LegitPC Desktop Config

legitpc · Sep 21, 2016

My PC configuration focuses on cutting delays from real-time scanning and using a lot of common sense. Signature based scanning is used when common sense fails.

UAC is disabled as I am running an admin account, can recognize apps that require admin rights, and have a HIPS blocker that would function in redundancy to the UAC prompts.

On my laptop I have everything the same stuff except I am running SecureAPlus + Windows Firewall Control 4 for licensing reasons.

DJ Panda · Sep 21, 2016

I would highly recommend enabling UAC and SmartScreen to default. I would also like to mention ANY HIPS program is NOT a substitute for UAC. Usually the programs are high quality but its been to be safe than sorry.. You can never know for sure what is given administrator privileges without UAC. Some programs are best without such privileges if you know what I mean.

Exterminator · Sep 21, 2016

Enable UAC & Smartscreen.Thanks for sharing your config

Lucent Warrior · Sep 21, 2016

legitpc said:
My PC configuration focuses on cutting delays from real-time scanning and using a lot of common sense. Signature based scanning is used when common sense fails.

UAC is disabled as I am running an admin account, can recognize apps that require admin rights, and have a HIPS blocker that would function in redundancy to the UAC prompts.

You do realize UAC off means everything that touches/runs on that system has full admin rights correct? You do also realize that Smartscreen is a file reputation built in that is very good at what it does also, correct? I fully recommend enabling both.

legitpc · Sep 22, 2016

Lucent Warrior said:
You do realize UAC off means everything that touches/runs on that system has full admin rights correct? You do also realize that Smartscreen is a file reputation built in that is very good at what it does also, correct? I fully recommend enabling both.

I don't see the issue with apps that are on my system using admin rights. I put the apps there in the first place, even if UAC was enabled I would press yes to the prompt. Which brings me to the reality of the situation: everything will stay the same but I will have to go through a popup when I launch some apps.

Same thing for smartscreen and stuff like WOT, it is useful for people who do not have enough information to make their own conclusion. I know what I am downloading and running, the only risk I see is if a developer's site gets compromised and I download a hacked executable. It might still be signed though, so smartscreen wouldn't do anything in such a situation.

These are useful tools and I absolutely suggest that most people use them, but its like the Dynamic Stability Control on my car - I turn it off when I want to turn corners.

JM Safe · Sep 22, 2016

It is really important to enable UAC and SmartScreen, otherwise you can get infected more easily.

Add ZAM Free.

Thanks for sharing.

XIII · Sep 22, 2016

legitpc said:
I don't see the issue with apps that are on my system using admin rights. I put the apps there in the first place, even if UAC was enabled I would press yes to the prompt. Which brings me to the reality of the situation: everything will stay the same but I will have to go through a popup when I launch some apps.

Same thing for smartscreen and stuff like WOT, it is useful for people who do not have enough information to make their own conclusion. I know what I am downloading and running, the only risk I see is if a developer's site gets compromised and I download a hacked executable. It might still be signed though, so smartscreen wouldn't do anything in such a situation.

These are useful tools and I absolutely suggest that most people use them, but its like the Dynamic Stability Control on my car - I turn it off when I want to turn corners.

Let's use a recent example posted on MT. Say you download a fake Malwarebytes.exe by accident. Now let's say running that executable prompts you for UAC twice, once for the executable, and then once for Command Line.

If you have UAC enabled, you're fully aware that said executable is trying to access your Command Line when it has no reason to. If you have UAC disabled, it has already accessed your Command Line before you could even consider the idea. Yes, UAC popups can be tedious at times, but only the good kind of tedious.

Personally, I would spend the extra 1-2 seconds reading which core system components are attempting to be accessed, and decide with the click of "Yes" or "No".

askmark · Sep 22, 2016

legitpc said:
I know what I am downloading and running, the only risk I see is if a developer's site gets compromised and I download a hacked executable. It might still be signed though, so smartscreen wouldn't do anything in such a situation.

