Basic Security kev216 Security Configuration 2018

[kev216]

@Arequire @Winter Soldier There is a thread created on the Sophos forums some days ago for requesting new features. Ransomware and quarantine are on that list and a staff member confirmed the team knows about them. So I hope they finally will start to implement that now.

 

[kev216]

Light & effective config my frd

Veeam for data backup, how is it?

What for system backup?

So far Veeam is doing well. Still playing with it though.
System backup can also be done with Veeam, but I would rather install a fresh copy of windows in case something goes terribly wrong.

 

[Arequire]

@Arequire @Winter Soldier There is a thread created on the Sophos forums some days ago for requesting new features. Ransomware and quarantine are on that list and a staff member confirmed the team knows about them. So I hope they finally will start to implement that now.

I'll believe it when I see it. @Alex at Sophos posted this yesterday on Wilders that leave me sceptical:

I know that part of the reason behind not adding a quarantine feature is because the user base. A large portion of the Sophos Home users don't have the same security or tech background like many of the Wilder's users, for example. They don't want or like to deal with quarantines. They want a solution that makes smart decisions for them. We oblige by doing just that, making sure on the engineering side that we can get false positives as close to zero as possible.

Now granted, we can't just please one side of the user group. That's why we have the "allow" or "clean" functionality for PUAs, which are a more common false positive for AVs.

It's a bit of a balancing act. In our previous Home User AV (which was just for Macs at the time), we had a quarantine feature. It's not that we can't do it (we totally can), but we have to also deal with the feedback from a lot of other users who say "don't quarantine things. Just delete them. I don't know if they're bad or not. You make the decision."

 

[kev216]

I'll believe it when I see it. @Alex at Sophos posted this yesterday on Wilders that leave me sceptical:

Hmm... Interesting post @Arequire. But why they make it so complicated? A simple solution to get everyone happy is to add the quarantine feature to the product, but just add an option in the dasboard like 'use quarantine or delete immediately'. That way users that want the quarantine have the possibility to use it and restore files, others that doesn't want it use Sophos Home as it is currently without it. Even to keep following your strategy @Alex at Sophos, just disable it by default (as it is now) and people that want to use it, must activate it in the dashboard. The Sophos team strives to get as low fp's as possible, but you can't avoid them completely, so in my opinion a restore function is necessary. If they can add it, why not, just make it an option.

 

[Arequire]

Hmm... Interesting post @Arequire. But why they make it so complicated? A simple solution to get everyone happy is to add the quarantine feature to the product, but just add an option in the dasboard like 'use quarantine or delete immediately'. That way users that want the quarantine have the possibility to use it and restore files, others that doesn't want it use Sophos Home as it is currently without it. Even to keep following your strategy @Alex at Sophos, just disable it by default (as it is now) and people that want to use it, must activate it in the dashboard. The Sophos team strives to get as low fp's as possible, but you can't avoid them completely, so in my opinion a restore function is necessary. If they can add it, why not, just make it an option.

I have no clue why it has to be so complicated. Quarantine is standard in every other AV I know.
I think there's a serious danger in the automatic deletion of files. We've seen multiple AVs slip up and end up quarantining/deleting clean files in the past (Panda quarantined its own files, Microsoft quarantined/deleted Google Chrome and its files, Avast in just the past 3 weeks flagged an absolute ton of clean files as malicious) and if one day those turn out to be critical Windows files that allow the OS to boot or run correctly, those users who want malicious files deleted automatically are in for a big shock, 'cause I'm betting those people don't know how to reinstall an OS or keep system image backups lying around.

 

[Winter Soldier]

@Arequire @Winter Soldier There is a thread created on the Sophos forums some days ago for requesting new features. Ransomware and quarantine are on that list and a staff member confirmed the team knows about them. So I hope they finally will start to implement that now.

Thanks @kev216 for pointing out and also I hope to see something concrete.
Actually, it is quite strange because in the development phase of a product, the quarantine has to be implemented to give the user the correct capacity of control on the detected object.

 

[_CyberGhosT_]

Awesome config Kev my brother
Thanks for sharing.

