Advanced Plus Security oldschool's laptop setup 2020

[Evjl's Rain]

you can delete overseer by some tricks (disable AVG's defense and delete) and prevent it to be appeared in your computer (use folder security tab to deny write permissions of all accounts)
after all, reenable self-defense

 

[stefanos]

you can delete overseer by some tricks (disable AVG's defense and delete) and prevent it to be appeared in your computer (use folder security tab to deny write permissions of all accounts)
after all, reenable self-defense

Thanks for the tip. Overseer deleted

 

[Evjl's Rain]

Thanks for the tip. Overseer deleted

and we should apply the Folder security setting to block avast from installing overseer in the next update
every update or Repair, avast will re-install overseer if I'm not mistaken

Added AVG Free Beta @ hardened mode + high sensitivity, with settings > balanced for security and performance.

AVG Free now has a number of available personal privacy settings, which may indicate they've responded to the backlash they've experienced the last few years. In any case, I've blocked AVGUI and overseer.exe in firewall. I quite enjoy this AV.

I installed this last weekend and have now joined the AVG Anti-hate Coalition started by @stefanos!

Hardened mode really works. It blocked VoodooShield!

View attachment 215270

Edit: This new version removes overseer.exe upon uninstall.

hi, does AVG have Settings -> troubleshooting -> open old settings?
does it have customization for hardened mode aggressive?

 

[stefanos]

and we should apply the Folder security setting to block avast from installing overseer in the next update
every update or Repair, avast will re-install overseer if I'm not mistaken


hi, does AVG have Settings -> troubleshooting -> open old settings?
does it have customization for hardened mode aggressive?

Have not option for hardener mode at old settings.

 

[stefanos]

 

[Evjl's Rain]

View attachment 215291

when we enable hardened mode, that hardware virtualization is redundant because virtualization is used for Deepscreen (sandbox analysis for 15 seconds to determine if something is safe/malicious). When hardened mode is on (HM moderate), deepscreen is ignored and the app will be blocked straight away without being analyzed

HM moderate: ignore deepscreen and block the app if the app is suspicious enough to trigger deepscreen. It allows everything to run except low prevalent files
HM agressive: check the app with avast's cloud and only runs if it's whitelisted by avast

 

[oldschool]

@stefanos @Evjl's Rain - I am still testing overseer.exe. Blocking in FW may hinder updates > necessitate manual update. It's kind of hard to tell because of difference of timestamp/release date for signatures. I allowed it in FW last night and release time was earlier than when blocked, but I am still unsure of the process. I think it may be easier just to block in FW. My question is what exactly does overseer.exe do? It is supposed to check for errors/corruption of the program and initiate a repair. Is it also responsible for reporting all your data? It's such a poor choice of names for this exe, it's no wonder they had such a backlash over it.

Old settings are still available in Troubleshooting.

Hardened mode is in new settings, not old. There is no option for "Aggressive".

It allows everything to run except low prevalent files

Yes. It blocked VoodooShield and @Andy Ful Firewall Hardening Tool.

 

[Evjl's Rain]

My question is what exactly does overseer.exe do?

I don't think blocking it does anything to the system. It's like a debug log collector and it sends to avast. It has nothing to do with functionality of avast
We should delete it since it is scheduled to run in Task scheduler => consumes some resources

 

[Andy Ful]

...
Yes. It blocked VoodooShield and @Andy Ful Firewall Hardening Tool.
...

The Firewall Hardening tool was not sent yet to Avast for whitelisting. It will be sent as a part of the new H_C version, and then it will be probably allowed by AVG overseer.exe.

Here are some notes about overseer from the guy who worked for Avast on this feature in the 2017 year: What "avast overseer" is?
It seems that overseer should not be the reason for blocking VS or H_C.
Users on some forums complain that overseer continues to run after uninstalling AVG.

 

[oldschool]

Here are some notes about overseer from the guy who worked for Avast on this feature in the 2017 year: What "avast overseer" is?
It seems that overseer should not be the reason for blocking VS or H_C.

Yes, I'm familiar with that thread. I knew overseer had nothing to do with VS, it was hardened mode as indicated in the notification. I just think it's funny that "all the best security software is malware" - according to @shmu26.

 

[plat]

oldschool: I apologize for intruding but you have a lot happening in your thread and it's interesting. I'm looking to tighten up the Windows firewall a bit and don't want a third party front-end. What can you say about the Firewall Hardening Tool you're using? Is it worthwhile?

I've already disabled SMB1 via Turn Windows Features On and Off. Are settings similar in scope to this one available in the Tool?

 

[oldschool]

oldschool: I apologize for intruding but you have a lot happening in your thread and it's interesting. I'm looking to tighten up the Windows firewall a bit and don't want a third party front-end. What can you say about the Firewall Hardening Tool you're using? Is it worthwhile?

I've already disabled SMB1 via Turn Windows Features On and Off. Are settings similar in scope to this one available in the Tool?

No problemo! There are outbound rule profiles (ala SysHardener) for H_C Recommended, LOLBins, MS Office and Adobe Acrobat. Check here for more info as there is no separate thread for it ATM: https://malwaretips.com/threads/hard_configurator-windows-hardening configurator.66416/page-75 Info is sprinkled throughout. Is the tool useful? Yes. Necessary? It all depends. It also allows you to easily create new rules. Just be aware that rules profiles can only be removed with the tool, not directly in WFW, if I remember correctly.

 

[Dave Russo]

I'll bring the pizza"s we will all have 10 minutes to try to get a virus on old schools computer if you fail,your punishment is you have to run for president of the U.S.A next election. If you succeed you get a free membership to MalwareTips.Gl

 

[Burrito]

Oldschool's laptop is like a fortress.... Like Fort Knox (lots of gold is there).

It could not be penetrated even if it was worked over with an ice axe.

 

[oldschool]

@Dave Russo @Burrito - I highly doubt that is true. First and foremost, I'm a safe surfer. And I know Voodoo!

 

[shmu26]

Just be aware that rules profiles can only be removed with the tool, not directly in WFW

AFAIK you can open "Windows Defender Firewall with Advanced Security" (admin rights required), go to the Outbound Rules tab, scroll down until you find the rules you want, and disable or delete them. That's what I did with the SysHardener rules that became redundant after I installed the FirewallHardening rules.

 

[oldschool]

AFAIK you can open "Windows Defender Firewall with Advanced Security" (admin rights required), go to the Outbound Rules tab, scroll down until you find the rules you want, and disable or delete them. That's what I did with the SysHardener rules that became redundant after I installed the FirewallHardening rules.

Regarding Firewall Hardening Tool - from H_C thread post #1641: "... The applied rules may be also viewed when using Windows Firewall Advanced settings, but can be managed only by Firewall Hardening tool, or by editing the Registry under the key: HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules. ..."

 

[shmu26]

Regarding Firewall Hardening Tool - from H_C thread post #1641: "... The applied rules may be also viewed when using Windows Firewall Advanced settings, but can be managed only by Firewall Hardening tool, or by editing the Registry under the key: HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules. ..."

Thanks for the clarification. My bad.

 

[oldschool]

Updated Edge Dev extensions which I didn't specify previously. Decentraleyes and Privacy Possum take on a bit more of the job in Easy Mode+ with my SuperSlim µBO filter lists @ medium mode.

 

[oldschool]

Added Hitman Pro (free). Lightning fast, deep scan! Don't blink or you'll miss it.