Most recent changes
Sep 17, 2018
Operating System
Windows 8.1
Windows Edition
Pro
System type
64-bit OS
Security Updates
Check for Updates only - User interaction for download and installation
User Access Control
Never Notify
Device Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Windows Defender SmartScreen (Windows 10)
User Account
Administrator - User has complete control over the device
Recent Security Incidents
No malware or privacy issues
Malware Testing
Malware on a secure VM - Full Network and File isolation
Real-time Web & Malware Protection
Kaspersky Security Cloud free, Syshardener, Run-by-smartscreen (by Andy Ful)
Security Protection settings
Custom - Major changes for Better Performance
Virus and Malware Removal Tools
Zemana, HitmanPro, NPE, Emsisoft emergency kit
Browsers and Extensions
Chromium portable x64 (RAMdisk cache): ublock origin, Notifier for Gmail, Google Translate, h264ify, Windows Defender Browser Protection, Popup blocker (strict)
Web Privacy
1/ ublock origin: Steven Black's hosts, 1hosts & many others
Password Management
None
Default Web Search
Google, Duckduckgo
System Utilities collection
CCleaner+CCenhancer, auslogic disk defragmenter, Defraggler Wise disk cleaner, Wise registry cleaner, IObit Uninstaller, Revo Uninstaller, Syshardener, O&OShutup, WPD, SumatraPDF, EagleGet, SoftPefectRAM Disk, Winrar, Everything Search Engine, Classic Shell, Run-by-Smartscreen
Data Backup
Dropbox, Google Drive
Frequency of Data backups
None
System Backup
Norton Ghost
Frequency of System backups
Occasionally
Device Specs
https://malwaretips.com/threads/rains-laptop.61841/#post-528136

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,790
Operating System
Windows 8.1
Antivirus
Avast
Does your Java blacklists persist with every Java update as the folder path changes with every version? Or can you block processes by folder/name in Process Lasso?
I just block the processes by name regardless of their paths. So if they update or change their path, they will still be blocked, unless they are renamed by malwares. Fortunately, I used group policy to block .jar execution just in case the processes are renamed

Capture.PNG
 

steel9

Level 4
Verified
Joined
Jun 23, 2017
Messages
179
Operating System
Windows 10
Antivirus
Kaspersky
updated some tweaks used for a while, too lazy to update them before:

1/ Process Lasso: disallowed wscript, cscript, powershell.exe, powershell_ise.exe, java.exe, javaw.exe
2/ Group Policy (SRP): blocked some extensions: .hta, .jar, .scr
3/ Regedit: blocked windows script host
4/ Windows Firewall:
- blocked all inbound connections
- block outbound: msra.exe, msha.exe, wscript, cscript, powershell, powershell_ise, conhost, cmd
Is it possible to block specific extensions (.scr for example) from executing via the registry if you run Windows 10 Home? Thanks
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,790
Operating System
Windows 8.1
Antivirus
Avast
Is it possible to block specific extensions (.scr for example) from executing via the registry if you run Windows 10 Home? Thanks
I'm afraid we can't do it
perhaps, it's possible but may require some skills
we can use apps like Hard_configurator to do something similar

maybe, @Windows_Security can teach us how to do it?
 

Windows_Security

Level 19
Content Creator
Verified
Joined
Mar 13, 2016
Messages
926
Operating System
Windows 7
Block unsigned elevation (allow unsigned programs to run, but not elevate to admin

Save as UAC_Block_Unsigned_Elevation.reg
------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000001

----- end


Allow unsigned elevation (allow unsigned programs to run, but not elevate to admin

Save as UAC_Allow_Unsigned_Elevation.reg
------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000000
 
Last edited:

Windows_Security

Level 19
Content Creator
Verified
Joined
Mar 13, 2016
Messages
926
Operating System
Windows 7
I have put this on my wife's laptop (which runs Windows 10 Home) and it seems to run fine.

I have to thank @Evjl's Rain, because he asked for registry tweaks to block certain file extensions, I realised that by removing EXE, DLL and MSI from the list of guarded extension I could realize this with an SRP-registry tweak.

Blocking dangereous extensions (while allowing EXE, DLL, MSI) and blocking unsigned elevation (while allowing them to run) should not interfere with normal usage (you can still run programs from user space), but stops 90% of the malware.
 
