Logethica's Free Security Configuration

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
I did, that's why I said "It's overkill, you can remove half of what you have and still have good protection." because you are not a novice.
I agree with you :)
In theory I (and others) could just use Shadow Defender and employ no other security software at all.
I get pleasure from configuring a large amount of overlapping security software to work together without conflict or a negative impact on performance...I admit this may be an unusual thing to gain enjoyment from though:p
I find it interesting,and the experience also provides useful insights as to how software can conflict and how to overcome those conflicts.This information can then be of use to others.
I could choose to employ just one of Avast,MBAM,& Crystal Security for example but I find that they work together well without a negative impact,and each one has something that the other two do not.
Protection has not really been a concern of mine for a long time,as my system has never been infected..
my interest is purely in enjoying the experimentation process of configuring the software to work without conflicts, and trying to find the limit as to what my old 2GB machine can handle.
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
ADDED:
Sandboxie- Malwarebytes Anti-Exploit Template.

I had been debating whether or not to employ this template for some time.
I have read posts that are for and against its usage.
I finally decided to add the template just out of Interest,although I do not consider that using it weakens the sandbox significantly or adds necessary protection within it significantly either.

The Template and Instructions on how to use it are contained in the spoiler below,which I have also added to the existing settings spoilers on my security config.

★ Sandboxie: The Malwarebytes Anti-Exploit Template ▼
HOW TO EMPLOY THE MBAE TEMPLATE-
Go to Sandboxie control ➤Configure ➤ Edit configuration,

Copy and paste the MBAE template in the space below Global settings. After saving the file, close Sandboxie control. Open it again and Reload the configuration file in

Configure ➤ Reload configuration.

PLEASE NOTE-
If you aren't on XP feel free to delete: OpenIpcPath=$:mbae-svc.exe
If you aren't on a 32 bit system feel free to delete: InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
If you aren't on a 64 bit system feel free to delete both the following lines:
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll

Take notice of the last three lines which are set to the 'default' installation directory of MBAE, if it was customized at install, the path will need to be updated to reflect your real installation path.

The above information was sourced from
forums.sandboxie.com

COPY EVERYTHING BELOW (Including [Template_MBAE])
[Template_MBAE]

Tmpl.Title=Malwarebytes Anti-Exploit
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
OpenIpcPath=$:mbae-svc.exe
InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
UPDATED:
Sandboxie to 5.14
Voodoo Shield
to 3.42 (EDIT: 06.00am 30/09/2016 -Updated 3.42 to 3.43)
Glasswire to 1.2.74

UPGRADED:
Process Lasso Free to Pro (Free Lifetime License Promotion for v8.x)

ADDED:
Additional uBlock Origin Custom Filter Links to the existing settings spoilers on my security config.

Click On The "Spoiler" Below For Links To 48 Of My uBlock Origin Custom Filters
UPDATED ON 29/09/2016- New Links are in Green

Below are links to 48 uBlock Origin "Custom Filters" .
Please Note that adding numerous extra filters should be done with a degree of caution.
I suggest to add maybe 2 or 3 of those that interest you at a time and check for any issues such as "Browser Slow-Down", "Web-Page Breakage", "Specific Site-Access Denial"..etc.All of our surfing habits differ,so just add the filters that you consider beneficial to you.

To add these Filters to uBlock Origin-
Go to uBlock Origin's Settings --> 3rd-Party Filters --> Scroll down to the bottom of the page and "Paste" the URL of the desired filter into the box provided --> Then Click on the "Parse" button --> Then click the "Apply Changes" button that will appear on the right side of the screen.

The "Click Here" Buttons below will take you to each respective Filter-List page.
Some of the pages may take a few seconds to load due to their size.
This will allow you to "Copy & Paste" the URL into uBlock Origin should you wish to.
Many of the Filters below are available on Filterlists.com, which has many more lists including language/region specific.

