Advanced Plus Security Moonhorse's Security Config 2019

[Andy Ful]

@Andy Ful Well i rarely install new applications, but i had the problem with whitelisting. I couldve managed to life with that, no worries i just think syshardener is more familiar for noob like me

Also i guess H_C is TRUE default deny and not crappy default deny wich is relying in trusted vendor list. As we see its doing good job on askalans tests

SysHardener with Avast set to Hardened Aggressive mode, could give also pretty good results.

 

[Moonhorse]

SysHardener with Avast set to Hardened Aggressive mode, could give also pretty good results.

Hmm, im gonna install avast and run it with syshardener. Its bit lighter than WD, atleast when you can disable on-demand scans. I dont like the privacy issues, but after all its a big company and nothing is free. Atleast you can opt data gathering off & disable gui ads with firewall. And the agressive module is the main point. Also evjl + stefanos promote it so lets begin 2019 with avast then

Added avast! to config, and installing it right now

 

[Evjl's Rain]

SysHardener with Avast set to Hardened Aggressive mode, could give also pretty good results.

I have found no bypass yet with this combo
moreover, it works more universally than windows smartscreen and they can work toghther => double team default-deny against web threats
avast HM will deal with local threats from USB and zipped files

 

[stefanos]

I have found no bypass yet with this combo
moreover, it works more universally than windows smartscreen and they can work toghther => double team default-deny against web threats
avast HM will deal with local threats from USB and zipped files

I have it in two laptops. On my own Avast pro and my daughters Free. Secure and light. Low ram and I never had a problem with high cpu.

 

[stefanos]

Hmm, im gonna install avast and run it with syshardener. Its bit lighter than WD, atleast when you can disable on-demand scans. I dont like the privacy issues, but after all its a big company and nothing is free. Atleast you can opt data gathering off & disable gui ads with firewall. And the agressive module is the main point. Also evjl + stefanos promote it so lets begin 2019 with avast then

Added avast! to config, and installing it right now

I want to see your opinion for Avast. And especially if you have a delay in the opening of GUI.

 

[Moonhorse]

I want to see your opinion for Avast. And especially if you have a delay in the opening of GUI.

Dont have any delay when opening it. And with minium setup, theres no bloat and the gui is looking pretty in 19.1 avast. Cant say theres any difference between new avast 19.1 and previous one 18.0+

settings are made more confusing than they used to be

 

[stefanos]

Dont have any delay when opening it. And with minium setup, theres no bloat and the gui is looking pretty in 19.1 avast. Cant say theres any difference between new avast 19.1 and previous one 18.0+

settings are made more confusing than they used to be

Thanks for your answer. And I have no delay. Because of this issue I had several conflicts with forum member. Use the old settings to make sure it's all right. Do one settings backup and after is all easy Hardened Aggressive mode can access old Settings, Troubleshooting>Open Old Settings.

 

[Moonhorse]

I was wondering where the agressive mode were, since there was no option for it. Thanks for pointing me to right way

 

[stefanos]

I was wondering where the agressive mode were, since there was no option for it. Thanks for pointing me to right way
View attachment 207183

You are welcome. That's why we are in this forum. To help each other

 

[stefanos]

With the old settings you can use the tweaks from Evjl's Rain. Realy after the tweaks you can see the Avast work more light.

 

[imuade]

I was wondering where the agressive mode were, since there was no option for it. Thanks for pointing me to right way
View attachment 207183

I wonder why they changed the settings structure... Perkele !!!

 

[Andy Ful]

I have found no bypass yet with this combo
moreover, it works more universally than windows smartscreen and they can work toghther => double team default-deny against web threats
avast HM will deal with local threats from USB and zipped files

Windows built-in SRP is stronger that light SysHardener restrictions, and the restrictions can be whitelisted - which is not possible in SysHardener.
For example, SysHardener + Avast set to Hardened Aggressive mode, can be bypassed by weaponized CHM files, CPL binaries (DLLs which can be run via control.exe), several types or shortcuts, etc. Those techniques are not common in the wild, as compared to standard VBScript, JScript, JavaScript, or VBA Macro malware.

 

[Moonhorse]

I wonder why they changed the settings structure... Perkele !!!

On topic: its weird you cant completely revert the gui changes, and to access hardened mode you have to do it, since new gui has no option for it

 

[Evjl's Rain]

Windows built-in SRP is stronger that light SysHardener restrictions, and the restrictions can be whitelisted - which is not possible in SysHardener.
For example, SysHardener + Avast can be bypassed by weaponized CHM files, CPL binaries (DLLs which can be run via control.exe), several types or shortcuts, etc. Those techniques are not common in the wild, as compared to standard VBScript, JScript, JavaScript, or VBA Macro malware.

