Evjl's Rain's security config

Discussion in 'SCW Archive' started by Evjl's Rain, May 30, 2016.

  1. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    I tried with and without process lasso
    I opened chrome the first time after a boot, CPU jumped up to 99-100%
    without HMP.A, I did the same, opened chrome the first time after a boot, chrome started noticeably faster with less CPU and disk activity. I think it was because HMP.A isolated/monitored/injected to chrome something that made it slower. I also noticed whatever I do, watching movies, streaming that required constant disk read & write, HMP.A was scanning/monitoring all the activities (1-6% CPU usage + 1-5MB/s reported from task manager) for the interception of possible harms. Without heavy browsing or streaming, HMP.A was almost completely silent
    I'm a multitasking user and do a lot of stuffs using my laptop with 5400rpm HDD. This might the reason for the significant impact of HMP.A due to my slow-speed HDD

    Are you using a desktop with a 7200rpm HDD or an SSD? I think we can not notice any performance impact running HMP.A on a desktop
    @venustus he also confirmed the impact on his machine :) thank you sir
     
    frogboy, venustus and Cats-4_Owners-2 like this.
  2. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,392
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    I am not defending HMPA. I don't even care about HMPA and find their constant updates and issues annoying so i never use it.
    What i am trying to tell you is to investigate cpu usage in general without HMPA because it seems you are on the high end compared to mine.
    Sure I am on an ssd but cpu usage will not be affected by it. Something else is giving you cycles. My cpu is almost half the power you have with me having turbo disabled and you say browser load uses 65% when i am at max 40%(i assume you test with 1 tab trying to open and not 100).
    Anw it's up to you if you want to investigate depending on what older images you have. Take care.
     
  3. Wave

    Wave Guest

    I love your config :). But one thing quick:

    This is why rootkits exist.
     
  4. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    thank you for reminding me that. So what is your opinion about rootkit protection? avast has a rootkit scanning schedule on startup enabled be default, is it good enough? :)
     
  5. Wave

    Wave Guest

    Well it's good enough for you, but if you get infected by a real rootkit then it's time to format and reinstall the OS - a real rootkit will obtain root privileges (the term "root" is from Linux however on Windows that would be the equivalent of kernel-mode code execution), therefore then it can over-power any protection mechanisms which exist on the system at a software-level entirely.

    There's only so much you can do regarding "rootkit protection": scan for manipulations in the Windows Kernel structures (SSDT hooking, DKOM), identify suspicious modules loaded within user-mode processes, etc.

    The chances of you running into a real rootkit like this these days are slim; I mean if someone like @Wave is out to catch you then there's nothing you can do but if a normal malware author is targeting you then it's cool beans because they are normally just dumb and stupid these days. :p

    Have you noticed how we went from regular MBR infections and PE infection viruses to dumb .NET crap in the wild (in the space of a few years)?

    A lot of malware out in the wild is complete rubbish and sometimes improperly working more often than not IMO
     
  6. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    Disabled:
    - Voodooshield
    Installed:
    - Zemana Antimalware with Pandora
    Uninstalled:
    - Bitdefender Trafficlight: a bit higher CPU usage and much much weaker than avira. Avira could block all tested links in malc0de while BD blocked nothing
     
  7. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    Uninstalled:
    - Zemana Antimalware: disappointment in Realtime protection + pandora. The scanner > realtime protection. The tested system was only clean/safe in 1/4 tests. The system was only safe after being scanned by System scan + userdata scan
    Thanks to silversurfer, avast in HM aggressive kept his tested VM safe in those 4 tests
    ZAM needs to improve their realtime protection. Seems like it just automatically allows all child processes after the parent process is not detected

    Re-enabled:
    - Voodooshield Pro - Autopilot mode
     
  8. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    Added:
    - uBlock Origin Extra
    - GIFUR
    - Norton ConnectSafe DNS
     
  9. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    Disabled:
    - Voodooshield Pro
    - Disabled avast's firewall

    Installed:
    - Comodo Firewall - some personal tweaks
     
  10. sudo -i

    sudo -i Level 4

    Jan 17, 2017
    154
    486
    $
    I've thought about this move for some time now. CF's resource impact can get very heavy at times, so that's holding me back.
     
    Cats-4_Owners-2 and SHvFl like this.
  11. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    it's exceptable for a sandbox solution
    I'm still new to CF but the resource usage has been OK for me so far
     
  12. yashiscool

    yashiscool Level 1

    Jan 10, 2013
    37
    46
    I have been using a combination of Comodo Internet Security and cFosSpeed for multiple purposes since last 8 years now and the firewall function has been simply amazing so far. loads of attempts blocked so far.

    You need to also remember that it is not just these firewall apps that can block the hacks but also a combination of multiple things including our common sense and alertness for the activities that we do and respond to over the internet.
     
  13. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,392
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    CF it's actually pretty light. Would put it in lower usage than VS for cpu usage and but a bit more ram which most of us have plenty this days.

    BTw remember to enable proactive profile if you use the sandbox or else it sucks.
     
  14. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    Removed:
    - Comodo Firewall: BSODs, BSODs, & BSODs

    Re-enabled:
    - Avast's firewall
    - Voodooshield Pro
     
    XhenEd, Wave and SHvFl like this.
  15. sudo -i

    sudo -i Level 4

    Jan 17, 2017
    154
    486
    $
    Pretty much made the exact same moves at the exact same times. CF did not perform well on my PC either. I'm using VS Pro + Windows firewall. Are you getting any performance impact with Avast firewall over Windows Firewall?
     
    SHvFl and Evjl's Rain like this.
  16. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    I don't see any impact on system performance
    avast's firewall is extremely lightweight and easy to use after a short period of getting used to it. Still lighter than windows firewall + WFC

    I saw avast's firewall silently blocked some unknown IPs, which is good. Not sure if WF can do the same
     
    Sr. Normal 2.0, sudo -i and SHvFl like this.
  17. TerrakionSmash

    TerrakionSmash Level 16

    Nov 17, 2016
    750
    2,127
    Somewhere underwater or over water. I am water!
    Windows 10
    Microsoft
    Hmmm. Weird. I never see comments on WF's heaviness.
     
    _CyberGhosT_ likes this.
  18. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    no I meant Binisoft's Windows firewall control :)
    that one + WF is supposed to be heavier

    However, avast firewall sometimes uses a high amount of CPU but the system was still responsive
     
    Sr. Normal 2.0 likes this.
  19. OTMS

    OTMS Level 1

    Jan 29, 2015
    35
    41
    Windows 10
    ESET
    Great config,i like your setup.
    If you still using shadow defender + voodoo shield..why together?
    and i'm also using this uBlock filters too,working like a charm :)
     
    Sr. Normal 2.0 and Evjl's Rain like this.
  20. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,155
    Vietnam
    Windows 8.1
    Avast
    because sometimes I really want to run some unsafe apps so I must allow them via VS. in this case shadow defender can save the day if the unsafe apps break something
    I just ran Shadow defender 1 time over the past few months
     
    Sr. Normal 2.0 and _CyberGhosT_ like this.
Loading...
Similar Threads Forum Date
SECURE Evjl's Rain's security config PC Security Configuration Feb 15, 2017
Evjl's Rain Zemana Report - January 2017 Zemana Jan 11, 2017
Android Rain's S7 Mobile Security Configuration Aug 4, 2017