Adguard Annoyances Filter‎ -Click Here
Adguard English Filter -Click Here
Adguard Mobile Ads Filter‎ -Click Here
Adguard Social Media Filter‎ -Click Here
Adguard Spyware Filter‎ -Click Here
Adversity -Click Here
Adversity: Extreme Measures -Click Here
BBcan177 -Click Here
Block all well known privacy trackers‎ -(gnuzilla) -Click Here
Block-EU-Cookie-#####-List‎ -Click Here
Dawsey21- Main Blacklist -Click Here
Desbma/referer-spam-domains/blacklist -Click Here
Fanboy's Anti-thirdparty Fonts‎ -Click Here
Fanboy's Cookiemonster List‎ -Click Here
Hexxium Creations Threat List -Click Here
hpHosts/Ads & Trackers -Click Here
hpHosts/emd -(Malware) -Click Here
hpHosts/exp -(Exploits) -Click Here
hpHosts/fsa -(Fraud) -Click Here
hpHosts/grm -(Spam) -Click Here
hpHosts/hjk -(Hijacking) -Click Here
hpHosts/hphosts-partial -(Added to hpHosts AFTER the last full release) -Click Here
hpHosts/mmt -(Misleading Marketing) -Click Here
hpHosts/pha -(Illegal Pharmacy Sites) -Click Here
hpHosts/psh -(Phishing) -Click Here
hpHosts/wrz -(Piracy) -Click Here
Hosts.herndl.org/hosts.txt‎ -(Adblocking) -Click Here
Hostsfile.org/Downloads/hosts -Click Here
I don't care about cookies‎ -(kiboke-studio) -Click Here
Jmdugan/blocklists/master/corporations/facebook -Click Here
Jmdugan/blocklists/master/corporations/microsoft -Click Here
Joewein -Click Here
Malekal.com/HOSTS_filtre/HOSTS -Click Here
Nabble/semalt-blocker/master/domains -Click Here
Openphish.com/feed -Click Here
Osint.bambenekconsulting.com/feeds/c2-dommasterlist -Click Here
Phishing.mailscanner.info/phishing.bad.sites (Phishtank) -Click Here
Piperun's iplogger filter‎ -Click Here
Quidsup/notrack/master/trackers -Click Here
Ransomwaretracker.abuse.ch/downloads/RW_DOMBL -Click Here
Ransomwaretracker.abuse.ch/downloads/RW_URLBL -Click Here
Rickrolldb.com/ricklist -Click Here
Security-research.dyndns.org/ponmocup-infected-domains Click Here-
StevenBlack/hosts/master/hosts‎ -Click Here
Threatcrowd.org/feeds/domains -Click Here
Vxvault.net//URL_List -Click Here
Youtube: Pure Video Experience‎ -Click Here
Zant95/hosts/master/hosts‎‎ -(Blocks Download Sites) -Click Here
 
Last edited:

King Alpha

Level 25
Verified
Top Poster
Content Creator
Well-known
Jun 21, 2013
1,492
★ Sandboxie: The Malwarebytes Anti-Exploit Template ▼
HOW TO EMPLOY THE MBAE TEMPLATE-
Go to Sandboxie control ➤Configure ➤ Edit configuration,

Copy and paste the MBAE template in the space below Global settings. After saving the file, close Sandboxie control. Open it again and Reload the configuration file in

Configure ➤ Reload configuration.

PLEASE NOTE-
If you aren't on XP feel free to delete: OpenIpcPath=$:mbae-svc.exe
If you aren't on a 32 bit system feel free to delete: InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
If you aren't on a 64 bit system feel free to delete both the following lines:
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll

Take notice of the last three lines which are set to the 'default' installation directory of MBAE, if it was customized at install, the path will need to be updated to reflect your real installation path.