Smartscreen might not help you in, but if the hacked executable needed admin rights, there's a good chance UAC would.

Only the other day www.ammyy.com was hacked, which meant the download of their popular remote admin tool was packed with a ransomware infected exe. The only layer of protection you'd have against this kind of infection is Spyshelter - Me I'd rather have few more layers for peace of mind

legitpc · Sep 23, 2016

XIII said:
Let's use a recent example posted on MT. Say you download a fake Malwarebytes.exe by accident. Now let's say running that executable prompts you for UAC twice, once for the executable, and then once for Command Line.

If you have UAC enabled, you're fully aware that said executable is trying to access your Command Line when it has no reason to. If you have UAC disabled, it has already accessed your Command Line before you could even consider the idea. Yes, UAC popups can be tedious at times, but only the good kind of tedious.

Personally, I would spend the extra 1-2 seconds reading which core system components are attempting to be accessed, and decide with the click of "Yes" or "No".

Good example but for accuracy I would have a SpyShelter prompt for malwarebytes to access cmd. I would probably press yes as there's no indication that the executable is compromised so early in the malware's life cycle.

I wouldn't mind having UAC on for new applications, the issue is that it would keep popping up when I launch applications that I have used every day for years. I'm doing some research now on disabling UAC for specific applications, if there's a way to set it up so it isn't annoying I would use it.

Logethica · Sep 23, 2016

@legitpc
Perhaps this link will be of use to you
Lifehacker- How to eliminate UAC prompts for specific applications

Deleted member 178 · Sep 23, 2016

legitpc said:
UAC is disabled as I am running an admin account, can recognize apps that require admin rights, and have a HIPS blocker that would function in redundancy to the UAC prompts.

So i see you don't understand what is UAC purpose; it has nothing to do with an HIPS, an HIPS doesn't replace UAC , it complement it. UAC purpose is to block ANY elevation request , legit or not. Without UAC I cant tell you you won't recognize a malware getting higher rights. The malware won't say "hi i am doing an elevation ! block me ! "

You are using Spyshelter HIPS which doesn't protect you against Process Hollowing on x64 machines.(until officially denied, not yet the case)

Oh and you disabled Smartscreen too , nice job, you just discarded one of the most potent reputation-based security measure on Win8/10; because you can obviously with naked eyes tell the difference between a legit VLC.exe than another exploited VLC.exe which was uploaded and contains malicious code. (as @askmark mentioned earlier.)

So basically , a FUD ransomware you may legitimately download (no Smartscreen to verify) running on your system will have already the luxury on being on a admin account (half the job is done, thanks to you) , then will exploit a legit process and inject malicious code in it (which will bypass Spyshelter HIPS limitation on x64 systems), so then without UAC (thanks again to you) , will happily encrypt your system.

if you feel safe then, good for you

_CyberGhosT_ · Sep 23, 2016

If your adamant about not running UAC then at least DL VoodooShield free and run it as your surrogate UAC.

legitpc · Sep 24, 2016

Logethica said:
@legitpc
Perhaps this link will be of use to you
Lifehacker- How to eliminate UAC prompts for specific applications

Did you know that zelevator is no longer maintained and does not support win10? Neither does UAC Controller or Trust shortcut. As far as the service method goes, it won't work for applications launched from the start menu and it won't work for applications launched to open with admin rights, such as my archiver. Furthermore the task scheduler service doesn't work with some programs, such as my screen recorder, producing a 0x800702E4 error.

legitpc · Sep 24, 2016

Umbra said:
So i see you don't understand what is UAC purpose; it has nothing to do with an HIPS, an HIPS doesn't replace UAC , it complement it. UAC purpose is to block ANY elevation request , legit or not. Without UAC I cant tell you you won't recognize a malware getting higher rights. The malware won't say "hi i am doing an elevation ! block me ! "

I understand and have decided that the risk outweighs the trouble.

