Online_Sword's Security Configuration ("I SEE" combo)

[JM Safe]

Updates:

Removed:

• Norton Internet Security
• Spyshelter Free

Added:

• Emsisoft Internet Security
• EXE Radar Pro
• EMET

Changed:

• Adblock Plus (Firefox) to uBlock Origin (Firefox). I still keep Adblock in Chrome.

I should say that my previous combo "Norton + Spyshelter" runs very well on my computer.
But, sometimes I really want to make some change. I just want to try some "interesting" combos.
I think many MT members can understand my feeling.

My new configuration is interesting, partially because it has an interesting shorthand "IEEE". In particular,

- I: Just "me" (my Common Sense).​

- The first E: Emsisoft Internet Security.

• AMN is enabled.
• All notifications except computer restart notification and removable device notification are disabled.
• In Surf Protection, Privacy risks are "Blocked silently".
• In File Guard, PUP detection is set to "Alert".
• The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are whitelisted in both Scanner, File Guard, and Behavior Blocker.

- The second E: EXE Radar Pro.

• Lockdown mode in most cases.
• Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
• External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
• Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
• I make some customized rules to whitelist some command lines for my printer.

- The third E: EMET.

• I add Chrome and Firefox to the application list.
• All options are kept default.

All in all, good changelog @Online_Sword

 

[LabZero]

- The third E: EMET.

• I add Chrome and Firefox to the application list.
• All options are kept default.

You can protect EXE Radar Pro processes with EMET (If you haven't already done )

NoVirusThanks EXE Radar Pro - Help File

 

[Deleted member 178]

Be careful, EMET and latest beta of EIS may generates issues.

 

[hjlbx]

IEEE... there for second I think you are electrical engineer.

Anyhow, Emsisoft does not adequately provide these:

• Phishing protection (not part of Emsi security model)
• Virtualization (where is your Sandboxie ???)

You might want to consider Adguard (desktop version) or Cyscon browser extension. @Umbra showed me Adguard. Sharp program.

 

[Online_Sword]

Updates in October 28, 2015:

Changes:

• Adding EXERadar.exe and ERPSvc.exe to the application list of EMET according to the suggestion of @Klipsh . I uncheck the options of "EAF" and "Caller" corresponding those two files. Many thanks @Klipsh .

 

[LabZero]

Updates in October 28, 2015:

Changes:

• Adding EXERadar.exe and ERPSvc.exe to the application list of EMET according to the suggestion of @Klipsh . I uncheck the options of "EAF" and "Caller" corresponding those two files. Many thanks @Klipsh .

Well done, if you ever encounter any problems you can reverse the changes.

 

[Online_Sword]

Be careful, EMET and latest beta of EIS may generates issues.

Thank you for your comment.
I am currently using the stable version of EIS (i.e., v10), and I have disabled beta updates.
Until now, the combo "EIS + EMET" has not caused any obvious issue on my computer.
Well, at least it has not incurred a BSOD.
I would post in the official website of Emsisoft if I could find any obvious compatibility issue between EIS and EMET.

 

[hjlbx]

Thank you for your comment.
I am currently using the stable version of EIS (i.e., v10), and I have disabled beta updates.
Until now, the combo "EIS + EMET" has not caused any obvious issue on my computer.
Well, at least it has not incurred a BSOD.
I would post in the official website of Emsisoft if I could find any obvious compatibility issue between EIS and EMET.

If you enable EIS 11 beta, then disable EMET before doing so. Re-enable after required beta reboots (there are up to 2).

 

[Online_Sword]

• Phishing protection (not part of Emsi security model)

I do not think I could rely on the anti-phising capability of any international antivirus, because the network environment here is very special...
For example, you know, there is no twitter, no facebook, no youtube here...Only a few people have ever used Amazon, Paypal, Skype, etc...
So...some anti-phising techniques of international antivirus programs may work here.
When we choose to use the international anti-virus programs instead of the native ones, we have to use the brain-based anti-phising. It works well.
By the way, I think Bitdefender Traffic Light and Avira Browser Safety can also block some malisious sites.