The above information was sourced from
forums.sandboxie.com

COPY EVERYTHING BELOW (Including [Template_MBAE])
[Template_MBAE]

Tmpl.Title=Malwarebytes Anti-Exploit
Tmpl.Class=Security
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Malwarebytes Anti-Exploit
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Malwarebytes Anti-Exploit
OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*Process*API*
OpenIpcPath=*\BaseNamedObjects*\MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\Mutex*Process*API*
OpenIpcPath=*\RPC Control*\*MBAE_IPC_PROTECTION*
OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap*
OpenIpcPath=*\BaseNamedObjects*\mchMixCache*
OpenIpcPath=*\BaseNamedObjects*\Ipc2Cnt*
OpenIpcPath=*\BaseNamedObjects*\mchLLEW*
OpenIpcPath=$:mbae-svc.exe
InjectDll=C:\Program Files\Malwarebytes Anti-Exploit\mbae.dll
InjectDll=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll
InjectDll64=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll
Thanks for this my friend, @Logethica. ;)
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
Thanks for this my friend, @Logethica. ;)
My Pleasure,@King Mellow :)
Your security config is a piece of art, I'm definitely going to steal some stuff from it (especially some of your filters). :p
Thank you, @Cohen :)
Thanks for that! I've applied Ransomware lists :) I'm just curious, what's your uBlock RAM usage with these all filters? :D
What's the most accurate way for me to see the RAM specific to just uBlock during page rendering?
Storage wise,For the filters that I employ I am currently using 122,863,586 bytes through uBlock's "cloud storage" option.
Total Filter number is: 775,787 network filters + 104,732 cosmetic filters.
 

adnage19

Level 5
Verified
Well-known
Sep 22, 2016
211
My Pleasure,@King Mellow :)

Thank you, @Cohen :)

What's the most accurate way for me to see the RAM specific to just uBlock during page rendering?
Storage wise,For the filters that I employ I am currently using 122,863,586 bytes through uBlock's "cloud storage" option.
Total Filter number is: 775,787 network filters + 104,732 cosmetic filters.
You are using Chrome, right? So you can look at the task manager in Chrome tools under 3 dots menu :)
 

Rebsat

Level 6
Verified
Well-known
Apr 13, 2014
254
@Logethica Great config bro. Thank you for posting ;)

I just read cruelsister's no-popup setup of Comodo Firewall for those who may get nervous about answering security alerts.

https://malwaretips.com/threads/comodo-firewall-8-2-0-4508-setup-and-test-part-2.46159/

and based on ZoneAlarm PRO Firewall 2017 review on PCMAG site...
ZoneAlarm's Behavior-detecting OSFirewall flags good and bad programs alike when configured for maximum security

I wonder to know is there any setup or option for ZoneAlarm Firewall which will solve this issue or atleast decrease it like the solution has been made for Comodo Firewall?

I would greatly appreciate it if you could follow up this issue and find a solution since you have good experience in configuring ZoneAlarm Firewall :rolleyes::)
Thank you very much for your good assistance.


Full Review... ZoneAlarm PRO Firewall 2017
http://www.pcmag.com/article2/0,2817,2456292,00.asp
 
Last edited:

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
@Logethica Great config bro. Thank you for posting ;)

I just read cruelsister's no-popup setup of Comodo Firewall for those who may get nervous about answering security alerts.

https://malwaretips.com/threads/comodo-firewall-8-2-0-4508-setup-and-test-part-2.46159/

and based on ZoneAlarm PRO Firewall 2017 review on PCMAG site...
ZoneAlarm's Behavior-detecting OSFirewall flags good and bad programs alike when configured for maximum security

I wonder to know is there any setup or option for ZoneAlarm Firewall which will solve this issue or atleast decrease it like the solution has been made for Comodo Firewall?

I would greatly appreciate it if you could follow up this issue and find a solution since you have good experience in configuring ZoneAlarm Firewall :rolleyes::)
Thank you very much for your good assistance.


Full Review... ZoneAlarm PRO Firewall 2017
http://www.pcmag.com/article2/0,2817,2456292,00.asp
Hey @Rebsat :)
Yes,I will be happy to take a look.
I use the free version of ZoneAlarm Firewall which has considerably less granular control than the Pro version,so I don't know whether a guide to minimise pop-up notifications in Free would be fully applicable to the Pro version.
I am a lover of the notifications that ZoneAlarm gives,and have even configured it to give more:p..
(I have blocked all others on my network so that I get a pop-up notification as soon as a family member boots up their computer in another room,because I am nosey :D)
I will look through ZoneAlarm's settings and see if I can create a guide to minimising the notifications.
I will post my findings tomorrow :)
 

Rebsat

Level 6
Verified
Well-known
Apr 13, 2014
254
@Logethica
I am sorry bro for misunderstanding but the thing I want is... If we configured ZoneAlarm Firewall for maximum security then Behavior-detecting "OSFirewall" would flag good programs just like malicious and this would seem to be false positive based on the review by PCMag site.

