Q&A How can I properly protect a process or whole software from getting terminated by malware?

SecureKongo

Level 23
Verified
Feb 25, 2017
1,230
8,537
Well, recently I got bored of doing tests on VMware Workstation 16 Player as I always need to set up a new machine after finishing my tests. The problem is that I can't create any snapshots for the current test system which makes testing a nightmare. Now I decided to whipe my old Laptop and use it for testing. I've got Shadow Defender and Surfshark installed, but still am a little paranoid about all that, cause I'm not sure if that's enough to protect my network. Malware could possibly terminate Surfshark and my home network would be exposed. So I want to find a good way to protect my VPN of getting terminated by any other software. I have the "Kill Switch" and the "invisible to devices" settings enabled to prevent any software to communicate with my other devices within my network. But as I said that isn't bulletproof and I would be glad if anyone had some kind of solution for this.

Thank you guys in advance! ;)
 

silversurfer

Level 76
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,577
71,452
Do you have ever tried another full VM like the free VirtualBox? There it's possible to take snapshots of system status.

Shadow-Defender & any good VPN should be good enough, @Der.Reisende still running the same (SD & VPN) and he never told us about any malware infection during his tests in the Hub all over the years...
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,230
8,537
Do you have ever tried another full VM like the free VirtualBox? There it's possible to take snapshots of system status.
I used VirtualBox but no matter what settings I tried, the system was always laggy and unresponsive. VMware Player was working fine, but now I have the Snapshot problem. Spending 200+ Dollars on VMware Workstation Pro with a restricted time of updates isn't an option either.

Shadow-Defender & any good VPN should be good enough, @Der.Reisende still running the same (SD & VPN) and he never told us about any malware infection during his tests in the Hub all over the years...
Yea, I already saw that he uses this setup but wasn't sure if he has any other software installed to reduce the risk of his network getting compromised.
 

Der.Reisende

Level 44
Verified
Trusted
Content Creator
Malware Hunter
Dec 27, 2014
3,370
39,800
I used VirtualBox but no matter what settings I tried, the system was always laggy and unresponsive. VMware Player was working fine, but now I have the Snapshot problem. Spending 200+ Dollars on VMware Workstation Pro with a restricted time of updates isn't an option either.


Yea, I already saw that he uses this setup but wasn't sure if he has any other software installed to reduce the risk of his network getting compromised.
Agree, never had anything bypass SD *knock knock*.
The only thing is a reboot will flush the session, so a BSOD or a malware leading to it will have data loss as consequense.

Apart from always-on VPN (it even is in AutoRun), only Bitdefender TrafficLight and Adguard ext in Browser.
As for my network, there is none, a single laptop, no local mail software installed / in use. And i provide my Internet via iPhone (Hotspot), as the amount of data my provider offers me is enough for my monthly needs (I do not get deductions on streaming paid services like Amazon,...).
Of course, apart from Steam no personal data on the machine, always latest updates.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,617
8,257
I think that's basically the same as @Minimalist said. It's a guest network that isolates the main network from the guest network.

My router has two Wifi networks and in each network settings, the client isolation option is there. I have enabled it in my guest network, but left it disabled in my personal network.
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,230
8,537
It is the one provided by my ISP. V-Tech NB403
So from what I understand its an isolation within an isolation. The guest network isolatest the user from the rest of the main network and Wireless Client Isolation isolates the device connected to the guest network, from the rest of the other devices within the guest network. Am I wrong?
 
F

ForgottenSeer 85179

So from what I understand its an isolation within an isolation. The guest network isolatest the user from the rest of the main network and Wireless Client Isolation isolates the device connected to the guest network, from the rest of the other devices within the guest network. Am I wrong?
Guest network using different IP range.
Client isolation only stopping client communication to eatch other.

If you enable client isolation, you can't play locally with friends in your LAN. Same also if you're in home network and they're in guest network.

I provide only guest network and manually add friends to my home network if we want play together (only important for locally LAN gaming).
Generally it's important to keep your home network as clean as possible and move all smart devices and unwanted devices to guest network.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,617
8,257
So from what I understand its an isolation within an isolation. The guest network isolatest the user from the rest of the main network and Wireless Client Isolation isolates the device connected to the guest network, from the rest of the other devices within the guest network. Am I wrong?
Well I am not sure how it works, but when I enable client isolation in my own network, I. O longer can print wirelessly for the printer is no longer detected. Even McAfee cannot detect connected devices on my network. Regarding the guest network, it is isolated from my own network and client isolation is enabled by default, so testing malware using the guest network is quite safe.
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,230
8,537
Well I am not sure how it works, but when I enable client isolation in my own network, I. O longer can print wirelessly for the printer is no longer detected. Even McAfee cannot detect connected devices on my network. Regarding the guest network, it is isolated from my own network and client isolation is enabled by default, so testing malware using the guest network is quite safe.
Well, I don't have that option in my router, but Windows has a similar option to block connections to other devices within the network so I should be fine too now. :)
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,617
8,257
Well, I don't have that option in my router, but Windows has a similar option to block connections to other devices within the network so I should be fine too now. :)
My router has nice features, but I do not have access to all of them for my ISP provided me with user access not admin access. I am not aware of that Windows feature. I’ll Google that.
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,230
8,537
So I was running a Makop ransomware sample on my testing system with Surfshark and Shadow Defender to test how Nano Antivirus Free performs nowadays. Sadly it didn't get blocked. Now to the problem: After some time I realized that Surfshark got shut down by the malware but as I had killswitch enabled Surfshark force shut down my connection.
So running a VPN on the same system where you are running the malware isn't the best approach. People using a VM should always install the VPN on their host to prevent such uncomfortable events.

Unbenannt.PNG
 
Last edited:
Top