Operating System
  • Windows 7 SP1
  • Windows Edition
    Pro
    System Architecture
    64-bit
    User Access Control
    Default
    Network Security (Firewall)
    3rd-party Firewall app by a trusted vendor
    Sign-in Accounts
    Malware Testing
    Malware on a secure VM - Full Network and File isolation
    Real-time Web & Malware Protection
    - Symantec Endpoint Protection 12.1.6 MP3 (Firewall included)
    - EXE Radar Pro v3.1
    - EMET 5.5
    Custom Settings For Real-Time Protection
    Virus and Malware Removal Tools
    - MalwareBytes AntiMalware Free 2.2
    - Emsisoft Emergency Kit 11.0
    Browsers and Extensions
    - Chrome (Adblock + HTTPS Everywhere + Bitdefender Trafficlight)
    - Firefox (ublock origin + HTTPS Everywhere + Avira Browser Safety)
    Web Privacy
    Adblock (Chrome plugin) + ublock origin (Firefox plugin)
    Password Manager
    Manually + Browser Built-in
    System Utilities
    CCleaner
    Frequency of Data backups
    Weekly
    Frequency of System backups
    Regularly

    Online_Sword

    New Member
    Trusted
    Verified
    I would like to call my current configuration "I SEE":p. In particular,

    - I: Just "me":D (my Common Sense).

    - S: Symantec Endpoint Protection (unmanaged client).
    • Reduced-size definitions of virus and spyware installed.
    • Virus and Spyware Protection Settings:
      • The level of Bloodhound heuristic virus detection is changed from Automatic to Aggressive.
      • Download Insight:
        • The sensitive level is changed from 5 (Typical) to 6 (High).
        • "Files with no more than 5 users in Symantec Community will be detected as malicious" is enabled
        • "Files known by users in Symantec Community for no more than 2 days will be detected as malicious" is enabled.
      • Outlook Auto-Protect:
        • "Insert a warning into the mail message" is disabled, because I have a really bad experience with a similar function of Bitdefender IS.
      • Internet Email Auto-Protect:
        • "Insert a warning into the mail message" is disabled.
    • Proactive Threat Protection Settings:
      • Sonar
        • Action for low risk detection: changed from Log to Block
      • Suspicious Behavior Detection
        • Action for low risk detection: changed from Log to Prompt
      • System Change Detection
        • Actions for both DNS change detection and host file detection: changed from Log to Prompt
          • Because I often need to modify the host file with notepad manually, I cannot change the actions here to Block.
    • Network Threat Protection:
      • NetBIOS Protection enabled.
      • Anti-Mac Spoofing enabled.
      • Network Applcation Monitoring enabled.
      • Denial of Service (DOS) detection enabled.
      • "Prompt before allowing application traffic" checked.
        • When this option is checked, the firewall of SEP will maintain a whitelist of applications that are allowed to connect to the internet.
        • When a non-whitelisted application tries to connect to the internet, it will be prompted. Users can choose to allow it once or whitelist it permanently (adding a rule for it).
        • This function is very strong. In my tests, I find that a whitelisted application will still be prompted when it is updated. I think the rule sets (whitelist) is not only based on the file paths, but also based on the hash codes, a little like EXE Radar Pro.
        • It seems that non-existent applications will be cleaned automatically, not immediately though. I guess SEP will check the existence of the applications in the whitelist periodically.
    • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are excluded in All Scans and Sonar.
    - The first E: EXE Radar Pro.
    • Lockdown mode in most cases.
    • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
    • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
    • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
    • I make some customized rules to whitelist some command lines for my printer.
    - The second E: EMET.
    • I add Chrome and Firefox to the application list.
    • All options are kept default.
    • Adding EXERadar.exe and ERPSvc.exe to the application list of EMET. I uncheck the options of "EAF" and "Caller" corresponding those two files.
    Just like some other users of SD in MT, I also only use Shadow Defender on demand.
     
    Last edited:

    Online_Sword

    New Member
    Trusted
    Verified
    Might consider 0e or two more on demand scanners
    Some type of backup solution
    CCleaner or Privazer if not already installed
    Consider uBlock in place of ABD & HTTPS Everywhere in Chrome
    Thank you for all your advices:)

    Actually I am using CCleaner Free, but just forget to mention it when I create this post. I have updated the fields.

    I think that the on-access scanner of Avira is very sensitive, so maybe I don't need one more on-demand scanner. Too many scanners will make me just forget them.;)

    I have a habit of backing up the important data frequently and manually, so the backup softwares won't be considered.

    I have ever used "HTTPS Everywhere", but find that it will conflict with IEEEXplore. When I visited IEEEXplore with this plugin, IEEEXplore said that it cannot detect the cookie and display no literature. So I have to uninstall it.:(
     

    jamescv7

    Level 61
    Trusted
    Verified
    Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

    Other than that you should fine with Sandboxie and Avira Pro.
     
