Advice Request If you could pick only one program for protection.

Please provide comments and solutions that are helpful to the author of this topic.

Dave Russo

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,130
Umbra said:
In fact, with hindsight, I won't pick any security solution, I just need my Windows 10 Enterprise. It has all I need to ensure my security.
Click to expand...
Just a little surprised by your response,though I am not questioning your answer,I figured you would pick Appguard as you have been a strong enthusiast and apparently rightfully so
 
  • Like
Reactions: Protomartyr, bribon77, DDE_Server and 2 others
F

ForgottenSeer 823865

Dave Russo said:
Just a little surprised by your response,though I am not questioning your answer,I figured you would pick Appguard as you have been a strong enthusiast and apparently rightfully so
Click to expand...
This would be still true if I'm using Win10 Home.
However, Win10 Enterprise can do what Appguard Solo does, it is just less simple and intuitive, AG greatly simplify the procedure.
Im still a Appguard enthusiast (can't find better at the moment) but not at the point to requires it when the OS delivers me mostly the same options.
To me, liking a software (how great it is, and how much I like it) doesn't mean I must use it everywhere like a junkie as if there is nothing else in the world.

I have to say AppGuard Enterprise would fit my needs but it is only for big corporations since it requires your own Window Server OS (physical or virtual) to use it, and I'm not even talking about its cost.
 
  • Like
  • Applause
Reactions: Protomartyr, KonradPL, Venustus and 4 others
F

ForgottenSeer 823865

ebocious said:
Does AppGuard Enterprise have important functions that can't be had in the Solo edition?
Click to expand...
Yep.
Solo only protect the memory of lsass.exe (to prevent the DoublePulsar injection).
Enterprise allow you to protect all processes. Which is a game changer.

Solo has a its "private folder" features, which prevent "Guarded" processes (Guarded means restricted, usually those exploitable) to access your sensitive folders.
Enterprise has this option enhanced, you will have "vaults" , it means you select folders as vaults, and every processes you didn't whitelist can't access it.

There is plenty of other things especially concerning the blocking of processes, DLLs, drivers, etc...which are more granular than Solo.

Of course, Enterprise means management of AppGuard via remote console for easier deployment and setup, which Solo can't.

The AG Enterprise client (the program you install on the endpoints) can't be used to modify the policies, only the management console can, so once deployed, the user can't modify the policy , hence can't weaken it to install his crap.
Solo however can be configured locally by the user if no password has been implemented.
 
Last edited by a moderator:
  • Like
Reactions: Protomartyr, Dave Russo, Venustus and 2 others
ebocious

ebocious

Level 5
Verified
Well-known
Oct 25, 2018
236
Umbra said:
Yep.
Solo only protect the memory of lsass.exe (to prevent the DoublePulsar injection).
Enterprise allow you to protect all processes. Which is a game changer.

Solo has a its "private folder" features, which prevent "Guarded" processes (Guarded means restricted, usually those exploitable) to access your sensitive folders.
Enterprise has this option enhanced, you will have "vaults" , it means you select folders as vaults, and every processes you didn't whitelist can't access it.

There is plenty of other things especially concerning the blocking of processes, DLLs, drivers, etc...which are more granular than Solo.

Of course, Enterprise means management of AppGuard via remote console for easier deployment and setup, which Solo can't.

The AG Enterprise client (the program you install on the endpoints) can't be used to modify the policies, only the management console can, so once deployed, the user can't modify the policy , hence can't weaken it to install his crap.
Solo however can be configured locally by the user if no password has been implemented.
Click to expand...
Thank you for this information. I was aware of the remote console for network environments, but I didn't know that Solo can only prevent memory injection in lsass.exe, and not in any other process under its protection.
 
  • Like
Reactions: Dave Russo and Venustus
F

ForgottenSeer 823865

ebocious said:
but I didn't know that Solo can only prevent memory injection in lsass.exe, and not in any other process under its protection.
Click to expand...
To be exact, AG Solo will prevent reading/modifying the memory space of any process from Guarded Apps.
while AG Enterprise (AGE) will prevent reading/modifying the memory space of any process from any others (based on policy, AGE has no such things as default settings).
 
  • Like
Reactions: Protomartyr, KonradPL, Dave Russo and 3 others
ebocious

ebocious

Level 5
Verified
Well-known
Oct 25, 2018
236
Umbra said:
To be exact, AG Solo will prevent reading/modifying the memory space of any process from Guarded Apps.
while AG Enterprise (AGE) will prevent reading/modifying the memory space of any process from any others (based on policy, AGE has no such things as default settings).
Click to expand...
Gotcha. That makes sense. I'm assuming this is an exhaustive list of LOLBAS here. Does AGE automatically shield all of them, or the most commonly exploited ones?
 
