Logethica's Free Security Configuration

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Logethica's Free Security Configuration;

SECURITY SOFTWARE SETTINGS-

★ ZoneAlarm Free Firewall ▼

Basic Firewall Settings-
Public Zone Security = High
Trusted Zone Security = High


◾
Advanced Settings-
GENERAL

Block All Fragments
Enable ARP Protection
Lock Hosts File


NETWORK

Ask Which Zone to Place New Networks in Upon Detection
IPv6 Networking


ZONES BLOCKED

URL: bing.com
+ Custom blocking of all others on the same network.


Application Control-
◾ SETTINGS

Network Firewall = Max
DefenseNet = Auto


◾ OS FIREWALL SETTINGS

Change Internet Explorer Search Page = Ask
Install ActiveX = Ask
Change Which Programs Load at StartUp = Ask
Change the Hosts File = Ask
◾ List Of Microsoft Services (& Other) "Killed" through ZoneAlarm Application Control
UPDATED ON 30/10/2016 ▼

  • Data Exchange Host
  • Data Sharing Maintenance Driver
  • Device Census
  • Disk Defragmenter Module
  • Disk Space CleanUp Manager for Windows
  • IE Per-User Initialization Utility
  • Microsoft Compatibility Telemetry
  • Microsoft Feedback SIUF Deployment Manager Client
  • Microsoft OneDrive
  • Microsoft Sync Center
  • Search and Cortana Application
  • Windows Modules Installer
  • Windows Modules Installer Worker
  • Windows Update
ALSO BLOCKED:
  • Google Analytics Sender
  • Avast Offer Installation Tool
IPs & HOSTS BLOCKED:
  • 64.4.54.253 (Microsoft Feedback SIUF Deployment Manager Client
  • Bing.com (I recommend blocking this if you do not use Bing,as it tries to send data back to M$ frequently...O&O ShutUp10 does not block this so t has to be done manually)
  • co4.telecommand.telemetry.microsoft.com.akadns.net. (same as above)
★ VoodooShield Pro BETA ▼
I have chosen to not list every setting,only those that I think may be of Interest-

Whitelisting Mode: Always ON

Basic Settings-

Deny by Default
Temporarily Allow by Publisher / Digital Signature Until Reactivation
VoodooAi Sensitivity = 120%

Advanced Settings-
Automatically Deactivate
Automatically Allow by Parent Process
Automatically Quarantine Files with "3" or more Positive Detections
★ SpyShelter Premium ▼
I have chosen to not list every setting,only those that I think may be of Interest-

◾ Keystroke Encryption-
ADVANCED
Hooks Guard: Better Compatibility Mode

◾ Settings-
GENERAL
Launch the Program from the Service (Early Start)


SECURITY
Certified Applications =
Auto allow -High Security Level
Auto-block Suspicious Behaviour
Decrease Self-defense to Improve Compatibility with Third-Party Software

ADVANCED
Terminating of Process:
Terminating Child Process
Terminate All Instances
Block Registering of Non Exist Driver
★ Avast! Free Antivirus ▼
I have chosen to not list every setting,only those that I think may be of Interest-

I have only Installed the "File System Shield" & "Home Network Security" Components:

Settings-

GENERAL
Enable CyberCapture;
◾Always Block Suspicious Files
Enable Hardened Mode;
◾Aggressive
Scan for PUPs

Components-
FILE SYSTEM SHIELD

Sensitivity;
Heuristics = High
Scan for PUPs
HIPS = Maximum Sensitivity


ADVANCED SETTINGS
Automatically Quarantine Detected Items
Enable Self-Protection Module
Enable Early Start
Reduce Priority of Scans to Improve Multitasking
★ Crystal Security▼
I have chosen to not list every setting,only those that I think may be of Interest-

GENERAL
Auto Decision
Self-Protection

PROTECTION
Upload Unknown Files
Trust Applications With Digital Signature
★ Sandboxie: The Malwarebytes Anti-Exploit Template ▼
HOW TO EMPLOY THE MBAE TEMPLATE-
Go to Sandboxie control ➤Configure ➤ Edit configuration,

Copy and paste the MBAE template in the space below Global settings. After saving the file, close Sandboxie control. Open it again and Reload the configuration file in

Configure ➤ Reload configuration.