Umbra said:
Oh and you disabled Smartscreen too , nice job, you just discarded one of the most potent reputation-based security measure on Windows 8/10; because you can obviously with naked eyes tell the difference between a legit VLC.exe than another exploited VLC.exe which was uploaded and contains malicious code. (as @askmark mentioned earlier.)

I turned that on after reading into it, initially it was off for privacy reasons. There's no reason to be so negative about this whole thing we're not fighting this is for benefit not for insult.

Umbra said:
So basically , a FUD ransomware you may legitimately download (no Smartscreen to verify) running on your system will have already the luxury on being on a admin account (half the job is done, thanks to you) , then will exploit a legit process and inject malicious code in it (which will bypass Spyshelter HIPS limitation on x64 systems), so then without UAC (thanks again to you) , will happily encrypt your system.

if you feel safe then, good for you

That series of events is unlikely but even if it happened I can reimage my disk and restore data from cold storage in a few hours. I'm prepared for that and it is a fair trade in exchange for 6 years of not being annoyed by popups. Common sense is my primary defense, backup is my second, and SpyShelter is for privacy and application control.

Spyshelter HIPS limitation on x64 systems

Could you elaborate on this? I checked out Google and it seems that this has been fixed in 2015.

Evjl's Rain · Sep 24, 2016

I suggust you to apply this registry tweak. UAC will be on but it won't show any prompt
http://www.eightforums.com/attachme...nge-settings-windows-8-a-uac_never_notify.reg

Deleted member 178 · Sep 24, 2016

legitpc said:
Could you elaborate on this? I checked out Google and it seems that this has been fixed in 2015.

the limitation is against Process Hollowing, at the moment it seems they don't block it on x64 systems. I used "seems" because they have a shady behavior when talking about it. They dont officially confirm or deny the flaw. When one of our member asked about it , they rudely replied to him what is process hollowing and if he has an example of it... as if they dont know what it is...not saying another members send them malware samples so they can test against SpS...

So the way it can interpreted , there is a flaw but they can't fix it and won't admit it...

legitpc · Sep 24, 2016

Evjl's Rain said:
I suggust you to apply this registry tweak. UAC will be on but it won't show any prompt
http://www.eightforums.com/attachme...nge-settings-windows-8-a-uac_never_notify.reg

That's how my settings are already set. Maybe I'm being noob, I have UAC set to never notify and it seems now that that's not the same as having it entirely disabled as enablelua is set to "1".

legitpc · Sep 24, 2016

Umbra said:
the limitation is against Process Hollowing, at the moment it seems they don't block it on x64 systems. I used "seems" because they have a shady behavior when talking about it. They dont officially confirm or deny the flaw. When one of our member asked about it , they rudely replied to him what is process hollowing and if he has an example of it... as if they dont know what it is...not saying another members send them malware samples so they can test against SpS...

So the way it can interpreted , there is a flaw but they can't fix it and won't admit it...

Thanks for the info, I emailed them about it yesterday hopefully there will be some clarification later this week.

LukeNukesEm · Sep 28, 2016

I highly recommend enabling UAC and smartscreen. Also what firewall are you using?

ElectricSheep · Sep 28, 2016

As others have said, Enable the UAC. It might be a pain having to deal with the pop up but it's there for your own good

Imagine malwares as fat kids and with UAC disabled, you could be handing over the keys to the sweet shop to them - they'd ransack it literally!

Search

LegitPC Desktop Config

legitpc

Level 2

DJ Panda

Level 30

Exterminator

Community Manager

Lucent Warrior

legitpc

Level 2

JM Safe

Level 39

XIII

Level 5

askmark

Level 12

legitpc

Level 2

Logethica

Level 13

Deleted member 178

_CyberGhosT_

Level 53

legitpc

Level 2

legitpc

Level 2

Evjl's Rain

Level 47

Deleted member 178

legitpc

Level 2

legitpc

Level 2

LukeNukesEm

Level 5

ElectricSheep

Level 14

Similar threads