  • Like
Reactions: Protomartyr, Dave Russo and Venustus
F

ForgottenSeer 823865

ebocious said:
Gotcha. That makes sense. I'm assuming this is an exhaustive list of LOLBAS here. Does AGE automatically shield all of them, or the most commonly exploited ones?
Click to expand...
AGE does nothing automatically, of course you some few areas/entries who are already preset like you have in Solo, but when it comes to specific LOLbins (like in the list) you have to input them manually one by one. Again, in corporate environment, there is no such thing as "default policies", since every environment is unique (unlike Home user ones), a default policy may wreck havoc.
Anyway we are far offtopic , and 99% of the members here won't even be interested by AGE.
 
  • Like
Reactions: Protomartyr, Dave Russo, Venustus and 1 other person
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Umbra said:
In fact, with hindsight, I won't pick any security solution, I just need my Windows 10 Enterprise. It has all I need to ensure my security.
Click to expand...

Bravo you came to the most obvious conclusion.(y)(y)(y)
You have therefore chosen 0 programs to obtain what the 3D title requires.
Also because OS + Firewall + Router would be excluded from this hypothetical restrictive choice.
I can't choose the OS because it's the weakest link in my "security chain".
But I can choose the browser.;)

ebocious said:
In the vast majority of cases, that is true. But it is still possible for a desperate hacker to go portsweeping, and your browser has nothing to do with that.

If any application on your computer listens on the firewall, it is a potential vector. At that point, it's up to your network and/or host security to stop exploits from gaining a foothold, or prevent anything from getting out if they do. Your browser is your frontline defense, but it should not be your only defense.
Click to expand...

And in fact it is not my only defense. ;) :)
 
Last edited:
  • Like
Reactions: Protomartyr, Prorootect, Dave Russo and 2 others
F

ForgottenSeer 823865

Sampei Nihira said:
I can't choose the OS because it's the weakest link in my "security chain".
Click to expand...
yeah, in fact , you can as i do (by choosing Linux) but we will lose access to some programs we definitely needs (MS Office in my case). The day i won't need MS Office, will be the day i wont need Windows anymore.
In fact, i'm just waiting to buy a powerful laptop with 32+Gb RAM so i can run Qubes OS on it.
 
  • Like
Reactions: Protomartyr, Dave Russo, roger_m and 1 other person
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
yeah, in fact , you can as i do (by choosing Linux) but we will lose access to some programs we definitely needs (MS Office in my case).
Click to expand...
Even though we need MS Office, I still think Linux is the single best security software, for the following reason:
You will be running Windows in a virtual machine, and it will thus be isolated from detachable USB devices, which are the hardest malware vectors to control.
 
  • Like
  • +Reputation
Reactions: Nevi, Protomartyr, Dave Russo and 2 others
bribon77

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
I think we are deviating from the main topic.
The theme is, "If you could pick only one program for protection"
Therefore a Browser or Operating system It is not a protection program, but to for protect them.
 
Last edited:
  • Like
Reactions: Nevi, roger_m, Protomartyr and 3 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
bribon77 said:
I think we are deviating from the main topic.
The theme is, "If you could pick only one program for protection"
Therefore a Browser or Operating system It is not a protection program, but to for protect them.
Click to expand...

Web Browser = software application = Application software (app for short) is a program..........

en.wikipedia.org

Web browser - Wikipedia

en.wikipedia.org en.wikipedia.org

Application software - Wikipedia

en.wikipedia.org en.wikipedia.org

;);)

So the browser it's a program.
In my opinion it also has a protective function.

P.S.
I understand that almost certainly the author of 3D meant anything else.:geek:
 
Last edited:
  • Like
  • HaHa
Reactions: roger_m, Dave Russo and bribon77
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
473
TairikuOkami said:
Yandex Browser. Considering, that pretty much the only way I could get infected is via a browser, like 99,99% chance. So I focus my efforts there.
To put it bluntly: Emails are opened in txt, so I could only click on the link. Discord/Steam, again, I could click on the link within the message. :sneaky:
Click to expand...

Why Yandex and no other browser?
 
  • Like
Reactions: Nevi
bribon77

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Sampei Nihira said:
Web Browser = software application = Application software (app for short) is a program..........

en.wikipedia.org

Web browser - Wikipedia

en.wikipedia.org en.wikipedia.org

Application software - Wikipedia

en.wikipedia.org en.wikipedia.org

;);)

So the browser it's a program.
In my opinion it also has a protective function.

P.S.
I understand that almost certainly the author of 3D meant anything else.:geek:
Click to expand...
Sorry to contradict it. But a Protection program is an Anti-exe, an antivirus, a Sanbox. SRP a firewall , HIPS etc. But not a browser or an operating system.
I understand I can be wrong.:)
 
  • Like
Reactions: Nevi, roger_m, Dave Russo and 2 others

Similar threads

anirbandutta01
    • Like
Serious Discussion Safe mode protection
Replies
11
Views
875
General Security Discussions
Brahman
Brahman
Victor M
    • Like
    • Applause
Serious Discussion Why would a hacker attack you?
Replies
8
Views
756
General Security Discussions
fskhanonline
F
C
    • HaHa
    • Wow
    • Like
Serious Discussion I am a target of persistent hacking, and I am looking for advice on how to overcome this
Replies
35
Views
2,414
General Security Discussions
SpiderWeb
SpiderWeb

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top