Advanced Plus Security Minimalist's Security Config 2022

[Minimalist]

This is my setup that I've been using for some time now. Occasionally I replace ESET Internet Security with Emsisoft Anti-Malware.
I don't plan to change anything soon except if this setup causes me some problems.

 

[toto_10]

Simpel and straight forward configuration

I'm planning on giving Mullvad a shot.

 

[Dave Russo]

Have you ever had to use your Macrium reflect to restore?

 

[Minimalist]

Have you ever had to use your Macrium reflect to restore?

Yes, on two occasions.
Once it was Windows update that caused some problems. I didn't want to use workarounds so I just restored an image taken before update and waited till MS fixed a problem.
Second time it was faulting SSD. One morning it was not recognised by my motherboard any more. I replaced it with my spare SSD and restored system from last system image. Whole procedure took less than 15 minutes. Without backup image I would have to reinstall my system and apps which would probably take me a day or a two of work.
So for me system and data backup is #1 when it comes to security.

 

[Minimalist]

Today I've reinstalled and reconfigured ESET Internet Security. Here is a list of changes I've made to default configuration.

Real-time and machine learning protection: Malware and Suspicious Application Reporting set to Aggressive.
Exclusions: detection exclusion for uTorrent was set during initial scan.
Real-time file system protection: I set up process exclusion for Macrium Reflect's binary.
Cleaning level was set to Always ask user.
Cloud based protection: I disabled Submit crash reports and diagnostics data and Submit anonymous statistics options.
Automatic submission of suspicious samples: I disabled Archives and Possible spam emails from being submitted.
HIPS was set to Smart mode. I also added rules from here. I set those rules to Ask instead of Block.
Firewall: I added rules from here. I set those rules to Ask instead of Block.
Protocol filtering: I excluded my VPN client application from protocol content filtering.
Email client protection: I disabled antispam.
Banking and payment protection: I disabled protected website redirection option.

 

[CyberTech]

Today I've reinstalled and reconfigured ESET Internet Security. Here is a list of changes I've made to default configuration.

Are you using uTorrent? its really bad

 

[Minimalist]

Are you using uTorrent? its really bad

Yes, I use uTorrent. It's great for me. I've been using it for more than 10 years with no problems. I also tried other clients but I like uTorrent the best.

 

[CyberTech]

Yes, I use uTorrent. It's great for me. I've been using it for more than 10 years with no problems. I also tried other clients but I like uTorrent the best.

It was the best so now not anymore due to malware, ads, etc. uTorrents users moved to the best client atm like qBittorrent, Tixati, etc

 

[Minimalist]

It was the best so now not anymore due to malware, ads, etc. uTorrents users moved to the best client atm like qBittorrent, Tixati, etc

I tried the others but still like uTorrent the best. Did not encounter any malware or ads so far (using latest version) so I don't have any reason for not using it.

 

[Kongo]

I tried the others but still like uTorrent the best. Did not encounter any malware or ads so far (using latest version) so I don't have any reason for not using it.

Have to agree with @CyberTech on this one. uTorrents reputation has suffered a lot in the last few years.
But thats understandable after incident like this: uTorrent's latest update installs a cryptocurrency miner

But as long as you are not facing any problems, why not continue using it

 

[Minimalist]

Have to agree with @CyberTech on this one. uTorrents reputation has suffered a lot in the last few years.
But thats understandable after incident like this: uTorrent's latest update installs a cryptocurrency miner

But as long as you are not facing any problems, why not continue using it

Yes I don't like moves like that from companies (heard about Norton doing something similar).
If I didn't like their client so much, I would probably replace it.

 

[SpiderWeb]

Today I've reinstalled and reconfigured ESET Internet Security. Here is a list of changes I've made to default configuration.

I wish your excellent config was the default. Then ESET wouldn't need all the buttons and toggles. It's ridiculous that people have to dig through all of their menus.

 

[Minimalist]

I wish your excellent config was the default. Then ESET wouldn't need all the buttons and toggles. It's ridiculous that people have to dig through all of their menus.

Yes, they offer a lot of settings that you can configure. It would be nice if we could enable all those HIPS and firewall rules just by one click instead of adding them manually. Something like enhanced ransomware protection or something similar. It could also be set off by default if they worry about FPs.

