKAY, I will try out your advice and disabled Code Integrity guard and installed Avast Free with following features enabled:
1.Rootkitscan + exploit protection (whatever that maybe, probably blocking vulnarable drivers to install)
2. File shield (hardened mode)
3. Behavioral shield
4. Web shield
5. E-mail shield
6. Ramsomware shield (smart mode)
7. Firewall (smart mode)

Disabled smart scan and no personalisation nor offerings based on usage (to reduce upgrade annoyances).

I kept H_C in SWH mode blocking H_C enhanced and MS recommended sponsors (I recall some tests of Cruel Sister where Avast in hardened mode missed script based worms).

 

[Divine_Barakah]

OKAY, disabled Code Integrity guard and installed Avast Free with following features enabled:
1. rootkitscan + exploit protection (whatever that maybe, probably blocking vulnarable drivers to install)
2. File shield (hardened mode)
3. Behavioral shield
4. Web shield
5. E-mail shield
6. Ramsomware shield (smart mode)
7. Firewall (smart mode)

Disabled smart scan and no personalisation nor offerings based on usage (to reduce upgrade annoyances)

I would disable https scanning and rely on a extension to cover the gap. Regarding ramsomware shield, I prefer it on agressive mode or block mode (forgot the exact name), but be ready for some notifications. Other thank that everything is optimal.

If you store passwords in your browser, then I recommend you install Password Protection module.