PLEASE NOTE-
If you aren't on XP feel free to delete: OpenIpcPath=$:mbae-svc.exe
If you aren't on a 32 bit system feel free to delete: InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
If you aren't on a 64 bit system feel free to delete both the following lines:
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll

Take notice of the last three lines which are set to the 'default' installation directory of MBAE, if it was customized at install, the path will need to be updated to reflect your real installation path.

The above information was sourced from
forums.sandboxie.com

COPY EVERYTHING BELOW (Including [Template_MBAE])
[Template_MBAE]

Tmpl.Title=Malwarebytes Anti-Exploit
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
OpenIpcPath=$:mbae-svc.exe
InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll

uBLOCK ORIGIN CUSTOM FILTERS: (UPDATED ON 13 Nov 2016);
Click On The "Spoiler" Below For Links To 58 Of My uBlock Origin Custom Filters

UPDATED ON 13/11/2016- New Links are in Green

Below are links to 58 uBlock Origin "Custom Filters" .
Please Note that adding numerous extra filters should be done with a degree of caution.
I suggest to add maybe 2 or 3 of those that interest you at a time and check for any issues such as "Browser Slow-Down", "Web-Page Breakage", "Specific Site-Access Denial"..etc.All of our surfing habits differ,so just add the filters that you consider beneficial to you.

To add these Filters to uBlock Origin-
Go to uBlock Origin's Settings --> 3rd-Party Filters --> Scroll down to the bottom of the page and "Paste" the URL of the desired filter into the box provided --> Then Click on the "Parse" button --> Then click the "Apply Changes" button that will appear on the right side of the screen.

The "Click Here" Buttons below will take you to each respective Filter-List page.
Some of the pages may take a few seconds to load due to their size.
This will allow you to "Copy & Paste" the URL into uBlock Origin should you wish to.
Many of the Filters below are available on Filterlists.com, which has many more lists including language/region specific.

(PLEASE NOTE: Not all of these lists are updated "Automatically" through uBlock,so it is best to periodically empty the Cache and update manually)

Adguard Annoyances Filter‎ -Click Here
Adguard English Filter -Click Here
Adguard Mobile Ads Filter‎ -Click Here
Adguard Social Media Filter‎ -Click Here
Adguard Spyware Filter‎ -Click Here
Adversity -Click Here
Adversity: Extreme Measures -Click Here
AndlsH Blocklist -Click Here
BBcan177 -Click Here
Block-EU-Cookie-#####-List‎ -Click Here
Btgregory: Gnuzilla Blacklist (Working Mirror Of "Block all Well known Privacy Trackers",which is Offline) -Click Here
Btgregory: uBlock Supplementary Blocklist -Click Here
Byaka: uBlock Antiskimming List -Click Here (Details at -Github.com )
Dawsey21- Main Blacklist -Click Here
Desbma/referer-spam-domains/blacklist - (Fork of Piwik referer spam) -Click Here
Fanboy's Anti-thirdparty Fonts‎ -Click Here
Fanboy's Cookiemonster List‎ -Click Here
Genediazjr Nopelist -Click Here
Hexxium Creations Threat List -Click Here
hpHosts/Ads & Trackers -Click Here
hpHosts/emd -(Malware) -Click Here
hpHosts/exp -(Exploits) -Click Here
hpHosts/fsa -(Fraud) -Click Here
hpHosts/grm -(Spam) -Click Here
hpHosts/hjk -(Hijacking) -Click Here
hpHosts/hphosts-partial -(Added to hpHosts AFTER the last full release) -Click Here
hpHosts/mmt -(Misleading Marketing) -Click Here
hpHosts/pha -(Illegal Pharmacy Sites) -Click Here
hpHosts/psh -(Phishing) -Click Here
hpHosts/wrz -(Piracy) -Click Here
Hosts.herndl.org/hosts.txt‎ -(Adblocking) -Click Here
Hostsfile.org/Downloads/hosts -(Securemecca) -Click Here
I don't care about cookies‎ -(kiboke-studio) -Click Here
Jmdugan/blocklists/master/corporations/facebook -Click Here
Jmdugan/blocklists/master/corporations/microsoft -Click Here
Joewein - (Spam) -Click Here
Kurobeats: Phishing Hosts -Click Here (Details at Github.com)
Ligyxy Blocklist -Click Here
Malekal.com/HOSTS_filtre/HOSTS -Click Here
MOxFIVE Personal Blocklist -Click Here
Nabble/semalt-blocker/master/domains -Click Here
Openphish.com/feed -Click Here
Osint.bambenekconsulting.com/feeds/c2-dommasterlist -Click Here
Phishing.mailscanner.info/phishing.bad.sites (Phishtank) -Click Here
Piperun's iplogger filter‎ -Click Here
Piwik/referer-spam-domains/blacklist -Click Here
Quidsup/notrack/master/trackers -Click Here
Ransomwaretracker.abuse.ch/downloads/RW_DOMBL -Click Here
Ransomwaretracker.abuse.ch/downloads/RW_URLBL -Click Here
Rickrolldb.com/ricklist -Click Here
Security-research.dyndns.org/ponmocup-infected-domains Click Here-
StevenBlack/hosts/master/hosts‎ -Click Here
Threatcrowd.org/feeds/domains -Click Here
Toshiya44: "Almost Stable" Filters -Click Here
Vxvault.net//URL_List -Click Here
Youtube: Pure Video Experience‎ -Click Here
Zant95/hosts/master/hosts‎‎ -(Blocks Download Sites) -Click Here
ZPacman: Blockzilla (Blocks Ads & Trackers) -Click Here (Details @ ZPacman.Github.io/Blockzilla)

