Locust's Setup (Novice seeking serious guidance for first time)

[Locust]

Miscellaneous notes:

Daily use on non-administrator account. Daily backups to OneDrive. Unconcerned with security issues related to physical access to computer itself, hence lack of Windows password. I would consider a password on user and/or admin account if it did defend against remote threats in some way. Only built in Windows tweak that I've done is setting HOSTS file to read only, don't know enough about SRP or anything to use any of Windows tools or settings to make my computer more secure.

Might get Winpatrol, seems fiddly and hard to configure with lots of prompts that I wouldn't understand. UAC is off for the same reason, I don't feel like I'm ever going to know when to disallow anything. WinPrivacy seems useless and annoying from my trial so far, I can't get it to play nicely with Private Internet Access' client on an automated basis. On the other hand, maybe it'll get better down the road and I'll sit on the license until then.

If it isn't obvious already, I'm not super technical. Only just barely technical enough to manage the above. Which is probably more than your average person plucked from the street, but regardless, if I need something explained to me like a complete novice, don't be surprised. There are a lot of guides out there and it's pretty overwhelming. I don't mind being pointed to them, but please be sure to name a specific part of a guide if you're going to link to a big one. A lot of good reading so far, but I'm at the point where it's time for some hands on guidance. Thanks!

 

[XhenEd]

One obvious recommendation: UAC must be On, at least to default.
You'll bolster your laptop system's protection if it is On.
Do not think that it is bothersome.

 

[DJ Panda]

Password and UAC also use on demand scanners like Malwarebytes Anti malware and Zemana Anti-Malware

 

[Deleted member 178]

Enable UAC and use a login password.

 

[Exterminator]

You definitely need to enable UAC. It is not bothersome when you consider the benefit of having it enabled.Especially for a novice user!
You should add a login password/PIN to your PC

 

[Deleted Member 333v73x]

Important:

1.) Enable UAC to at least default, if not always notify.
2.) Enable Login Password.

 

[Soulbound]

Im not sure if OP is a novice user, looking at his config choice. Considering SD is on, will UAC really be that relevant? Its a valid question.

 

[Deleted Member 333v73x]

Im not sure if OP is a novice user, looking at his config choice. Considering SD is on, will UAC really be that relevant? Its a valid question.

UAC is always relevant, even with HIPS and anti-exe programs, they are no replacement:
What is UAC?
Protecting System Files with UAC Virtualization

 

[Deleted member 178]

Im not sure if OP is a novice user, looking at his config choice. Considering SD is on, will UAC really be that relevant? Its a valid question.

If SD is set on boot , he won't even need 90% of his softs

 

[Soulbound]

UAC is always relevant, even with HIPS and anti-exe programs, they are no replacement:
What is UAC?
Protecting System Files with UAC Virtualization

I am aware what and how UAC operates, but if you look at his config, and also see Umbra comment, you understand why I asked such question

 

[Locust]

I knew they'd hog all the attention immediately, which is okay, I am genuinely interested in learning more about how to use UAC and user passwords effectively. But before further discussion on UAC and an account passwords continues I'm also very interested in learning about other things - assume for this purpose that I have just now turned UAC on the highest setting and am using both BitLocker and user account passwords with ludicrous password strength. I want to get the most out of what I already have before adding new things like WAR (which would be my only new purchase at this point), UAC, SRP, passwords/Hello, etc.

 

[jamescv7]

Everything seems good except on those built in features on the OS to be turned out.

Well Comodo Internet Security is very powerful in the sense you need a patience for regular maintenance so no need to WinPatrol on that case.

On demand scanners are fine enough to your system like Zemana AM/Hitman Pro or MBAM; so that you can have a periodic checkup to your system.

 

[Deleted member 178]

With CIS, WAR isn't very necessary.

