Advice Request If you could pick only one program for protection.

Please provide comments and solutions that are helpful to the author of this topic.

Digmor Crusher

Level 25
Thread author
Verified
Top Poster
Well-known
Jan 27, 2018
1,436
A lot of your suggestions are sound, but most if not all are not 100% effective, few are. So lets say which programs, that you may or may not use, do you think are the most bullet-proof, in other words which provide the closest to 100% protection?

Thats why I say Appgaurd, configured properly, and Voodoo Shield may be the closest. HM to Comodo with CS settings.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,711
Thats why I say Appgaurd, configured properly, and Voodoo Shield may be the closest. HM to Comodo with CS settings.

One would need to include Hard_Configurtor as well in the bullet-proof catedgory. See @askalan tests here in past months.

Set-and-forget goodness! Just saying.:notworthy::)
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Satak Malware Buster :ROFLMAO: :ROFLMAO:
Satak-Malware-Buster_1.png
 
Last edited:

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
AppGuard, if money is no object. I believe it is the most complete product on the market in terms of reducing attack surface. And when properly configured, I believe it can stand up to just about anything you throw at it. The only vulnerability it has is visiting nephews, which is solved by adding a password.

I like the idea behind VoodooShield, but it will never be the father of AppGuard. VS slows the system down by uploading everything to VT and waiting for a result. If you want to turn that feature off, then you have to pay. It's cheaper than AG, but I know what I'm paying for. And I don't like prompts. If I want to install something, then I can quickly lower the protection level to temporarily allow installs. I would rather have to launch an installer twice because I forgot to allow the first time, than have to go through a flurry of alerts every time.

If money is an object, then Cruel Comodo is my next choice. In time, I hope to know more about H_C. As of right now, I don't know if it has any memory protection or not, and I also don't know if configuration changes require a reboot or not. Until I know that, I know what Cruel Comodo is capable of, and I can turn off all alerts and just toggle Auto-Containment when I need to install something.

I'm okay with a little bit of tinkering from time to time, but in moderation. The older I get, the less entertaining it is to tinker, and I especially don't want to play with productive machines. I like a simple on/off switch to allow software installation (with password protection for community machines), that automatically re-enables protection in 15-20 minutes in case I forget.

I see KIS got a lot of votes. If Kaspersky has a feature that can consistently block 100% of zero-day threats, then I'd like to know more. If not, then never mind. Everybody says "it's enough for anything you're likely to encounter." I don't care how likely I am to encounter a targeted attack. With AI malware in the wild, it is unwise to assume home computers are safe. 10 years ago, Ian "Gizmo" Richards said the name of the game is "don't get infected." An ounce of prevention is worth a pound of cure. I'll take 100% protection over 99%.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Does that include fileless processes, or just self-contained binaries? If it's just anti-exe, that's nothing special.
yes, because fileless files are usually executed from a script file (.bat, .ps1, .hta, .js, .vbs,...). Those can be filtered by TAM

anyway, it's better to deny execution of these extensions or script handlers so they can't do any harm to your computer
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Oh, so TAM can block process injection? Any tests?
yes, it can also block process injection
however, TAM only allow verified safe apps to run so malwares have very little chance to bypass Kaspersky's verification. If the malware is not allowed to run in the first place, it can't do anything do your PC
in case an app is allowed to run, we can still set a rule for Kaspersky Application control to stop Process injection for specific apps or a category of app. It's complicated and not recommended for us to mess with unless we have enough knowledge

here is the screenshot shows that kaspersky can be set to block code injection to a process - blue box (screenshot from google)
kis2018_13626_0613-402298.png

Kaspersky's application control is HIPS so it can do almost everything to a process (block code injection, for example)
TAM = application control but is set to block by default if something is not verified to be safe
 
Last edited:

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
825
Oh, so TAM can block process injection? Any tests?
TAM doesn't (directly) block Process injections!
It blocks the associated file (prevent it from running) like HIPS .A Trusted mode!
For some rare reason the file is trusted and has valid signature as per KSN..then TAM is dead!
TAM is not a behavior or reparing module it just a FILE REP module!
Process injections or for instance any sort of infection has nothing to do with TAM
TAM-Whitelisting module as per KSN
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top