My Security Configuration could be considered to be quite "Heavy" :D...
...But I do not suffer any problems with this despite having a machine with just 2GB RAM.
This is because I have removed all M$ "Bloatware" & killed numerous Unneeded M$ Services.

Some MT members get pleasure from Testing AVs / Analyzing Malware / Refreshing their Security Software....
I get pleasure from building a Configuration and making each product work alongside others without either conflict,or a negative effect on system performance.:)
 
Last edited:
A

Alkajak

I recommend you re-enable Smartscreen. Malwarebytes Anti-Ransomware is pretty lackluster for what it is designed to do, you can most likely get rid of it. You can also opt to remove SAS in favour of your already installed on-demand scanners. You could also keep just one AV, I recommend Avast of the two.
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
I recommend you re-enable Smartscreen. Malwarebytes Anti-Ransomware is pretty lackluster for what it is designed to do, you can most likely get rid of it. You can also opt to remove SAS in favour of your already installed on-demand scanners. You could also keep just one AV, I recommend Avast of the two.

Hey Modal Soul :) Good to meet you.
I only have ONE Antivirus (Avast)....Crystal Security is a Cloud-Based Anti Malware Prog.
I don't have Malwarebytes Anti-Ransomware installed,although I do have "Anti-Rootkit" as an on-demand scanner.
Do you think that I need Smartscreen enabled with my current config?

Nice Security Config, thanks for sharing it :)

Thanks,DardiM :) Good to meet you.
 
Last edited by a moderator:
A

Alkajak

Hey Modal Soul :) Good to meet you.
I only have ONE Antivirus (Avast)....Crystal Security is a Cloud-Based Anti Malware Prog.
I don't have Malwarebytes Anti-Ransomware installed,although I do have "Anti-Rootkit" as an on-demand scanner.
Do you think that I need Smartscreen enabled with my current config?

Wow, I really can't read today. My mistake(s). I meant to say Avast firewall alone is sufficient enough without ZA. Anti-Rootkit BETA (not sure why this is still an active product for Malwarebytes) is not really needed as "Scan for rootkits" is an option in MBAM settings, and it is actually stable instead of BETA.
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Crystal Security as real time and on demand? Please edit.I would use this as on demand only as Avast,ZA are enough
I would also remove Spyware Blaster & SAS.
Consider enabling smartscreen.
Thanks for sharing your config :)

Hey exterminator20 :) Good to meet you.
I agree with you that CS is "not needed", but i like it:D,It is probably overkill,I agree.
I will edit my config to remove it from on demand.I do respect & fully understand your opinion though.
I will very much consider removing SpywareBlaster...
SAS has become like an old friend though;)
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Wow, I really can't read today. My mistake(s). I meant to say Avast firewall alone is sufficient enough without ZA. Anti-Rootkit BETA (not sure why this is still an active product for Malwarebytes) is not really needed as "Scan for rootkits" is an option in MBAM settings, and it is actually stable instead of BETA.

