Online_Sword's Security Configuration ("I SEE" combo)

Windows Edition
Pro
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
- Symantec Endpoint Protection 12.1.6 MP3 (Firewall included)
- EXE Radar Pro v3.1
- EMET 5.5
Firewall security
Periodic malware scanners
- MalwareBytes AntiMalware Free 2.2
- Emsisoft Emergency Kit 11.0
Malware sample testing
Browser(s) and extensions
- Chrome (Adblock + HTTPS Everywhere + Bitdefender Trafficlight)
- Firefox (ublock origin + HTTPS Everywhere + Avira Browser Safety)
Maintenance tools
CCleaner

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
I would like to call my current configuration "I SEE":p. In particular,

- I: Just "me":D (my Common Sense).

- S: Symantec Endpoint Protection (unmanaged client).
  • Reduced-size definitions of virus and spyware installed.
  • Virus and Spyware Protection Settings:
    • The level of Bloodhound heuristic virus detection is changed from Automatic to Aggressive.
    • Download Insight:
      • The sensitive level is changed from 5 (Typical) to 6 (High).
      • "Files with no more than 5 users in Symantec Community will be detected as malicious" is enabled
      • "Files known by users in Symantec Community for no more than 2 days will be detected as malicious" is enabled.
    • Outlook Auto-Protect:
      • "Insert a warning into the mail message" is disabled, because I have a really bad experience with a similar function of Bitdefender IS.
    • Internet Email Auto-Protect:
      • "Insert a warning into the mail message" is disabled.
  • Proactive Threat Protection Settings:
    • Sonar
      • Action for low risk detection: changed from Log to Block
    • Suspicious Behavior Detection
      • Action for low risk detection: changed from Log to Prompt
    • System Change Detection
      • Actions for both DNS change detection and host file detection: changed from Log to Prompt
        • Because I often need to modify the host file with notepad manually, I cannot change the actions here to Block.
  • Network Threat Protection:
    • NetBIOS Protection enabled.
    • Anti-Mac Spoofing enabled.
    • Network Applcation Monitoring enabled.
    • Denial of Service (DOS) detection enabled.
    • "Prompt before allowing application traffic" checked.
      • When this option is checked, the firewall of SEP will maintain a whitelist of applications that are allowed to connect to the internet.
      • When a non-whitelisted application tries to connect to the internet, it will be prompted. Users can choose to allow it once or whitelist it permanently (adding a rule for it).
      • This function is very strong. In my tests, I find that a whitelisted application will still be prompted when it is updated. I think the rule sets (whitelist) is not only based on the file paths, but also based on the hash codes, a little like EXE Radar Pro.
      • It seems that non-existent applications will be cleaned automatically, not immediately though. I guess SEP will check the existence of the applications in the whitelist periodically.
  • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are excluded in All Scans and Sonar.
- The first E: EXE Radar Pro.
  • Lockdown mode in most cases.
  • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
  • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
  • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
  • I make some customized rules to whitelist some command lines for my printer.
- The second E: EMET.
  • I add Chrome and Firefox to the application list.
  • All options are kept default.
  • Adding EXERadar.exe and ERPSvc.exe to the application list of EMET. I uncheck the options of "EAF" and "Caller" corresponding those two files.
Just like some other users of SD in MT, I also only use Shadow Defender on demand.
 
Last edited:

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Might consider 0e or two more on demand scanners
Some type of backup solution
CCleaner or Privazer if not already installed
Consider uBlock in place of ABD & HTTPS Everywhere in Chrome
 

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Might consider 0e or two more on demand scanners
Some type of backup solution
CCleaner or Privazer if not already installed
Consider uBlock in place of ABD & HTTPS Everywhere in Chrome
Thank you for all your advices:)

Actually I am using CCleaner Free, but just forget to mention it when I create this post. I have updated the fields.

I think that the on-access scanner of Avira is very sensitive, so maybe I don't need one more on-demand scanner. Too many scanners will make me just forget them.;)

I have a habit of backing up the important data frequently and manually, so the backup softwares won't be considered.

I have ever used "HTTPS Everywhere", but find that it will conflict with IEEEXplore. When I visited IEEEXplore with this plugin, IEEEXplore said that it cannot detect the cookie and display no literature. So I have to uninstall it.:(
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
You can add another browser Mozilla based in case you have a problem with Chrome;)
 
  • Like
Reactions: Online_Sword

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

Other than that you should fine with Sandboxie and Avira Pro.
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

Other than that you should fine with Sandboxie and Avira Pro.