 

[_CyberGhosT_]

@kev216
Hey Kev, have you tried WFC ? if so why did you opt
for Tinywall ?
I'm just curious brother

 

[kev216]

@kev216
Hey Kev, have you tried WFC ? if so why did you opt
for Tinywall ?
I'm just curious brother

When I searched for something like that, Tinywall was the first that I saw, so I started to use it and I'm happy with it. Haven't looked at Binisoft WFC yet, will give it a try too soon

 

[kev216]

Removed: Heimdal Pro, herdProtect
Added: Tinywall (normal mode with custom firewall rules), Betternet VPN extension

Went back to my older superlight Sophos + Tinywall + Adguard (extension) combo.

 

[FrFc1908]

Nice combo kev....well done! I have tried out sophos from a fresh image but my machine did not liked it at all. Chrome froze and did had a super hard time opening up , whilst "Kevaldi" ran super-smooth! It also interfered with the toolwiz time freeze install. I also could not login to the sophos dashboard , so it was super awkward in use for me , a real shame because I really liked the simplicity of this program. Had to revert back to avast free av.

 

[SHvFl]

Is Sophos home the new beta thing they have going?

 

[kev216]

Is Sophos home the new beta thing they have going?

No, I'm still using the old free non-beta version. I upgraded to the beta for a couple of days when it came out, but it had too many bugs then, so I went back to the other one.

 

[SHvFl]

No, I'm still using the old free non-beta version. I upgraded to the beta for a couple of days when it came out, but it had too many bugs then, so I went back to the other one.

Cool. I was asking because i also tried the beta thing but it was very limited in what i could and could not do. Very annoying.

What i noticed though it that it is very very light and offers solid protection. Not bad if you ask me.

 

[kev216]

Update:
Removed:

• Sophos Home (My patience waiting for the quarantine is almost at the end. Very good product, but it lacks such a simple component. Might switch back when they finally will implement it and when I like the implementation of it)

Installed:

• Forticlient (Custom settings in XML for maximum protection: Heuristics set to maximum (4), Sandbox signatures enabled, Extreme database enabled and some other less important minor tweaks I'm still playing around with)
• Hubic Cloud Desktop app

 

[kev216]

Update:
Removed Forticlient. A little too heavy on my system and some websites were loading slow because of the web component. Installed Sophos Home free again, because that's a software I never had performance issues with. From what I read, the Sophos team is working on something like a quarantine for Sophos beta, so I need to prolongue my patience again a bit I guess...

 

[FrFc1908]

Update:
Removed Forticlient. A little too heavy on my system and some websites were loading slow because of the web component. Installed Sophos Home free again, because that's a software I never had performance issues with. From what I read, the Sophos team is working on something like a quarantine for Sophos beta, so I need to prolongue my patience again a bit I guess...

Some old habbits do never change kev! Home is where the heart is! Nice simple setup as ever!

 

[kev216]

Update:
Removed: Sophos Home Free 1.3.1
Added: Panda Dome Free 18.0.6

Removed Sophos not because I didn't like it anymore, but because Panda is much much lighter (not more than 15mb ram, cpu never more than 1% and my laptop battery lasts up to 1.5 hours longer than with Sophos with the same computer usage). Most irritating bugs from previous Panda versions are also gone now (such as missing notifications, slow UI, wifi dropouts, realtime protection crash, no more slowdowns with browsing...) Detection is also much improved as well as overal speed of the program.
Opening programs is also much faster with Panda than with Sophos Home. I wasn't really a fan of Panda anymore with their previous product lines, but I'm impressed with their new Dome versions. Might consider upgrading to Dome advanced.

 

[Deleted Member 3a5v73x]

@kev216 Nice. Panda Dome is also in my top security suite list. What I don't like is that you still have to manually check for software upgrades, e.g. you will not even notice that 18.0.7 has been out for a week, and there's nowhere official information to be found that new version is out, unless you manually download new installer or if some 3th party website notifies about it. It's still incompatible with Shadow Defender and exclusions doesn't help, it's reported however. There are other minor annoyances with Dome, but as for a new product, malware protection wise it has potential to be among the best, I just wish they more frequently release new versions.

 

[LDogg]

Not very keen on Panda myself, but as that's your personal choice I won't add further . Alongside Panda you could add OSArmor as anti-exploit protection.

Important: Set UAC to Always Notify.

I don't know much about Vivaldi, can this use Google extensions, or does this have it's own store?

The rest looks good.

~LDogg