Recent changes
Dec 2, 2019
Windows Edition
Pro
Sign-in account
Sign in with Microsoft ID
Log-in security
    • Account password
Account permissions
Administrator account
Security updates
Automatically allow security and feature updates
Windows UAC
Default - Notify me only when programs try to make changes to my computer
Malware samples
No - Malware samples are not purposely downloaded
Real-time Malware protection
  • Windows 10 Desktop and Surface Pro
    • Windows Defender - default configuration;
    • Cylance - default configuration;
    • Heimdal Foresight Home - default configuration
  • macOS Mojave
    • Cylance - default configuration;
    • Heimdal Foresight Home - default configuration
  • iOS 12.4.3
    • Better
    • Malwarebytes
    • Lookout
Firewall protection
Microsoft Defender Firewall
RTP configuration
None :oops:
Periodic scanners
  • Windows 10
    • Kaspersky TDSSKiller
    • Sophos Virus Removal Tool Free
  • macOS
    • Suggestions, please
  • iOS
    • Again, suggestions welcome as I am unaware of any.
VPN and Privacy
  • macOS Mojave
    • ublock origin
    • https everywhere
    • open to suggestions
  • Windows 10
    • uBlock origin
    • https everywhere
    • open to suggestions
  • iOS
    • Cylance Dashboard
    • LastPass
    • Malwarebytes
    • Lookout
    • Better
Browser(s) and Add-ons
Firefox - uBlock Origin, HTTPS Everywhere, VT4Browsers, LastPass, Grammarly, Window Resizer, React Developer Tools
Maintenance tools
CCleaner Portable, Steam, WinRAR, 7zip, Razer Central, Adobe CC, etc...

I am currently looking at SysHardener and PatchMyPC to add to utils.
Photos and Files backup
Windows Backup to Lacie USB HDD, Wednesday and Saturday
File backup schedule
Manually managed on a weekly basis
Backup and rollback
Windows Backup to Lacie USB HDD, Saturday
Backup schedule
Manually managed on a weekly basis
Activity usage
  1. Computer games
  2. Financial and sensitive documents
  3. Generic web browsing
  4. Streaming audio and video content from the Internet
  5. Downloading files from unfamiliar sites
  6. Working from home
  7. Video and photo editing

Computer hardware
  • Clone home built
    • Asrock X470 Taichi
    • AMD Ryzen 7 2700X
    • 2 x 8gb G.Skill Sniper X F4-3400C16D
    • Nvidia GTX 1070-ti
    • Corsair Force GT 120GB
    • Segate FireCuda 2.5 2TB
    • WD VelcociRatpr 300GB - Linux environment
    • Lacie Rugged 2TB for backups only
  • Router RT-AC87R
  • Looking to add a Netgate 1100 SC
*Please, let me know if I should list the MacBook Pro and the Surface Pro 3 settings here or create a new post for each.

jprivett

New Member
I was doing pretty good about staying on top of things, but have fallen off with things getting crazy at work in the last 2 quarters.
Please, I am open to suggestions, and I have been lurking around and reading as much as I can.
Looking to add a netgate sg-1100 to my hardware, I need fast transfers due to the nature of my work any better suggestions would be great.
 

Protomartyr

Level 6
Verified
Virus and Malware Removal Tools:
Emsisoft Emergency Kit, HitmanPro Free, and Malwarebytes Free are great second opinion scanners. ESET Online Scanner is another good thorough one but is heavy.

Sophos Virus Removal Tool (SVRT) hasn't been updated since October 2018 (if I recall correctly) but I think it still receive definition updates.
 

jprivett

New Member
Virus and Malware Removal Tools:
Emsisoft Emergency Kit, HitmanPro Free, and Malwarebytes Free are great second opinion scanners. ESET Online Scanner is another good thorough one but is heavy.

Sophos Virus Removal Tool (SVRT) hasn't been updated since October 2018 (if I recall correctly) but I think it still receive definition updates.