Virtualization (where is your Sandboxie ???)

I put it in the "other software" category. You know, otherwise it will break down my interesting shorthand.
Seriously, I do not want to use a combo called "SEEE".
Sandboxie works well with EMET.

If you enable EIS 11 beta

I do not want to try a beta program on my real computer. ERP beta might be the only exception.
Maybe I will try it on the virtual machine.

 

[Online_Sword]

Updates:

- Removed:

• Emsisoft Internet Security

- Added:

• Symantec Endpoint Protection
• Emsisoft Emergency Kit

Recently I have a new problem with EIS: it will block and quarantine my programs written in C++. I guess this is because I use the function scanf to read. Well, I know scanf might not be memory-safe. But I like to use it, since it is simple and effective. My programs will be only used by myself, and I will not attack myself by exploiting my own programs. So such protection of Emsisoft is really annoying for me. That is why I uninstall EIS.

My new configuration can be called "I SEE". In particular,

- I: Still "me" (my Common Sense).

- S: Symantec Endpoint Protection (unmanaged client).

• Reduced-size definitions of virus and spyware installed.

• Virus and Spyware Protection Settings:
  • The level of Bloodhound heuristic virus detection is changed from Automatic to Aggressive.
  • Download Insight:
    • The sensitive level is changed from 5 (Typical) to 6 (High).
    • "Files with no more than 5 users in Symantec Community will be detected as malicious" is enabled
    • "Files known by users in Symantec Community for no more than 2 days will be detected as malicious" is enabled.
  • Outlook Auto-Protect:
    • "Insert a warning into the mail message" is disabled, because I have a really bad experience with a similar function of Bitdefender IS.
  • Internet Email Auto-Protect:
    • "Insert a warning into the mail message" is disabled.

• Proactive Threat Protection Settings:
  • Sonar
    • Action for low risk detection: changed from Log to Block
  • Suspicious Behavior Detection
    • Action for low risk detection: changed from Log to Prompt
  • System Change Detection
    • Actions for both DNS change detection and host file detection: changed from Log to Prompt
      • Because I often need to modify the host file with notepad manually, I cannot change the actions here to Block.

• Network Threat Protection:
  • NetBIOS Protection enabled.
  • Anti-Mac Spoofing enabled.
  • Network Applcation Monitoring enabled.
  • Denial of Service (DOS) detection enabled.
  • "Prompt before allowing application traffic" checked.
    • When this option is checked, the firewall of SEP will maintain a whitelist of applications that are allowed to connect to the internet.
    • When a non-whitelisted application tries to connect to the internet, it will be prompted. Users can choose to allow it once or whitelist it permanently (adding a rule for it).
    • This function is very strong. In my tests, I find that a whitelisted application will still be prompted when it is updated. I think the rule sets (whitelist) is not only based on the file paths, but also based on the hash codes, a little like EXE Radar Pro.
    • It seems that non-existent applications will be cleaned automatically, not immediately though. I guess SEP will check the existence of the applications in the whitelist periodically.
  • Stealth Settings are left default, since I find some of them will conflict with some forums in my country.

• The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are excluded in All Scans and Sonar.

- The first E: EXE Radar Pro.

• Lockdown mode in most cases.
• Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
• External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
• Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
• I make some customized rules to whitelist some command lines for my printer.

- The second E: EMET.

• I add Chrome and Firefox to the application list.
• All options are kept default.
• Adding EXERadar.exe and ERPSvc.exe to the application list of EMET. I uncheck the options of "EAF" and "Caller" corresponding those two files.

I only have the Chinese version of SEP, and I do not know the English name of many options. So I make this changelog according to the screenshots made by @Umbra and @Piteko21 . Thanks.

 

[Online_Sword]

Updated for adding the new form.