Evjl's Rain's security config

[Evjl's Rain]

If you have time remove process lasso and see how it behaves. Your system 100% has a program messing with cpu cycles.

I tried with and without process lasso
I opened chrome the first time after a boot, CPU jumped up to 99-100%
without HMP.A, I did the same, opened chrome the first time after a boot, chrome started noticeably faster with less CPU and disk activity. I think it was because HMP.A isolated/monitored/injected to chrome something that made it slower. I also noticed whatever I do, watching movies, streaming that required constant disk read & write, HMP.A was scanning/monitoring all the activities (1-6% CPU usage + 1-5MB/s reported from task manager) for the interception of possible harms. Without heavy browsing or streaming, HMP.A was almost completely silent
I'm a multitasking user and do a lot of stuffs using my laptop with 5400rpm HDD. This might the reason for the significant impact of HMP.A due to my slow-speed HDD

Are you using a desktop with a 7200rpm HDD or an SSD? I think we can not notice any performance impact running HMP.A on a desktop
@venustus he also confirmed the impact on his machine thank you sir

 

[SHvFl]

I tried with and without process lasso
I opened chrome the first time after a boot, CPU jumped up to 99-100%
without HMP.A, I did the same, opened chrome the first time after a boot, chrome started noticeably faster with less CPU and disk activity. I think it was because HMP.A isolated/monitored/injected to chrome something that made it slower. I also noticed whatever I do, watching movies, streaming that required constant disk read & write, HMP.A was scanning/monitoring all the activities (1-6% CPU usage + 1-5MB/s reported from task manager) for the interception of possible harms. Without heavy browsing or streaming, HMP.A was almost completely silent
I'm a multitasking user and do a lot of stuffs using my laptop with 5400rpm HDD. This might the reason for the significant impact of HMP.A due to my slow-speed HDD

Are you using a desktop with a 7200rpm HDD or an SSD? I think we can not notice any performance impact running HMP.A on a desktop
@venustus he also confirmed the impact on his machine thank you sir

I am not defending HMPA. I don't even care about HMPA and find their constant updates and issues annoying so i never use it.
What i am trying to tell you is to investigate cpu usage in general without HMPA because it seems you are on the high end compared to mine.
Sure I am on an ssd but cpu usage will not be affected by it. Something else is giving you cycles. My cpu is almost half the power you have with me having turbo disabled and you say browser load uses 65% when i am at max 40%(i assume you test with 1 tab trying to open and not 100).
Anw it's up to you if you want to investigate depending on what older images you have. Take care.

 

[Wave]

I love your config . But one thing quick:

makesure there is no running malware processes running in background using process explorer and virustotal API

This is why rootkits exist.

 

[Evjl's Rain]

I love your config . But one thing quick:


This is why rootkits exist.

thank you for reminding me that. So what is your opinion about rootkit protection? avast has a rootkit scanning schedule on startup enabled be default, is it good enough?

 

[Wave]

thank you for reminding me that. So what is your opinion about rootkit protection? avast has a rootkit scanning schedule on startup enabled be default, is it good enough?

Well it's good enough for you, but if you get infected by a real rootkit then it's time to format and reinstall the OS - a real rootkit will obtain root privileges (the term "root" is from Linux however on Windows that would be the equivalent of kernel-mode code execution), therefore then it can over-power any protection mechanisms which exist on the system at a software-level entirely.

There's only so much you can do regarding "rootkit protection": scan for manipulations in the Windows Kernel structures (SSDT hooking, DKOM), identify suspicious modules loaded within user-mode processes, etc.

Spoiler

The chances of you running into a real rootkit like this these days are slim; I mean if someone like @Wave is out to catch you then there's nothing you can do but if a normal malware author is targeting you then it's cool beans because they are normally just dumb and stupid these days.

Have you noticed how we went from regular MBR infections and PE infection viruses to dumb .NET crap in the wild (in the space of a few years)?

