Online_Sword's Security Configuration ("I SEE" combo)

Windows Edition
Pro
Primary sign-in
Windows UAC
Default - notify when programs attempt to make changes
Real-time protection
- Symantec Endpoint Protection 12.1.6 MP3 (Firewall included)
- EXE Radar Pro v3.1
- EMET 5.5
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Malware testing
Periodic security scanners
- MalwareBytes AntiMalware Free 2.2
- Emsisoft Emergency Kit 11.0
Browsers, Search and Addons
- Chrome (Adblock + HTTPS Everywhere + Bitdefender Trafficlight)
- Firefox (ublock origin + HTTPS Everywhere + Avira Browser Safety)
Maintenance and Cleaning
CCleaner
Personal backup routine
Manual (maintained by self)
Device backup routine
Manual (maintained by self)

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
I would like to call my current configuration "I SEE":p. In particular,

- I: Just "me":D (my Common Sense).

- S: Symantec Endpoint Protection (unmanaged client).
  • Reduced-size definitions of virus and spyware installed.
  • Virus and Spyware Protection Settings:
    • The level of Bloodhound heuristic virus detection is changed from Automatic to Aggressive.
    • Download Insight:
      • The sensitive level is changed from 5 (Typical) to 6 (High).
      • "Files with no more than 5 users in Symantec Community will be detected as malicious" is enabled
      • "Files known by users in Symantec Community for no more than 2 days will be detected as malicious" is enabled.
    • Outlook Auto-Protect:
      • "Insert a warning into the mail message" is disabled, because I have a really bad experience with a similar function of Bitdefender IS.
    • Internet Email Auto-Protect:
      • "Insert a warning into the mail message" is disabled.
  • Proactive Threat Protection Settings:
    • Sonar
      • Action for low risk detection: changed from Log to Block
    • Suspicious Behavior Detection
      • Action for low risk detection: changed from Log to Prompt
    • System Change Detection
      • Actions for both DNS change detection and host file detection: changed from Log to Prompt
        • Because I often need to modify the host file with notepad manually, I cannot change the actions here to Block.
  • Network Threat Protection:
    • NetBIOS Protection enabled.
    • Anti-Mac Spoofing enabled.
    • Network Applcation Monitoring enabled.
    • Denial of Service (DOS) detection enabled.
    • "Prompt before allowing application traffic" checked.
      • When this option is checked, the firewall of SEP will maintain a whitelist of applications that are allowed to connect to the internet.
      • When a non-whitelisted application tries to connect to the internet, it will be prompted. Users can choose to allow it once or whitelist it permanently (adding a rule for it).
      • This function is very strong. In my tests, I find that a whitelisted application will still be prompted when it is updated. I think the rule sets (whitelist) is not only based on the file paths, but also based on the hash codes, a little like EXE Radar Pro.
      • It seems that non-existent applications will be cleaned automatically, not immediately though. I guess SEP will check the existence of the applications in the whitelist periodically.
  • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are excluded in All Scans and Sonar.
- The first E: EXE Radar Pro.
  • Lockdown mode in most cases.
  • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
  • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
  • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
  • I make some customized rules to whitelist some command lines for my printer.
- The second E: EMET.
  • I add Chrome and Firefox to the application list.
  • All options are kept default.
  • Adding EXERadar.exe and ERPSvc.exe to the application list of EMET. I uncheck the options of "EAF" and "Caller" corresponding those two files.
Just like some other users of SD in MT, I also only use Shadow Defender on demand.
 
Last edited:

Exterminator

Community Manager
Verified
Staff member
Oct 23, 2012
12,586
Might consider 0e or two more on demand scanners
Some type of backup solution
CCleaner or Privazer if not already installed
Consider uBlock in place of ABD & HTTPS Everywhere in Chrome
 

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Might consider 0e or two more on demand scanners
Some type of backup solution
CCleaner or Privazer if not already installed
Consider uBlock in place of ABD & HTTPS Everywhere in Chrome
Thank you for all your advices:)

Actually I am using CCleaner Free, but just forget to mention it when I create this post. I have updated the fields.

I think that the on-access scanner of Avira is very sensitive, so maybe I don't need one more on-demand scanner. Too many scanners will make me just forget them.;)

I have a habit of backing up the important data frequently and manually, so the backup softwares won't be considered.

I have ever used "HTTPS Everywhere", but find that it will conflict with IEEEXplore. When I visited IEEEXplore with this plugin, IEEEXplore said that it cannot detect the cookie and display no literature. So I have to uninstall it.:(
 

jamescv7

Level 85
Verified
Trusted
Mar 15, 2011
13,084
Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

Other than that you should fine with Sandboxie and Avira Pro.
 