Thanks for your suggestion:). In the past, I downloaded and tested the samples in VMware Player, but I finally uninstalled it since at that time, I suspected that the virtual network cards installed by VM stopped me from automatically obtaining an IPv6 address. (Finally, I found that I was wrong. The reason why I could not get an IPv6 address is due to BD's firewall setting:(). Maybe I will re-install VM later.
 

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
August 10, 2015:

Replacing Bitdefender Internet Security 2015 with Norton Internet Security 22.5 (the latest version).

Norton Identity Safe is disabled since I prefer to managing the account information by myself.

Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

Norton Toolbar is disabled since it conflicts with Sandboxie.
 
Last edited:
  • Like
Reactions: Enju

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Did you uninstall BD because of the bugs?

No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply:).
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply:).
Are you from China by any chance? :p
BD support is quite good if you get the right employee, but Symantec has topped it in almost any case I required something from them.
 
  • Like
Reactions: Online_Sword

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Yes, you are right:D


I wonder whether I would get a better service if I purchase a regular license of Bitdefender (I was using a promo license in the past).
Are you active on Kafan? :D
I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.
 
  • Like
Reactions: Online_Sword

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Are you active on Kafan? :D
I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.

I think I am far from "active" in kafan.
I might have more posts here than in kafan.:D
 
  • Like
Reactions: Enju

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Updates in Aug 13, 2015:

  • Upgrade Sandboxie to the paid version.
  • Disable Norton Toolbar as it conflicts with Sandboxie.
  • Add Bitdefender Trafficlight to Chrome since Norton toolbar has been disabled.
 

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Updates in Sep 4, 2015:

Added:
+ Spyshelter Free 10.1
+ Shadow Defender 1.4
Norton Identity Safe is disabled since I prefer to managing the account information by myself.

Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

Norton Toolbar is disabled since it conflicts with Sandboxie.

Excluding the full folder of Spyshelter Free from the real-time scanning and Sonar of Norton Internet Security.

Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

Hooks Guards of the Spyshelter Keystroke Encryption module is set to the "Better compatibility mode".

Changing the policy of Spyshelter for "Certified Application" to "Allow all - High security level".

Disabling "Allow terminating Spyshelter via Task Manager".

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and the documents folder are excluded from Shadow Defender.
 
Last edited:
  • Like
Reactions: Sr. Normal

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Updates in Sep 4, 2015:

Added:
+ Spyshelter Free 10.1
+ Shadow Defender 1.4​

Excluding the full folder of Spyshelter Free from the real-time scanning and sonar of Norton Internet Security.

Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

Hooks Guards of the Keystroke Encryption module is set to the "Better compatibility mode".

Change the policy for "Certified Application" to "Allow all - High security level".

Disable "Allow terminating Spyshelter via Task Manager".

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and documents folder are excluded from Shadow Defender.
Some good additions right there. ;)
 

Online_Sword

Level 12
Thread author
Verified
Honorary Member
Top Poster
Well-known
Mar 23, 2015
555
Updates:

Removed:
  • Norton Internet Security
  • Spyshelter Free
Added:
  • Emsisoft Internet Security
  • EXE Radar Pro
  • EMET
Changed:
  • Adblock Plus (Firefox) to uBlock Origin (Firefox). I still keep Adblock in Chrome.

I should say that my previous combo "Norton + Spyshelter" runs very well on my computer.
But, sometimes I really want to make some change.:p I just want to try some "interesting" combos.
I think many MT members can understand my feeling.:D

My new configuration is interesting, partially because it has an interesting shorthand "IEEE". In particular,

- I: Just "me":D (my Common Sense).​

- The first E: Emsisoft Internet Security.
  • AMN is enabled.
  • All notifications except computer restart notification and removable device notification are disabled.
  • In Surf Protection, Privacy risks are "Blocked silently".
  • In File Guard, PUP detection is set to "Alert".
  • The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are whitelisted in both Scanner, File Guard, and Behavior Blocker.
- The second E: EXE Radar Pro.
  • Lockdown mode in most cases.
  • Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
  • External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
  • Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
  • I make some customized rules to whitelist some command lines for my printer.
- The third E: EMET.
  • I add Chrome and Firefox to the application list.
  • All options are kept default.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top