A lot of malware out in the wild is complete rubbish and sometimes improperly working more often than not IMO

 

[Evjl's Rain]

Disabled:
- Voodooshield
Installed:
- Zemana Antimalware with Pandora
Uninstalled:
- Bitdefender Trafficlight: a bit higher CPU usage and much much weaker than avira. Avira could block all tested links in malc0de while BD blocked nothing

 

[Evjl's Rain]

Uninstalled:
- Zemana Antimalware: disappointment in Realtime protection + pandora. The scanner > realtime protection. The tested system was only clean/safe in 1/4 tests. The system was only safe after being scanned by System scan + userdata scan
Thanks to silversurfer, avast in HM aggressive kept his tested VM safe in those 4 tests
ZAM needs to improve their realtime protection. Seems like it just automatically allows all child processes after the parent process is not detected

Re-enabled:
- Voodooshield Pro - Autopilot mode

 

[Evjl's Rain]

Added:
- uBlock Origin Extra
- GIFUR
- Norton ConnectSafe DNS

 

[Evjl's Rain]

Disabled:
- Voodooshield Pro
- Disabled avast's firewall

Installed:
- Comodo Firewall - some personal tweaks

 

[sudo -i]

Disabled:
- Voodooshield Pro

Installed:
- Comodo Firewall - some personal tweaks

I've thought about this move for some time now. CF's resource impact can get very heavy at times, so that's holding me back.

 

[Evjl's Rain]

I've thought about this move for some time now. CF's resource impact can get very heavy at times, so that's holding me back.

it's exceptable for a sandbox solution
I'm still new to CF but the resource usage has been OK for me so far

 

[yashiscool]

it's exceptable for a sandbox solution
I'm still new to CF but the resource usage has been OK for me so far

I have been using a combination of Comodo Internet Security and cFosSpeed for multiple purposes since last 8 years now and the firewall function has been simply amazing so far. loads of attempts blocked so far.

You need to also remember that it is not just these firewall apps that can block the hacks but also a combination of multiple things including our common sense and alertness for the activities that we do and respond to over the internet.

 

[SHvFl]

it's exceptable for a sandbox solution
I'm still new to CF but the resource usage has been OK for me so far

CF it's actually pretty light. Would put it in lower usage than VS for cpu usage and but a bit more ram which most of us have plenty this days.

BTw remember to enable proactive profile if you use the sandbox or else it sucks.

 

[Evjl's Rain]

Removed:
- Comodo Firewall: BSODs, BSODs, & BSODs

Re-enabled:
- Avast's firewall
- Voodooshield Pro

 

[sudo -i]

Disabled:
- Voodooshield Pro
- Disabled avast's firewall

Installed:
- Comodo Firewall - some personal tweaks

Removed:
- Comodo Firewall: BSODs, BSODs, & BSODs

Re-enabled:
- Avast's firewall
- Voodooshield Pro

Pretty much made the exact same moves at the exact same times. CF did not perform well on my PC either. I'm using VS Pro + Windows firewall. Are you getting any performance impact with Avast firewall over Windows Firewall?

 

[Evjl's Rain]

Pretty much made the exact same moves at the exact same times. CF did not perform well on my PC either. I'm using VS Pro + Windows firewall. Are you getting any performance impact with Avast firewall over Windows Firewall?

I don't see any impact on system performance
avast's firewall is extremely lightweight and easy to use after a short period of getting used to it. Still lighter than windows firewall + WFC

I saw avast's firewall silently blocked some unknown IPs, which is good. Not sure if WF can do the same

 

[Handsome Recluse]

I don't see any impact on system performance
avast's firewall is extremely lightweight and easy to use after a short period of getting used to it. Still lighter than windows firewall + WFC

I saw avast's firewall silently blocked some unknown IPs, which is good. Not sure if WF can do the same

Hmmm. Weird. I never see comments on WF's heaviness.

 

[Evjl's Rain]

Hmmm. Weird. I never see comments on WF's heaviness.

no I meant Binisoft's Windows firewall control
that one + WF is supposed to be heavier

However, avast firewall sometimes uses a high amount of CPU but the system was still responsive

 

[OTMS]

Great config,i like your setup.
If you still using shadow defender + voodoo shield..why together?
and i'm also using this uBlock filters too,working like a charm

 

[Evjl's Rain]

Great config,i like your setup.
If you still using shadow defender + voodoo shield..why together?
and also using this ublock filters too,working like a charm

because sometimes I really want to run some unsafe apps so I must allow them via VS. in this case shadow defender can save the day if the unsafe apps break something
I just ran Shadow defender 1 time over the past few months