 

[Minimalist]

I finally decided to add online backup to my backup routine. I decided to go with IceDrive as it has exactly what I need. I like it so far.

 

[Minimalist]

I replaced ESET with Bitdefender to give it a try. So far so good.

 

[SpiderWeb]

I finally decided to add online backup to my backup routine. I decided to go with IceDrive as it has exactly what I need. I like it so far.

Excellent decision.

 

[Minimalist]

I tested Bitdefender for a day. It was OK, no noticeable system impact even though memory consumption is a little higher than with other solutions. There were few problems so I decided to go back to Eset.

Problems I experienced:
1. notification about expired certificate. It reappeared many times when browsing specific website (it was not that particular site but 3rd party site from where it downloaded some resources). Only way to remove notification was AFAIK to whitelist that site but that's not what I wanted to do.
2. full system scan. Macrium Reflect Image Guardian blocked 700+ attempts to modify backup files by BD service executable. IDK why it tried to modify those files. Looking for ADS on other files that were scanned didn't reveal anything.
3. full system scan. BD detected "malware" in one of the manifest files in c:\windows\servicing\lcu. It removed it with no problems but when I tried to restore it (since it's FP) it didn't have enough rights to restore the file. So I had to restore last system image.
4. full system scan. It detected compressed installers for uTorrent. When restoring them it did not restore them as compressed but instead it created a folder named utorrent.zip and restored them there uncompressed.
5. after uninstall I had to manually remove leftovers in c:\programdata (BIN files) and [ALL PARTITIONS]:\system volume information (SDB files).

IMO it's good AV but I prefer to use ESET as it's more trouble free and less aggressive. Though if I were practising "dangerous computing" I would probably feel safer with BD.



EDIT: after some thought I decided to give BD another try. Using it for a day may not show all the picture. I added folder with installers and folders for backup files to exceptions and run custom scan instead of built-in system scan.

 

[blackice]

I tested Bitdefender for a day. It was OK, no noticeable system impact even though memory consumption is a little higher than with other solutions. There were few problems so I decided to go back to Eset.

Problems I experienced:
1. notification about expired certificate. It reappeared many times when browsing specific website (it was not that particular site but 3rd party site from where it downloaded some resources). Only way to remove notification was AFAIK to whitelist that site but that's not what I wanted to do.
2. full system scan. Macrium Reflect Image Guardian blocked 700+ attempts to modify backup files by BD service executable. IDK why it tried to modify those files. Looking for ADS on other files that were scanned didn't reveal anything.
3. full system scan. BD detected "malware" in one of the manifest files in c:\windows\servicing\lcu. It removed it with no problems but when I tried to restore it (since it's FP) it didn't have enough rights to restore the file. So I had to restore last system image.
4. full system scan. It detected compressed installers for uTorrent. When restoring them it did not restore them as compressed but instead it created a folder named utorrent.zip and restored them there uncompressed.
5. after uninstall I had to manually remove leftovers in c:\programdata (BIN files) and [ALL PARTITIONS]:\system volume information (SDB files).

IMO it's good AV but I prefer to use ESET as it's more trouble free and less aggressive. Though if I were practising "dangerous computing" I would probably feel safer with BD.



EDIT: after some thought I decided to give BD another try. Using it for a day may not show all the picture. I added folder with installers and folders for backup files to exceptions and run custom scan instead of built-in system scan.

I’ve noticed almost every AV will pop Image Guardian blocks. I believe even ESET showed them in the scan logs, but I could be misremembering since it’s been a while.

 

[Minimalist]

I’ve noticed almost every AV will pop Image Guardian blocks. I believe even ESET showed them in the scan logs, but I could be misremembering since it’s been a while.

I've used ESET quite a lot and never received pop up by MRIG. I didn't check logs so am not sure if they are recorded there.
But I'm not talking about AV message here, it's IG's message that so far I only got when using BD:



Another weird thing is that I don't get right click BD options in Total Commander. They are there in Windows Explorer but not in TC. That's a first time for me also.

 

[SpiderWeb]

I've used ESET quite a lot and never received pop up by MRIG. I didn't check logs so am not sure if they are recorded there.
But I'm not talking about AV message here, it's IG's message that so far I only got when using BD:

View attachment 265155

Another weird thing is that I don't get right click BD options in Total Commander. They are there in Windows Explorer bur not in TC. That's a first time for me also.

Whitelist and see if it happens again