I know but using a software which I have to whitelist several times to let something run is a no no for me
no offense to your great softwares but it's totally not for me because I don't want to whitelist anything
for example, I was using the previous version of H_C and used the default settings. When I ran my safe files (unsigned), obviously windows blocked it.
I found it hard to unblock this option in H_C. Took me 5-10mins to find but then I decided to remove H_C. In SH, it's far more easier

with avast and comodo firewall, they take 1-2 clicks to whitelist something because the option is in the block popup
I ditched comodo also because it annoyed me by blocking too many safe apps

I don't mind about CHM, shortcut or CPL because they will never appear in almost all PCs
don't forget, SH also has firewall block rules which include hh.exe and control.exe => they won't be able to download their payloads unless they are embedded into the original files
most scriptors require downloading of payloads => block them from connecting to the internet will cripple their abilities although some damage might be done but minimal

I know H_C is safer than SH, obviously, but easy-to-use and problem-free factors, SH is more suitable for me
I don't want to be paranoid. I don't mind about sophisticated attacks or exploits. Usability and performance matter more. That's why we bought our PCs/laptops for, not to overprotect them

I choose SH because truly novice users don't know how to whitelist.
Avast blocked a program by hardened mode and my parents asked me why it was not running => I disabled HM permanently

My choice for novice users:
avast (tweaked, no HM) + SH tweaked
kaspersky free (tweaked for best performance) + SH + unchecky
both: + WDBP + emsisoft browser security

they can be bypassed but not easy

 

[Nestor]

Dont have any delay when opening it. And with minium setup, theres no bloat and the gui is looking pretty in 19.1 avast. Cant say theres any difference between new avast 19.1 and previous one 18.0+

settings are made more confusing than they used to be

For me, 1 minute to open the GUI! If i tick HM aggresive in the old UI then automatically HM unticked in the new UI !But i trust old UI settings according to Evjl's Rain !

 

[Moonhorse]

For me, 1 minute to open the GUI! If i tick HM aggresive in the old UI then automatically HM unticked in the new UI !But i trust old UI settings according to Evjl's Rain !

Well thats weird, for me its starting right when i click on it. And i have amd 6300-six core processor + 8 years old hdd

The new ui gets ticked off, but indeed its there

Edit: @Andy Ful Is it possible to use H_C as default allow .exe and just benefit from WD hardening + script blocking ( sponsors) if WD has block in first sight? If the whitelisting is painful for someone

 

[Andy Ful]

...
I choose SH because truly novice users don't know how to whitelist.
Avast blocked a program by hardened mode and my parents asked me why it was not running => I disabled HM permanently

My choice for novice users:
avast (tweaked, no HM) + SH tweaked
kaspersky free (tweaked for best performance) + SH + unchecky
both: + WDBP + emsisoft browser security

they can be bypassed but not easy

That is the point. For most users, the AV with good signatures + blocked/restricted scripts + some web protection, will be the optimal choice. Yet, on Windows 10 I would rather suggest to start with Windows Defender, and if not satisfied, then choose 3rd party AV.

Windows Defender has still slower signatures for never seen EXE malware (as compared to Kaspersky or BitDefender), but most of those samples are delivered via scripts and macros, so will be stopped anyway.

There is probably some advantage of using Kaspersky over WD, when applying cracks or installing the pirated software (some novice users can do it frequently for gaming). In this case the malicious EXE file is delivered directly by the user.

 

[Andy Ful]

SysHardener is very effective, but some things could be improved when adopting SRP in default allow setup.

1. Add more entries for dangerous file extensions (CHM, CPL, several kinds of shortcuts, etc.). Shortcuts could be whitelisted in some predefined locations (like desktop, Start Menu) and blocked by default in other locations.
2. Block files with double extensions, like: *.docx.exe, *.avi.exe, *.txt.exe, etc.
3. Block powershell.exe and powershell_ise.exe to stop some PowerShell techniques that can bypass Constrained Language mode (this could be done by non SRP tweak).
4. Whitelist by default, the script execution (VBScript, JScript) and dangerous file extensions in Windows and Program Files folders.
5. Disable Remote Registry and Remote Shell (this would be done by non SRP tweak).

The above features can be added to SysHardener via SRP, and that would be still the light SRP protection (default-allow for EXE files), so the users would not see any downsides in daily tasks, as compared to the actual SysHardener setup.

Edit.
Maybe I should make something like HardenSysHardener to apply the above?

 

[Nestor]

Well thats weird, for me its starting right when i click on it. And i have amd 6300-six core processor + 8 years old hdd

The new ui gets ticked off, but indeed its there

Edit: @Andy Ful Is it possible to use H_C as default allow .exe and just benefit from WD hardening + script blocking ( sponsors) if WD has block in first sight? If the whitelisting is painful for someone

I don't know if it is related but from when i installed Avast i keep getting notified from Thor for "Popcash.net" and "Onclickads.net" malicious web traffic.Maybe it has to do with Avast advertising but the funny thing is that Avast also detect them as Dns poisoning.

 

[Moonhorse]

I don't know if it is related but from when i installed Avast i keep getting notified from Thor for "Popcash.net" and "Onclickads.net" malicious web traffic.Maybe it has to do with Avast advertising but the funny thing is that Avast also detect them as Dns poisoning.

I did minium install, nothing has popped up for me.

It just sounds like you had adware installed where the pop-ups coming from?
Onclickads.net Browser Redirect Removal

i would run adwcleaner from malwarebytes incase there is something sketchy going + zemana probably