Online_Sword's Security Configuration ("I SEE" combo)

Windows Edition
Pro
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
- Symantec Endpoint Protection 12.1.6 MP3 (Firewall included)
- EXE Radar Pro v3.1
- EMET 5.5
Firewall security
Periodic malware scanners
- MalwareBytes AntiMalware Free 2.2
- Emsisoft Emergency Kit 11.0
Malware sample testing
Browser(s) and extensions
- Chrome (Adblock + HTTPS Everywhere + Bitdefender Trafficlight)
- Firefox (ublock origin + HTTPS Everywhere + Avira Browser Safety)
Maintenance tools
CCleaner

JM Safe

Level 39
Verified
Top Poster
Apr 12, 2015
2,882
Updates:

Removed:
  • Norton Internet Security
  • Spyshelter Free
Added:
  • Emsisoft Internet Security
  • EXE Radar Pro
  • EMET
Changed:
  • Adblock Plus (Firefox) to uBlock Origin (Firefox). I still keep Adblock in Chrome.

I should say that my previous combo "Norton + Spyshelter" runs very well on my computer.
But, sometimes I really want to make some change.:p I just want to try some "interesting" combos.
I think many MT members can understand my feeling.:D

My new configuration is interesting, partially because it has an interesting shorthand "IEEE". In particular,

- I: Just "me":D (my Common Sense).​

- The first E: Emsisoft Internet Security.
  • AMN is enabled.
  • All notifications except computer restart notification and removable device notification are disabled.
  • In Surf Protection, Privacy risks are "Blocked silently".
  • In File Guard, PUP detection is set to "Alert".
  • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are whitelisted in both Scanner, File Guard, and Behavior Blocker.
- The second E: EXE Radar Pro.
  • Lockdown mode in most cases.
  • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
  • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
  • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
  • I make some customized rules to whitelist some command lines for my printer.
- The third E: EMET.
  • I add Chrome and Firefox to the application list.
  • All options are kept default.
All in all, good changelog @Online_Sword ;)
 
H

hjlbx

IEEE... there for second I think you are electrical engineer.

Anyhow, Emsisoft does not adequately provide these:

  • Phishing protection (not part of Emsi security model)
  • Virtualization (where is your Sandboxie ???)
You might want to consider Adguard (desktop version) or Cyscon browser extension. @Umbra showed me Adguard. Sharp program.
 
Last edited by a moderator:

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Be careful, EMET and latest beta of EIS may generates issues.

Thank you for your comment.:)
I am currently using the stable version of EIS (i.e., v10), and I have disabled beta updates.
Until now, the combo "EIS + EMET" has not caused any obvious issue on my computer.
Well, at least it has not incurred a BSOD.:D
I would post in the official website of Emsisoft if I could find any obvious compatibility issue between EIS and EMET.;)
 
  • Like
Reactions: JM Safe and LabZero
H

hjlbx

Thank you for your comment.:)
I am currently using the stable version of EIS (i.e., v10), and I have disabled beta updates.
Until now, the combo "EIS + EMET" has not caused any obvious issue on my computer.
Well, at least it has not incurred a BSOD.:D
I would post in the official website of Emsisoft if I could find any obvious compatibility issue between EIS and EMET.;)

If you enable EIS 11 beta, then disable EMET before doing so. Re-enable after required beta reboots (there are up to 2).
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
  • Phishing protection (not part of Emsi security model)

I do not think I could rely on the anti-phising capability of any international antivirus, because the network environment here is very special...
For example, you know, there is no twitter, no facebook, no youtube here...Only a few people have ever used Amazon, Paypal, Skype, etc...
So...some anti-phising techniques of international antivirus programs may work here.:(
When we choose to use the international anti-virus programs instead of the native ones, we have to use the brain-based anti-phising.:p It works well.:D
By the way, I think Bitdefender Traffic Light and Avira Browser Safety can also block some malisious sites.

Virtualization (where is your Sandboxie ???)

I put it in the "other software" category. You know, otherwise it will break down my interesting shorthand.:p
Seriously, I do not want to use a combo called "SEEE".:D
Sandboxie works well with EMET.;)

If you enable EIS 11 beta

I do not want to try a beta program on my real computer. ERP beta might be the only exception.
Maybe I will try it on the virtual machine.
 
Last edited:

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Updates:

- Removed:
  • Emsisoft Internet Security
- Added:
  • Symantec Endpoint Protection
  • Emsisoft Emergency Kit
Recently I have a new problem with EIS: it will block and quarantine my programs written in C++. I guess this is because I use the function scanf to read. Well, I know scanf might not be memory-safe. But I like to use it, since it is simple and effective. My programs will be only used by myself, and I will not attack myself by exploiting my own programs. So such protection of Emsisoft is really annoying for me. That is why I uninstall EIS.

My new configuration can be called "I SEE". In particular,

- I: Still "me":D (my Common Sense).

- S: Symantec Endpoint Protection (unmanaged client).
  • Reduced-size definitions of virus and spyware installed.
  • Virus and Spyware Protection Settings:
    • The level of Bloodhound heuristic virus detection is changed from Automatic to Aggressive.
    • Download Insight:
      • The sensitive level is changed from 5 (Typical) to 6 (High).
      • "Files with no more than 5 users in Symantec Community will be detected as malicious" is enabled
      • "Files known by users in Symantec Community for no more than 2 days will be detected as malicious" is enabled.
    • Outlook Auto-Protect:
      • "Insert a warning into the mail message" is disabled, because I have a really bad experience with a similar function of Bitdefender IS.
    • Internet Email Auto-Protect:
      • "Insert a warning into the mail message" is disabled.
  • Proactive Threat Protection Settings:
    • Sonar
      • Action for low risk detection: changed from Log to Block
    • Suspicious Behavior Detection
      • Action for low risk detection: changed from Log to Prompt
    • System Change Detection
      • Actions for both DNS change detection and host file detection: changed from Log to Prompt
        • Because I often need to modify the host file with notepad manually, I cannot change the actions here to Block.
  • Network Threat Protection:
    • NetBIOS Protection enabled.
    • Anti-Mac Spoofing enabled.
    • Network Applcation Monitoring enabled.
    • Denial of Service (DOS) detection enabled.
    • "Prompt before allowing application traffic" checked.
      • When this option is checked, the firewall of SEP will maintain a whitelist of applications that are allowed to connect to the internet.
      • When a non-whitelisted application tries to connect to the internet, it will be prompted. Users can choose to allow it once or whitelist it permanently (adding a rule for it).
      • This function is very strong. In my tests, I find that a whitelisted application will still be prompted when it is updated. I think the rule sets (whitelist) is not only based on the file paths, but also based on the hash codes, a little like EXE Radar Pro.
      • It seems that non-existent applications will be cleaned automatically, not immediately though. I guess SEP will check the existence of the applications in the whitelist periodically.
    • Stealth Settings are left default, since I find some of them will conflict with some forums in my country.
  • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are excluded in All Scans and Sonar.
- The first E: EXE Radar Pro.
  • Lockdown mode in most cases.
  • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
  • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
  • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
  • I make some customized rules to whitelist some command lines for my printer.
- The second E: EMET.
  • I add Chrome and Firefox to the application list.
  • All options are kept default.
  • Adding EXERadar.exe and ERPSvc.exe to the application list of EMET. I uncheck the options of "EAF" and "Caller" corresponding those two files.
I only have the Chinese version of SEP, and I do not know the English name of many options. So I make this changelog according to the screenshots made by @Umbra and @Piteko21 . Thanks.;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top