    • Like
    Reactions: Online_Sword

    Online_Sword

    New Member
    Trusted
    Verified
    Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

    Other than that you should fine with Sandboxie and Avira Pro.
    Thanks for your suggestion:). In the past, I downloaded and tested the samples in VMware Player, but I finally uninstalled it since at that time, I suspected that the virtual network cards installed by VM stopped me from automatically obtaining an IPv6 address. (Finally, I found that I was wrong. The reason why I could not get an IPv6 address is due to BD's firewall setting:(). Maybe I will re-install VM later.
     

    Online_Sword

    New Member
    Trusted
    Verified
    August 10, 2015:

    Replacing Bitdefender Internet Security 2015 with Norton Internet Security 22.5 (the latest version).

    Norton Identity Safe is disabled since I prefer to managing the account information by myself.

    Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

    Norton Toolbar is disabled since it conflicts with Sandboxie.
     
    Last edited:
    • Like
    Reactions: Enju

    Online_Sword

    New Member
    Trusted
    Verified
    Did you uninstall BD because of the bugs?
    No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
    In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply:).
     

    Enju

    New Member
    No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
    In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply:).
    Are you from China by any chance? :p
    BD support is quite good if you get the right employee, but Symantec has topped it in almost any case I required something from them.
     
    • Like
    Reactions: Online_Sword

    Enju

    New Member
    Yes, you are right:D


    I wonder whether I would get a better service if I purchase a regular license of Bitdefender (I was using a promo license in the past).
    Are you active on Kafan? :D
    I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.
     
    • Like
    Reactions: Online_Sword

    Online_Sword

    New Member
    Trusted
    Verified
    Are you active on Kafan? :D
    I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.
    I think I am far from "active" in kafan.
    I might have more posts here than in kafan.:D
     
    • Like
    Reactions: Enju

    Online_Sword

    New Member
    Trusted
    Verified
    Updates in Aug 13, 2015:

    • Upgrade Sandboxie to the paid version.
    • Disable Norton Toolbar as it conflicts with Sandboxie.
    • Add Bitdefender Trafficlight to Chrome since Norton toolbar has been disabled.
     

    Online_Sword

    New Member
    Trusted
    Verified
    Updates in Sep 4, 2015:

    Added:
    + Spyshelter Free 10.1
    + Shadow Defender 1.4
    Norton Identity Safe is disabled since I prefer to managing the account information by myself.

    Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

    Norton Toolbar is disabled since it conflicts with Sandboxie.

    Excluding the full folder of Spyshelter Free from the real-time scanning and Sonar of Norton Internet Security.

    Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

    Hooks Guards of the Spyshelter Keystroke Encryption module is set to the "Better compatibility mode".

    Changing the policy of Spyshelter for "Certified Application" to "Allow all - High security level".

    Disabling "Allow terminating Spyshelter via Task Manager".

    Just like some other users of SD in MT, I also only use Shadow Defender on demand.

    The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and the documents folder are excluded from Shadow Defender.
     
    Last edited:
    • Like
    Reactions: Sr. Normal

    frogboy

    Level 75
    Trusted
    Verified
    Updates in Sep 4, 2015:

    Added:
    + Spyshelter Free 10.1
    + Shadow Defender 1.4​

    Excluding the full folder of Spyshelter Free from the real-time scanning and sonar of Norton Internet Security.

    Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

    Hooks Guards of the Keystroke Encryption module is set to the "Better compatibility mode".

    Change the policy for "Certified Application" to "Allow all - High security level".

    Disable "Allow terminating Spyshelter via Task Manager".

    Just like some other users of SD in MT, I also only use Shadow Defender on demand.

    The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and documents folder are excluded from Shadow Defender.
    Some good additions right there. ;)
     

    Online_Sword

    New Member
    Trusted
    Verified
    Updates:

    Removed:
    • Norton Internet Security
    • Spyshelter Free
    Added:
    • Emsisoft Internet Security
    • EXE Radar Pro
    • EMET
    Changed:
    • Adblock Plus (Firefox) to uBlock Origin (Firefox). I still keep Adblock in Chrome.

    I should say that my previous combo "Norton + Spyshelter" runs very well on my computer.
    But, sometimes I really want to make some change.:p I just want to try some "interesting" combos.
    I think many MT members can understand my feeling.:D

    My new configuration is interesting, partially because it has an interesting shorthand "IEEE". In particular,

    - I: Just "me":D (my Common Sense).​

    - The first E: Emsisoft Internet Security.
    • AMN is enabled.
    • All notifications except computer restart notification and removable device notification are disabled.
    • In Surf Protection, Privacy risks are "Blocked silently".
    • In File Guard, PUP detection is set to "Alert".
    • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are whitelisted in both Scanner, File Guard, and Behavior Blocker.
    - The second E: EXE Radar Pro.
    • Lockdown mode in most cases.
    • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
    • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
    • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
    • I make some customized rules to whitelist some command lines for my printer.
    - The third E: EMET.
    • I add Chrome and Firefox to the application list.
    • All options are kept default.