Thanks for the heads-up on SVRT,
I took a look-see at HitmanPro last year due to some of the comments on this site, just when it comes to the end-of-the-year time I get so slammed things go by the wayside.
I run Malwarebytes on my phone and will have to give them a try.
Despite the numerous mentions of Emsisoft on MalwareTips, I am not very familiar with the product.

I would believe when it comes to these types of tools, having a stack to work with is a best practice, eh?
I often wonder if the overlap is a good thing or can it be counterproductive when it comes to the nature of attack-protection; I may be overthinking this though.
 

Protomartyr

Level 6
Verified
HitmanPro is a good scanner though the free version only detects infections and won't remove them. Only the paid version is able to remove.

Since I have a lifetime license for Malwarebytes Premium, I run it real-time (which is probably not needed) alongside Windows Defender. Malwarebytes Free is on-demand (versus real-time on Premium) but does the job well.

Emsisoft is really active in battling ransomware and the company respects its user's privacy. I like the direction the company is going and the interactions I've seen with Emsisoft employees here on MalwareTips and other places have been positive. I haven't had any experiences with their main product, but I do like Emsisoft's Emergency Kit which is free.

The thing with second opinion scanners is that these aren't real-time and will only run when you choose to run them. Being on-demand means it won't have any impact on your system or interfere with each other. You should only have one real-time antivirus solution running on your system (Malwarebytes being the exception as it was originally made to be a complement to an antivirus). You rely on your main antivirus solution/suite for the real-time protection. Then when you suspect you may have an infection, you scan with these second opinion scanners to clean up anything your main antivirus may have missed.

I usually only run second opinion scanners once a month when I'm making my monthly system image backup or when I download a file that I'm not sure is safe.

I listed 4 different on-demand scanners just to give you options, but you only really need one or two on your system.
 

TRS-80

Level 1
@jprivett

Emsisoft's Emergency Kit is an extremely useful tool. You may just see it referred to as EEK. Their other offerings are worth a look too.

As of about a month ago SVRT was still receiving updates.......s l o w l y. I still use it occasionally. The lack of updates to the program are a concern.

If you don't already have one, I'd strongly advocate for the creation and, maintenance of a Windows Repair Disc.

If you're able to access the Web from a suspect machine you may get results using one of the free online scanners. I've found ESET Online scanner quite reasonable. It has served very well on some extremely compromised systems. I've encountered systems where multiple scans with items in the 'Tools List'(mentioned below) have detected further Malware after the online scan. If that occurs, I generally go back to the beginning of the “list” and repeat the same scans, frequently discovering further Malware, including with the online scanner. Yes, it can be resource heavy. Personally, I consider the temporary increase in resource usage to be outweighed by the results I've seen it achieve. Once the OLS is setup you can chose to have it scan your machine on a monthly basis. It is advisable to disable any other real-time A/V A/M software while it runs. Just remember to re-enable the protection once the scan completes.

MBAR - Malwrebytes Anti-Rootkit may be useful for occasional scanning on demand.

If you have the time, please have a quick look through my 'Tools List'(in my Security Config.) Just, please don't run tools without some understanding of what they do, how to use them and, understand the potential consequences and implications for your system.

I like to take a multi-layered approach when cleaning systems. I gather information about the system first. What's working vs what's not using different tools(assuming no Ransomware obvious on the machine.) Next I speak to the system owner to establish normal usage practices plus, any changes they have noticed. Then I choose my tools. Next, I follow a strict regime of cleaning, browser resets, etc.

I always carry at least one updated scanner that will boot from DVD/LiveUSB --> Linux Shell --> Update Definitions --> Full In Depth Scan with no exclusions. These include Kaspersky Rescue Disc, ESET Sysrescue, Avira(only scan one drive or partition at a time else scan may fail,) Dr Web, etc.