I have ZoneAlarm Firewall (Minus the Antivirus)
& Avast Antivirus (Minus the Firewall) ;)
It was my understanding that Anti-Rootkit was a "deeper" Rootkit checking scanner than the Rootkit scan incorporated into MB's Anti-Malware scanner...perhaps I am wrong:confused:
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Welcome to MT :) @Logethica

Let me recommend you: Zemana AntiMalware Free If you want you can use it as on-demand scanner.
Hey Silversurfer:) Good to Meet You
I used to Run Zemana Free,but I didn't like it...
[The Following is a combination of personal opinion & guesswork,and is not representative of either Zemana or their Software.]

When I installed it I was given a trial of Zemana Pro that I don't remember being able to opt out of...(Unlike MAE)
After Installation I turned off it's real-time protection because I wanted it only as an on-demand scanner...
Despite my turning off its real-time protection I noticed that It appeared to be constantly making outbound connections..
I don't know whether this was for real-time updates (Not needed with an on-demand scanner),or whether other data was being piped from my machine,but either way I was unhappy with this happening and so uninstalled it.
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Remove everything but Avast, Zemana, and the Malwarebytes Products. Enable Smartscreen. Updates are also very inportant and leave your system open to attacks if not updated.
Hey J Gamez065:) Good to meet you
Your Opinion has been noted,and will be considered...:)
I only delay updates temporarily (to monitor possible issues with them).Once I am happy that problems don't exist then the updates are allowed through.I realise that hypothetically I am briefly leaving a possible window of attack open but I do not personally consider that this elevates my likelihood of being attacked enough to be an issue.Especially as the form of attack would need to be specifically related to flaws associated with the update/patch that I am temporarily denying installation of....
Maybe those Companies whose Group Policy was mashed up due to automatic updates would have benefited from the introduction of a brief delay system;)
I feel that my actions only put me at increased risk should an attacker decide to both attack those specific unpatched weaknesses within approx 72 hours of the patch being rolled out,and choose to attack ME personally using those means,and In my view if a skilled attacker wants to hack me personally then I am in danger regardless of those updates/patches...
If the Pentagon can get hacked then my Security Config constructed using Free software could be breached blindfolded.
IMO my security config is pretty strong compared with an average user (many of whom pay for software),plus I have no files to steal/encrypt,and if worst comes to worst I will Reset/Wipe the Machine and enjoy the few hours it takes to rebuild my software config.:)
 

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
474
Nice config, base on your set-up IMO you should removed some.

Retain:
ZoneAlarm Free Firewall:
(Maximum Settings/Block all fragments/ARP Protection Enabled/ Hosts File Locked/ IPv6 Disabled/ Custom Blocking of others on Network)
VoodooShield Pro (Always On)
Sandboxie Free (Always used when browsing)

This are only my suggestion, it consumes less resources, and will be effective for static system. If you do test other software's then a Light virtualization(Shadow Defender) or VM is required.
  • Crystal Security(on-demand only)
  • SpyShelter Free Anti-Keylogger(personal preference);
  • Malwarebytes Anti-Exploit Free(not needed as you browse w/ SANDBOXIE and have VS)
  • SpywareBlaster(not needed)
  • Avast Free Antivirus(not needed w/ Voodooshield)

Replace MBAR with Zemana Anti-Malware.


Thanks for sharing!:cool:
 

Duotone

Level 10
Verified
Well-known
Mar 17, 2016
474
Would be redundant with Avast(Hardened>Aggressive) he did mention Voodooshield(Always on). If it would satisfy Avast users then I'll change my stance to "Optional".
After a simple blocking test: 1) Appguard, 2) VoodooShield, 3)AVAST

Appguard has a delay in blocking with .msi as it prompts user to install software Voodooshield won that.
VS vs AVAST against 7 activators(VS); 11 well known software(VS)...and what did AVAST blocked my APPGUARD and REHIPS installer

As an anti-exe... would choose VS rather than AVAST
 
Last edited:

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Nice config, base on your set-up IMO you should removed some.

Retain:
ZoneAlarm Free Firewall:
(Maximum Settings/Block all fragments/ARP Protection Enabled/ Hosts File Locked/ IPv6 Disabled/ Custom Blocking of others on Network)
VoodooShield Pro (Always On)
Sandboxie Free (Always used when browsing)

This are only my suggestion, it consumes less resources, and will be effective for static system. If you do test other software's then a Light virtualization(Shadow Defender) or VM is required.
  • Crystal Security(on-demand only)
  • SpyShelter Free Anti-Keylogger(personal preference);
  • Malwarebytes Anti-Exploit Free(not needed as you browse w/ SANDBOXIE and have VS)
  • SpywareBlaster(not needed)
  • Avast Free Antivirus(not needed w/ Voodooshield)

Replace MBAR with Zemana Anti-Malware.


