Status
Not open for further replies.

Duotone

Level 10
Verified
Great explanations made by @hjlbx and @FleischmannTV...

Going to keep NVTERP Alert mode(Beta) in my setup just realize yesterday it can detect invalid certificates even VT/Zemana didn't detect any sign of tampering.

AppGuard doesn't protect against browser hijacks - but fixing that is easy enough. In most cases, just run CCleaner. If that doesn't fix it, then it simply requires a manual inspection of C:\Users\User\* - and perhaps C:\Program Data.

Protecting against browser hijacks is the only benefit I personally can see an advantage to using Sandboxie. Otherwise, Sandboxie eventually always turns out to be a real annoyance when browser or OS updates mess with it - sometimes badly. I'm not saying Sandboxie is not worthwhile - because it certainly is worthwhile. I do like Sandboxie, but for me personally, I have no need of it - at least not based upon my computing habits.
True, OS or browser sometimes do mess up Sandboxie I can go without SBIE but I like a clean browser and if an exploit is blocked its only a matter of deleting the sandbox same goes for malware coming from other drives(USB).
 
D

Deleted member 178

No need AV with ERP + Appguard for the reason @hjlbx and @FleischmannTV gave. I have one (which is Windows Defender) because im in Windows 10, if i was was on Windows 7 i won't even thinking adding one.

ERP + Appguard properly configured are extremely hardly bypassable; and if on top you have HMPA and sandboxie as i do ; only yourself can infect your system.
 

shmu26

Level 85
Verified
Trusted
Content Creator
NVT ERP can be bypassed by abusing NET Framework and other vulnerable, but white-listed Windows processes. This can be greatly mitigated by adding those processes to the NVT ERP Vulnerable Process list. It's very simple to do...
could you suggest a list of processes that should be added to Vulnerable in NVT ERP?
that sounds like a good tweak.
windows 10 x64
 

Azure

Level 25
Verified
Content Creator
could you suggest a list of processes that should be added to Vulnerable in NVT ERP?
that sounds like a good tweak.
windows 10 x64
Here's a list that @hjlbx posted sometime ago.
Vulnerable Processes

My suggestion would be to find out what each of those processes do before adding them, and if you do add them one at a time making sure your computer works okay.
Though I'm sure @Umbra will give you far better suggestion than me, so you should listen to him.
 

jamescv7

Level 85
Verified
Trusted
No need for AV.

That is the concept of Anti-Exe Policy based where all you need is a good training eye for analysis. Rules will be the basis for the effective protection against possible intrusion.

The technicality of the program are already mentioned by our highly knowledgeable members, so its up to you if planning to remove AV due to obsolete techniques.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Your setup is already complete overkill as it is. AppGuard alone would be enough.
I am now revisiting AppGuard, this time with a little more understanding. Indeed, I now see that AppGuard alone is capable of doing the job, although adding NVT ERP does give you a more convenient way to monitor vulnerable processes.
HitmanPro.Alert and Sandboxie are not needed, in my opinion.
A simple AV like Windows Defender is a good safety net.
 

boredog

Level 9
Actually Windows Defender, Shadow Defender and Appguard are all anyone needs. Although as Cruelsister points out a good anti-key logger is a good idea if using Shadow Defender only.
 

HarborFront

Level 53
Verified
Content Creator
I am now revisiting AppGuard, this time with a little more understanding. Indeed, I now see that AppGuard alone is capable of doing the job, although adding NVT ERP does give you a more convenient way to monitor vulnerable processes.
HitmanPro.Alert and Sandboxie are not needed, in my opinion.
A simple AV like Windows Defender is a good safety net.
An AV can do like detecting and blocking a malicious file during downloading or immediate scanning after the file is being downloaded.

This is something that AppGuard and NVT ERP cannot do.

Consider the AV as a first line of defense.
 
Last edited:
5

509322

I now see that AppGuard alone is capable of doing the job, although adding NVT ERP does give you a more convenient way to monitor vulnerable processes.
It is not so much a difference in protection as it is a difference in what the user wants. Some users want to disable stuff and have it blocked by default and the soft generate an alert. Others want silent blocking. Those options are available in both AppGuard and anti-executables. Such users already understand that something blocked is not something permanently broken - and are completely comfortable with it. They don't have nagging doubts that something blocked is damaging their system in some unknown, unwanted, damaging way.

There are those that desire the information feedback of an alert. Actually, AppGuard does give alerts and the user can tailor them. Anti-execs do the same.

Still others want the ability to regulate execution of certain processes. Those guys are rare as few people knowingly use vulnerable processes on any kind of regular basis.

So it all comes down to what the user wants. Silent blocking, blocking with alerts, use of alerts to control certain processes, etc.
 

HarborFront

Level 53
Verified
Content Creator
Now you have me intrigued. After memory protection and vulnerable process protection is in place, what credible threat to the browser is left?
Presuming if you do NOT want an AV, which forms the first line of defense, then the next line of defense will be offering protection when the malicious file is being accessed or loaded into memory.

Is it a good move to do away the AV? I mean protecting during in-process and outgoing? If we take a process it'll be like this

INCOMING ==> IN-PROCESS ==> OUTGOING

So, you let the malicious file to come in but you block it during accessed and/or kill it during in-process (in memory) and blocking it from calling home.

Would this be good enough for a system protection set up? I suppose having Shadow Defender (SD) would be best in case if in-process protection fails
 

shmu26

Level 85
Verified
Trusted
Content Creator
Presuming if you do NOT want an AV, which forms the first line of defense, then the next line of defense will be offering protection when the malicious file is being accessed or loaded into memory.

Is it a good move to do away the AV? I mean protecting during in-process and outgoing? If we take a process it'll be like this

INCOMING ==> IN-PROCESS ==> OUTGOING

So, you let the malicious file to come in but you block it during accessed and/or kill it during in-process (in memory) and blocking it from calling home.

Would this be good enough for a system protection set up? I suppose having Shadow Defender (SD) would be best in case if in-process protection fails
Does this relate to sandboxing the browser, or is it a different point?
 

Peter2150

Level 7
Verified
Now you have me intrigued. After memory protection and vulnerable process protection is in place, what credible threat to the browser is left?
Two things.

1. It's another layer, and
2 Sbie does one thing none of the others do. It cleans up the junk left on your system I am sometimes amazed at how much there is.
 
Status
Not open for further replies.
Top