  • Like
Reactions: Online_Sword

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

Other than that you should fine with Sandboxie and Avira Pro.

Thanks for your suggestion:). In the past, I downloaded and tested the samples in VMware Player, but I finally uninstalled it since at that time, I suspected that the virtual network cards installed by VM stopped me from automatically obtaining an IPv6 address. (Finally, I found that I was wrong. The reason why I could not get an IPv6 address is due to BD's firewall setting:(). Maybe I will re-install VM later.
 

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
August 10, 2015:

Replacing Bitdefender Internet Security 2015 with Norton Internet Security 22.5 (the latest version).

Norton Identity Safe is disabled since I prefer to managing the account information by myself.

Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

Norton Toolbar is disabled since it conflicts with Sandboxie.
 
Last edited:
  • Like
Reactions: Enju

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Did you uninstall BD because of the bugs?

No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply:).
 

Enju

New Member
Jul 16, 2014
443
No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply:).
Are you from China by any chance? :p
BD support is quite good if you get the right employee, but Symantec has topped it in almost any case I required something from them.
 
  • Like
Reactions: Online_Sword

Enju

New Member
Jul 16, 2014
443
Yes, you are right:D


I wonder whether I would get a better service if I purchase a regular license of Bitdefender (I was using a promo license in the past).
Are you active on Kafan? :D
I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.
 
  • Like
Reactions: Online_Sword

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Are you active on Kafan? :D
I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.

I think I am far from "active" in kafan.
I might have more posts here than in kafan.:D
 
  • Like
Reactions: Enju

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Updates in Aug 13, 2015:

  • Upgrade Sandboxie to the paid version.
  • Disable Norton Toolbar as it conflicts with Sandboxie.
  • Add Bitdefender Trafficlight to Chrome since Norton toolbar has been disabled.
 

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Updates in Sep 4, 2015:

Added:
+ Spyshelter Free 10.1
+ Shadow Defender 1.4
Norton Identity Safe is disabled since I prefer to managing the account information by myself.

Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

Norton Toolbar is disabled since it conflicts with Sandboxie.

Excluding the full folder of Spyshelter Free from the real-time scanning and Sonar of Norton Internet Security.

Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

Hooks Guards of the Spyshelter Keystroke Encryption module is set to the "Better compatibility mode".

Changing the policy of Spyshelter for "Certified Application" to "Allow all - High security level".

Disabling "Allow terminating Spyshelter via Task Manager".

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and the documents folder are excluded from Shadow Defender.
 
Last edited:
  • Like
Reactions: Sr. Normal

frogboy

In memoriam 1961-2018
Jun 9, 2013
6,719
Updates in Sep 4, 2015:

Added:
+ Spyshelter Free 10.1
+ Shadow Defender 1.4​

Excluding the full folder of Spyshelter Free from the real-time scanning and sonar of Norton Internet Security.

Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

Hooks Guards of the Keystroke Encryption module is set to the "Better compatibility mode".

Change the policy for "Certified Application" to "Allow all - High security level".

Disable "Allow terminating Spyshelter via Task Manager".

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and documents folder are excluded from Shadow Defender.
Some good additions right there. ;)
 

Online_Sword

New Member
Verified
Trusted
Mar 23, 2015
555
Updates:

Removed:
  • Norton Internet Security
  • Spyshelter Free
Added:
  • Emsisoft Internet Security
  • EXE Radar Pro
  • EMET
Changed:
  • Adblock Plus (Firefox) to uBlock Origin (Firefox). I still keep Adblock in Chrome.

I should say that my previous combo "Norton + Spyshelter" runs very well on my computer.
But, sometimes I really want to make some change.:p I just want to try some "interesting" combos.
I think many MT members can understand my feeling.:D

My new configuration is interesting, partially because it has an interesting shorthand "IEEE". In particular,

- I: Just "me":D (my Common Sense).​

- The first E: Emsisoft Internet Security.
  • AMN is enabled.
  • All notifications except computer restart notification and removable device notification are disabled.
  • In Surf Protection, Privacy risks are "Blocked silently".
  • In File Guard, PUP detection is set to "Alert".
  • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are whitelisted in both Scanner, File Guard, and Behavior Blocker.
- The second E: EXE Radar Pro.
  • Lockdown mode in most cases.
  • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
  • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
  • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
  • I make some customized rules to whitelist some command lines for my printer.
- The third E: EMET.
  • I add Chrome and Firefox to the application list.
  • All options are kept default.
 
Top