Thanks for sharing!:cool:
Hey Duotone:) Good to Meet You
Thank you for your suggestions....
Regarding Crystal Security; I agree that I could easily switch this from real-time to on-demand but I really like it,and I enjoy seeing at the click of a button what has been allowed to be installed (Microsoft wise).I am impressed both with Crystal Security,and with its sole developer,Kardo.
Regarding Spyshelter Free; I like this free soft,its like having an additional HIPS prog installed.I especially like the fact that it starts from service.It is one of the first (If not actually the first) prog to start on a reboot.This makes me feel (I admit possibly unjustifiably so) that I have extra protection in that very brief time-frame between initiating a reboot and the auto-activation of my other security softs.
Regarding MAE; I agree with you....but despite my saying that I ALWAYS use sandboxie,once every couple of days I run Chrome naked for an hour in order to update and add to my uBlock Origin bank.I have not configured Sandboxie to allow my updating of uBlock (or anything else) to remain saved,so every few days I run chrome briefly unsandboxed in order to do so.
In that brief window I like that despite my not being sandboxed I have MAE active.You also have a point by saying that MAE is not needed due to my having VS.I agree....but I feel no slowdown or incompatibility,and I like the fact that If one soft malfunctions there is another to take its place.
Regarding SpywareBlaster; Yes,I probably will remove this...I have no IE or Firefox,and Chrome is protected by uBlock Origin,so I guess this is completely unneeded now.
Regarding Avast; Despite the fact that I am of the opinion that a good Anti-Exe is probably the most important soft on a machine,I do like Avast,and I am interested in following the progress of "CyberCapture".
Regarding Zemana; I tried it,but am not a fan (See Post #11 above).

Thanks again for your post:)
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
A VERY SHORT PERSONAL HISTORY OF CONSOLES,COMPUTERS,& SECURITY SOFTWARE:

Being 40+ years old,my personal journey regarding the above probably differs dramatically from someone half my age or less.

My first "Computer" was a Spectrum 128k +2a.At the time C64 and Amstrad were its Competition.C64 was full colour,and because Spectrum's were not most users used a Black & White Monitor.
I do not recall using ANY Security Software at the time.
The years that followed saw my ditching a Computer in favour of a Games Console..
First a SEGA Master System,then a Nintendo ES,then a SEGA Megadrive .The Super-Nintendo was superior to the Megadrive (60,000+ Colours in comparison to 500+),but I liked the Megadrive....Then a Playstation and PS2.
It was only about 5 years ago when I regained access to a Computer.It was going to be ditched by a student of mine due to it being slow and running XP,and I was asked if I wanted it.An offer which I could not refuse.
I began "messing around with it"...Stripping it of unneeded Software,and sadly on occasion needed Registry items and Drivers until eventually It ran like clockwork.I was happy with my security config,which consisted of AVG Free Antivirus,Online Armor,and Spybot..
Since that time I have gained access to a free ASUS laptop that was again going to be ditched due to running slow,and running Vista.This is still the machine I use today,and thanks to a family member working in IT I have had Windows 10 on it for about 4 Months.
After installation of W10 the laptop was constantly as hot as an Iron,as slow as a snail,and as loud as a hairdryer.After removing all the MS "Rubbish",Reducing the amount of inbound/outbound connections,and adding uBlock to Chrome I have found this old ASUS Laptop to be very speedy indeed.
I have experimented with only a handful of security softs....and although I guess that I have been lucky I can state that..
1.I have never paid for (or stolen) any Computer or Security Software.
2.I have never (knowingly) had my Security Software breached.(yet);)
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
Hey Duotone:) Good to Meet You
Thank you for your suggestions....
Regarding Crystal Security [...] I really like it,and I enjoy seeing at the click of a button what has been allowed to be installed (Microsoft wise).I am impressed both with Crystal Security, and with its sole developer, Kardo.
...
I totally agree
 

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
Very thorough and secure config.
Excellent choice for security software, and it is well-configured.

The backup images are indeed unnecessary if you only need to backup individual files - as in your case - which can be achieved by simple copying & pasting on external/portable storage media.

You're good to go, as far as I am concerned. :D

Thanks for sharing your config with us! :p
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top