Last edited:

Andy Ful

Level 33
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,219
Operating System
Windows 10
Antivirus
Windows Defender
Is it possible to block specific extensions (.scr for example) from executing via the registry if you run Windows 10 Home? Thanks
Hard_Configurator can block any file extension in default deny mode (SRP). But it seems to me that you would like to block file extensions in SRP default allow mode. That can be done using the program Simple Software Restriction Policies, when changing some default settings and adding the global Disallowed rules: *.scr, *.hta , *.bat, *.cmd, etc. in the configuration file.
Blocking the extensions via SRP is good for blocking double extension malware like *.pdf.scr, *.jpg.hta, etc . So, the file will be blocked when the user will try to execute it by the mouse-click or pressing the ENTER key.
This protection does not prevent opening the files like *.hta , *.bat, *.cmd by the malware that already runs in memory.
 

Andy Ful

Level 33
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,219
Operating System
Windows 10
Antivirus
Windows Defender
@Andy Ful

Maybe give an example using Hard_Configurator with some screen shots?

regards Kees (and keep up the good work guys
( @Andy Ful for Hard configurator, @Evjl's Rain for posting tests)
With Hard_Configurator it is rather simple. Just download and install Hard_Configurator
Hard_Configurator/Hard_Configurator_setup(x64)_beta_3.1.0.0.exe at master · AndyFul/Hard_Configurator · GitHub
Hard_Configurator/Hard_Configurator_setup(x86)_beta_3.1.0.0.exe at master · AndyFul/Hard_Configurator · GitHub
x64 is for 64-bit Windows and x86 is for 32-bit Windows.
.
Next, run Hard_Configurator. Accept making System Restore Point and checking autoruns (see the picture 1h.png).
After this is finished, you can close the TOOLS window and the main window will be activated.
In the normal (not tweaked) system all options will be OFF (see picture 2h.png).
Press <Recommended SRP> and next <Recommended Restrictions> buttons. Hard_Configurator settings will be changed (see picture 3h.png). Yet, some settings require LogOFF to be fully activated by Windows.
Press <APPLY CHANGES> button to LogOFF from the account. If you LogON again the Hard_Configurator settings will be activated.
.
To uninstall Hard_Configurator press <Tools> button and next from the TOOLS window press the red button <Restore Windows Defaults> (see 4h.png). Next use the standard Windows uninstallation procedure.
 

Attachments

Last edited:

Andy Ful

Level 33
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,219
Operating System
Windows 10
Antivirus
Windows Defender
Hard_Configurator recommended settings are kind of default deny + whitelisting setup. Any executable file from C:\Windows, C:\Program Files (and C:\Program Files (x86) for 64-bit Windows) + whitelisted paths, will be allowed, but the rest will be blocked.
.
The only way to bypass default deny is to run executable using Explorer context menu (right mouse click on the file) and choose 'Run As SmartScreen' option. This will execute any EXE or MSI file with SmartScreen check and with Administrator privileges. This option can be used for the installations of the new programs.
.
Not dangerous files like documents, photos, media, etc. can be opened without problems from any locations by mouse-click or pressing Enter key, because they are not executable for SRP.
.
Files downloaded by web browser cannot be executed within the web browser. One should navigate to the Download folder and execute the file using Explorer context menu ('Run As SmartScreen').
.
This setup blocks many files that may contain executable content like *.exe, *.msi, *.scr, *.hta, *.bat, *cmd, *.jar, *.vbs, *.js, *.ps1, and many others. Files with protected extensions cannot be run by the user when mouse-clicking or pressing the Enter key - that protects users from being fooled by double extension malware (*.pdf.scr, *.jpg.exe, *.avi.msi, *.doc.hta, *.txt.bat, *.mp3.ps1, etc.).
But, if the malware is already running in the system, it can open them (except *.exe, *.scr, *.msi, *vbs, *.vbe, *js, *.jse, *wsf, *.wsh, that has extended protection). Also, PowerShell scripts can only be run by malware in Constrained Language mode that blocks PowerShell trojan downloaders, and most penetration tools based on PowerShell.
 
Last edited:

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,790
Operating System
Windows 8.1
Antivirus
Avast
Removed:
- Emsisoft AM: too high RAM usage (struggled to play games on my 8Gb laptop), unforgivable bug (exited EAM using the tray icon -> re-opened using start menu icon (a2start.exe) -> all protections were disabled + missing tray icon -> tried to open a2guard.exe -> all shields were on + the tray icon re-appeared -> exited EAM again -> performed the same steps above -> "A major problem prevents..." + tray icon never appeared again. Could no long start EAM anymore except a reboot)