I'd avoid FRST(64/32).exe unless you understand it's functions, output and, Its ability to virtually “brick” a system if not used properly. Never run a FIXLIST unless you completely understand what you're doing. If you get to the point of needing one please go to the Support Forum and request assistance in Malware Removal. The people there KNOW their “stuff.”

I neglected to mention the SysInternals Suite of tools. Again, please read up before using.

Finally, I'd suggest bumping your UAC settings to Maximum.

All the best & safe computing,


@TRS-80 🍿 :coffee:
 
Last edited:

jprivett

New Member
@jprivett

Emsisoft's Emergency Kit is an extremely useful tool. You may just see it referred to as EEK. Their other offerings are worth a look too.

As of about a month ago SVRT was still receiving updates.......s l o w l y. I still use it occasionally. The lack of updates to the program are a concern.

If you don't already have one, I'd strongly advocate for the creation and, maintenance of a Windows Repair Disc.

If you're able to access the Web from a suspect machine you may get results using one of the free online scanners. I've found ESET Online scanner quite reasonable. It has served very well on some extremely compromised systems. I've encountered systems where multiple scans with items in the 'Tools List'(mentioned below) have detected further Malware after the online scan. If that occurs, I generally go back to the beginning of the “list” and repeat the same scans, frequently discovering further Malware, including with the online scanner. Yes, it can be resource heavy. Personally, I consider the temporary increase in resource usage to be outweighed by the results I've seen it achieve. Once the OLS is setup you can chose to have it scan your machine on a monthly basis. It is advisable to disable any other real-time A/V A/M software while it runs. Just remember to re-enable the protection once the scan completes.

MBAR - Malwrebytes Anti-Rootkit may be useful for occasional scanning on demand.

If you have the time, please have a quick look through my 'Tools List'(in my Security Config.) Just, please don't run tools without some understanding of what they do, how to use them and, understand the potential consequences and implications for your system.

I like to take a multi-layered approach when cleaning systems. I gather information about the system first. What's working vs what's not using different tools(assuming no Ransomware obvious on the machine.) Next I speak to the system owner to establish normal usage practices plus, any changes they have noticed. Then I choose my tools. Next, I follow a strict regime of cleaning, browser resets, etc.

I always carry at least one updated scanner that will boot from DVD/LiveUSB --> Linux Shell --> Update Definitions --> Full In Depth Scan with no exclusions. These include Kaspersky Rescue Disc, ESET Sysrescue, Avira(only scan one drive or partition at a time else scan may fail,) Dr Web, etc.

I'd avoid FRST(64/32).exe unless you understand it's functions, output and, Its ability to virtually “brick” a system if not used properly. Never run a FIXLIST unless you completely understand what you're doing. If you get to the point of needing one please go to the Support Forum and request assistance in Malware Removal. The people there KNOW their “stuff.”

I neglected to mention the SysInternals Suite of tools. Again, please read up before using.

Finally, I'd suggest bumping your UAC settings to Maximum.

All the best & safe computing,


@TRS-80 🍿 :coffee:

Thank you for taking the time to write out some of your best practices!

I duly appreciate the effort.

I believe one of these days real soon, I will have to put together a machine solely for the purpose of learning and testing...something that can be wiped and I won't gain any more grey hairs over it.

I do this with Raspberry Pi's and my current endeavor with Linux and certifications, why not adopt a similar approach with my opsec learning.

I must say, I am really glad I came out of lurk mode and made this post--I am loving the community here.
 

TRS-80

Level 1
@jprivett

Thank you for your kind and logical reply!

Having a machine(often older) to test with is a great idea. I'd suggest reading up on Virtual Machines too. As you're likely aware, they can be helpful for many purposes including Malware Testing. If correctly configured they can aid in mitigating problems requiring complete system rebuilds. I can't claim to be an expert with them but, I'm certain somebody here will be able to assist you.

I'm also glad you decided to “come in from the cold.” A whole lot more is available to you now. I hope you're able to make use of the available information and, great people, to achieve your goals.

Learn and enjoy!


TRS-80 (y)