 

[Deleted Member 333v73x]

WAR will not be that important - MBAE AND MBAM will block exploits, CIS will (hopefully) block the dropped file(s) with MBAM, UAC (if you enable it) and SmartScreen may get involved and if all else fails you have Shadow Defender. If you are that worried then use Crypto Prevent, It is free and doesn't run in real-time:
Written Review - Crypto Prevent Review - UPDATED
Official website/download link:
CryptoPrevent Malware Prevention

 

[Soulbound]

WAR will not be that important - MBAE AND MBAM will block exploits, CIS will (hopefully) block the dropped file(s) with MBAM, UAC (if you enable it) and SmartScreen may get involved and if all else fails you have Shadow Defender. If you are that worried then use Crypto Prevent, It is free and doesn't run in real-time:
Written Review - Crypto Prevent Review - UPDATED
Official website/download link:
CryptoPrevent Malware Prevention

CryptoPrevent takes the Group Policy approach. It is better if OP learns how to apply Group Policies manually since he is using the PRO edition of Windows.
Tho the CryptoPrevent is not the "Be all, End all" option by any stretch.

 

[Locust]

Thanks for the good stuff so far, hope you all are enjoying your weekend.

My wife really likes some of the miscellaneous functions of WinPatrol, and has sold me on some of them too, so even though we could get by with the free version, I'm happy to support the devs and just buy it and WAR due to the generous licensing. Will probably get WinPrivacy with it, just to squat on the license in case it ever improves, I actually got fed up and uninstalled the trial. For instance, I decided to move to Office 2016 today, and during the installation process the prompts from WinPrivacy caused the installation to fail multiple times. Each time I tried reinstalling it, the process would get a little further until I finally had allowed enough things through WinPrivacy that it finally finished. So much for their "smart recognition," MS Office isn't exactly software from off the beaten path.

Regarding UAC, I'm certainly willing to turn it on, it's not particularly onerous, but before I do, I want to learn how to use it. Right now I don't feel like there's a situation where I'd know to disallow anything. Suppose 7zip or some other program that I happen to be downloading and installing happens to have been compromised in some way, and I am in fact about to open ransomware or whatever. I'm already expecting to click through a UAC prompt at this point, so it's seeming to not provide any safeguard. What's a situation where UAC is actually going to alert me to suspicious activity?

CryptoPrevent doesn't look like it'd be much use to me now that I'm throwing WAR into the mix for sure. Comodo already blocks things in whatever it considers suspicious locations, and if I could figure out how to set some broad group policies that's probably enough. I could afford it pretty easily, but any amount of money for something that superfluous seems wasteful in what already seems to be an overkill setup from comments to far. That said, I am interested in specific feedback in whether my idea of excluding C:/SafeZone from ShadowDefender is good based on my idea of making that folder my WAR safezone.

 

[Deleted member 178]

Regarding UAC, I'm certainly willing to turn it on, it's not particularly onerous, but before I do, I want to learn how to use it. Right now I don't feel like there's a situation where I'd know to disallow anything.

If you see an UAC prompt poping-up out of the blue , without you doing anything at that moment , you can be sure it is suspicious, so blocking the process is mandatory.

That said, I am interested in specific feedback in whether my idea of excluding C:/SafeZone from ShadowDefender is good based on my idea of making that folder my WAR safezone.

i won't exclude anything with SD , better save your work in the cloud before leaving Shadow Mode.

 

[Deleted Member 333v73x]

Crypto Prevent would work with other security programs.

 

[Soulbound]

I doubt cryptoprevent policies will have issues with WAR and WinPatrol.

I recently got my wp dust off and placed on shared system. Handy tool. As far as WAR goes despite my recent infection, after troubleshooting further it was war services not fully loaded when I performed the test. I would go with WAR over the betabuild of malwarebytes anti ransom due to a) being beta and b) WAR having more options for configuration.

 

[Locust]

So I've added UAC and a PIN and am now browsing on a standard user account. However, now Private Internet Access won't run at startup, and I need to enter my administrator pin every time I run it. Is there an easy way to get it to run at startup without all the fuss? Or at least, is there a way to use firewall rules or somesuch to prevent my computer from connecting to anywhere besides PIA's servers?