My question is, Is there any option in your ZoneAlarm Free Firewall settings to fix this or atleast make less false positive? Have you tried this before?

Could you please try this in your settings if it's possible. Thank you very much bro,
Regards :)
 
Last edited:

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
@Logethica
I am sorry bro for misunderstanding but the thing I want is... If we configured ZoneAlarm for maximum security then ZoneAlarm's Behavior-detecting "OSFirewall" would flags good programs just like malicious and this seems to be false positive.

My question is, Is there any option in your ZoneAlarm Free Firewall settings to fix this or atleast make less false positive?

Thank you bro,
Regards :)
OK..sorry @Rebsat :)
Well ..It is finding a balance between your desired security level and the amount of alerts that you want to receive.
If you choose "maximum" protection then you will by default receive the most alerts.
The OS Firewall gives 4 categories
  • Change Internet Explorer Search Page (You may not need this one)
  • Install ActiveX (Best to keep,but alerts very rarely)
  • Change which progs load at startup (Only really gives alerts when a new prog or version is installed)
  • Change the hosts file (I can't remember seeing an alert for this)
I have all of these set to "ask" (Plus I have the Hosts file locked)..You could change any of these to "allow" or "use program setting" instead.
The level of the DefenseNet component of Application Control has a greater effect on how many alerts one receives.
I have this set to "Automatic" rather than "Manual" which means that it will "configure program access whenever advice is available"
 

Rebsat

Level 6
Verified
Well-known
Apr 13, 2014
254
@Logethica I don't know how to thank you bro, your knowledge is amazing and informative. Just keep up the good work :rolleyes:

Now, based on your great experience with ZoneAlarm Free Firewall it seems that you don't count the following as cons ;)
ZoneAlarm's Behavior-detecting OSFirewall flags good and bad programs alike when configured for maximum security

Correct me if I am wrong :D
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
@Logethica I don't know how to thank you bro, your knowledge is amazing and informative. Just keep up the good work :rolleyes:

Now, based on your great experience with ZoneAlarm Free Firewall it seems that you don't count the following as cons ;)
ZoneAlarm's Behavior-detecting OSFirewall flags good and bad programs alike when configured for maximum security

Correct me if I am wrong :D
You are correct,friend :)
I do not count it as a con....to me it is no different to UAC in that it "asks" permission before allowing certain programs or program characteristics to run.
I guess that on a novice users PC they might want most of the decisions made for them,but I think that depends on whether they may be panicked by having to give a "Yes" or "No" themselves when they may not know which they should choose.
I would go as far as to say that the alerts are a "pro" rather than a "con"...
I also get alerts from the HIPS components of Avast AV & SpyShelter too,and sometimes Crystal Security (If it does not recognise a file) and VoodooShield (As I selected to NOT allow by parent process)..
To me these are advantages as they give me full control over what is allowed to run :)
 

Logethica

Level 13
Thread author
Verified
Top Poster
Well-known
Jun 24, 2016
636
MINOR UPDATE:

UPDATED:
SecureMyBit to v.1.6
Voodoo Shield
to 3.45
Malwarebytes Anti-Exploit Free
to 1.09.1.1208 (Experimental Build) Available at Forums.Malwarebytes.org

ADDED:
uBlock Origin Filters-
Piwik/referer-spam-domains/blacklist -Click Here
Ligyxy Blocklist -Click Here
Gwillem Compromised Stores (14th Oct 2016) -Click Here
(The Gwillem list is a Blocklist related to this MT Thread - MalwareTips -There are 5,761 Online Stores Currently Infected With Card Data Stealing Malware)

[The Above 3 Filters have been added to the uBlock Origin Custom Filter Links Spoiler on my Original Config Post (Now 51 Filters with Links)]
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top