Installed:
- Avast free: managed to be bug-less
 

Syafiq

Level 10
Verified
Joined
May 8, 2017
Messages
477
Operating System
Windows 10
Antivirus
@Evjl's Rain You're using KIS again, right ? You were said that you dislike the KIS's Performance in the past, is it feels light now ? Just asking :)
 
Likes: shmu26

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,790
Operating System
Windows 8.1
Antivirus
Avast
@Evjl's Rain You're using KIS again, right ? You were said that you dislike the KIS's Performance in the past, is it feels light now ? Just asking :)
the performance impact comes from application control especially during app installation the rest is fine. I usually disable KIS while installing apps because I don't want it to break the installation process so it's tolerable
 
Last edited:

Rebsat

Level 5
Verified
Joined
Apr 13, 2014
Messages
238
Operating System
Windows 7
Antivirus
Avast
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
 
Last edited:

shmu26

Level 71
Content Creator
Verified
Joined
Jul 3, 2015
Messages
6,010
Operating System
Windows 10
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
I had a conflict last week between Avast free and OSArmor. I was running Avast free in passive mode, and it was preventing OSArmor from actually blocking the things it is supposed to block. You would only know if you tested it, because everything "looked" as if it was running properly. So if you combo Avast with OSArmor, please do make a test, to make sure that OSArmor is working.
 

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,790
Operating System
Windows 8.1
Antivirus
Avast
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
hi, sorry for being late. I was busy. I'm fine. How about you, bro?
avast and OSA are fine. You can use windows firewall and you can block internet connections of vulnerable processes to orevent malwares from downloading payloads. I think it's good enough
if you want a 3rd party firewall, any of them is fine but I prefer a free firewall because home users don't need paid firewall as we are not usually targetted
you may try xvirus firewall. I think it's good

CF is even better but I prefer Kaspersky + CF than avast + OSA + CF or avast + CF (no OSA)

2/ I think they are not redudant together. Each one has their own job and there is no overlapping

if you use avast, make sure you disable the "stupid" hardware-assisted virtualization in troubleshooting because it's the cause of 80-90% of avast's problems and conflicts with other apps.mIt's okay to be used alone but problematic to be used in combo
 

Rebsat

Level 5
Verified
Joined
Apr 13, 2014
Messages
238
Operating System
Windows 7
Antivirus
Avast
According to Avast site...
Mail Shield is an additional layer of active protection in Avast Antivirus. It scans your incoming and outgoing email messages in real-time for malicious content such as viruses. Scanning applies only to messages sent or received using a mail management software (email clients, such as Microsoft Outlook or Mozilla Thunderbird). If you access your web based email account via an internet browser, your PC is protected by other Shields
Don't be sorry bro. I am good, thank you and I hope you are doing very well ;)

Questions:
1. Why did you Disable "Mail Shield" component in your Avast settings? and Have you faced any slowdown, conflicts, issues with enabling "Mail Shield"?

2. Can I benefit from enabling "Mail Shield" while I am running Microsoft Outlook 2010 with Gmail integrated into it? Guess I received an email from inbox of my Microsoft Outlook with malware attached file...

3. What the situation be like if I clicked a malware attached file inside an email from inbox of Microsoft Outlook 2010... Would Avast Free Antivirus (Evjl's Rain tweaks) or Comodo Firewall (cs settings) pop up an alert and block the malware? or any malicious/malware attached files from inbox of Microsoft Outlook is separate from entire windows security and is not protected by either Avast Free Antivirus and Comodo Firewall...
 
Last edited:

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,790
Operating System
Windows 8.1
Antivirus
Avast
According to Avast site...


Don't be sorry bro. I am good, thank you and I hope you are doing very well ;)

Questions:
1. Why did you Disable "Mail Shield" component in your Avast settings? and Have you faced any slowdown, conflicts, issues with enabling "Mail Shield"?

2. Can I benefit from enabling "Mail Shield" while I am running Microsoft Outlook 2010 with Gmail integrated into it? Guess I received an email from inbox of my Microsoft Outlook with malware attached file...

3. What the situation be like if I clicked a malware attached file inside an email from inbox of Microsoft Outlook 2010... Would Avast Free Antivirus (Evjl's Rain tweaks) or Comodo Firewall (cs settings) pop up an alert and block the malware? or any malicious/malware attached files from inbox of Microsoft Outlook is separate from entire windows security and is not protected by either Avast Free Antivirus and Comodo Firewall...
1. because I don't use outlook. I only use the web mail
2. yes, you will benefit from it. Mail shield will scan your mail as soon as they are downloaded to your outlook. It works like web shield for outlook
3. avast will block the malware before execution unless they are password-protected while CF will block after execution