Online_Sword's Security Configuration ("I SEE" combo)

[Online_Sword]

I would like to call my current configuration "I SEE". In particular,

- I: Just "me" (my Common Sense).

- S: Symantec Endpoint Protection (unmanaged client).

• Reduced-size definitions of virus and spyware installed.

• Virus and Spyware Protection Settings:
  • The level of Bloodhound heuristic virus detection is changed from Automatic to Aggressive.
  • Download Insight:
    • The sensitive level is changed from 5 (Typical) to 6 (High).
    • "Files with no more than 5 users in Symantec Community will be detected as malicious" is enabled
    • "Files known by users in Symantec Community for no more than 2 days will be detected as malicious" is enabled.
  • Outlook Auto-Protect:
    • "Insert a warning into the mail message" is disabled, because I have a really bad experience with a similar function of Bitdefender IS.
  • Internet Email Auto-Protect:
    • "Insert a warning into the mail message" is disabled.

• Proactive Threat Protection Settings:
  • Sonar
    • Action for low risk detection: changed from Log to Block
  • Suspicious Behavior Detection
    • Action for low risk detection: changed from Log to Prompt
  • System Change Detection
    • Actions for both DNS change detection and host file detection: changed from Log to Prompt
      • Because I often need to modify the host file with notepad manually, I cannot change the actions here to Block.

• Network Threat Protection:
  • NetBIOS Protection enabled.
  • Anti-Mac Spoofing enabled.
  • Network Applcation Monitoring enabled.
  • Denial of Service (DOS) detection enabled.
  • "Prompt before allowing application traffic" checked.
    • When this option is checked, the firewall of SEP will maintain a whitelist of applications that are allowed to connect to the internet.
    • When a non-whitelisted application tries to connect to the internet, it will be prompted. Users can choose to allow it once or whitelist it permanently (adding a rule for it).
    • This function is very strong. In my tests, I find that a whitelisted application will still be prompted when it is updated. I think the rule sets (whitelist) is not only based on the file paths, but also based on the hash codes, a little like EXE Radar Pro.
    • It seems that non-existent applications will be cleaned automatically, not immediately though. I guess SEP will check the existence of the applications in the whitelist periodically.

• The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are excluded in All Scans and Sonar.

- The first E: EXE Radar Pro.

• Lockdown mode in most cases.
• Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
• External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
• Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
• I make some customized rules to whitelist some command lines for my printer.

- The second E: EMET.

• I add Chrome and Firefox to the application list.
• All options are kept default.
• Adding EXERadar.exe and ERPSvc.exe to the application list of EMET. I uncheck the options of "EAF" and "Caller" corresponding those two files.

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

 

[Exterminator]

Might consider 0e or two more on demand scanners
Some type of backup solution
CCleaner or Privazer if not already installed
Consider uBlock in place of ABD & HTTPS Everywhere in Chrome

 

[Online_Sword]

Might consider 0e or two more on demand scanners
Some type of backup solution
CCleaner or Privazer if not already installed
Consider uBlock in place of ABD & HTTPS Everywhere in Chrome

Thank you for all your advices

Actually I am using CCleaner Free, but just forget to mention it when I create this post. I have updated the fields.

I think that the on-access scanner of Avira is very sensitive, so maybe I don't need one more on-demand scanner. Too many scanners will make me just forget them.

I have a habit of backing up the important data frequently and manually, so the backup softwares won't be considered.

I have ever used "HTTPS Everywhere", but find that it will conflict with IEEEXplore. When I visited IEEEXplore with this plugin, IEEEXplore said that it cannot detect the cookie and display no literature. So I have to uninstall it.

 

[tonibalas]

You can add another browser Mozilla based in case you have a problem with Chrome

 

[jamescv7]

Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

Other than that you should fine with Sandboxie and Avira Pro.

 

[Online_Sword]

You can add another browser Mozilla based in case you have a problem with Chrome

Thank you for your advice. I will try Firefox when I have a problem with Chrome.

 

[Online_Sword]

Since you mentioned of downloading malware samples and phishing highly suggest to conduct them in isolated environment like Virtualbox or use a junk computer upon testing.

Other than that you should fine with Sandboxie and Avira Pro.

Thanks for your suggestion. In the past, I downloaded and tested the samples in VMware Player, but I finally uninstalled it since at that time, I suspected that the virtual network cards installed by VM stopped me from automatically obtaining an IPv6 address. (Finally, I found that I was wrong. The reason why I could not get an IPv6 address is due to BD's firewall setting). Maybe I will re-install VM later.

 

[Online_Sword]

August 10, 2015:

Replacing Bitdefender Internet Security 2015 with Norton Internet Security 22.5 (the latest version).

Norton Identity Safe is disabled since I prefer to managing the account information by myself.

Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

Norton Toolbar is disabled since it conflicts with Sandboxie.

 

[Enju]

August 10, 2015:

Replacing Bitdefender Internet Security 2015 with Norton Internet Security 22.5 (the latest version).

Did you uninstall BD because of the bugs?

 

[Online_Sword]

Did you uninstall BD because of the bugs?

No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply.

 

[Enju]

No. I uninstall it just because I want to try Norton, which recently becomes really popular and hot in some security forums in my country.
In fact, I have encountered many bugs of Bitdefender until now. But most of them are solved by contacting the staff, although I have to wait a long time for their reply.

Are you from China by any chance?
BD support is quite good if you get the right employee, but Symantec has topped it in almost any case I required something from them.

 

[Online_Sword]

Are you from China by any chance

Yes, you are right

BD support is quite good if you get the right employee

I wonder whether I would get a better service if I purchase a regular license of Bitdefender (I was using a promo license in the past).

 

[Enju]

Yes, you are right


I wonder whether I would get a better service if I purchase a regular license of Bitdefender (I was using a promo license in the past).

Are you active on Kafan?
I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.

 

[Online_Sword]

Are you active on Kafan?
I don't think BD distinguishes promo and retail licenses, I have contacted them with both types and had mixed experiences with them.

I think I am far from "active" in kafan.
I might have more posts here than in kafan.

 

[JM Safe]

For me, Norton is better than BD, also for the reasons you mentioned, I think that BD is getting worse respect to the previuos versions. Thx for sharing it @Online_Sword

 

[Deleted member 178]

Approved by Staff

 

[Online_Sword]

Updates in Aug 13, 2015:

• Upgrade Sandboxie to the paid version.
• Disable Norton Toolbar as it conflicts with Sandboxie.
• Add Bitdefender Trafficlight to Chrome since Norton toolbar has been disabled.

 

[Online_Sword]

Updates in Sep 4, 2015:

Added:

+ Spyshelter Free 10.1
+ Shadow Defender 1.4
​

Norton Identity Safe is disabled since I prefer to managing the account information by myself.

Norton Anti-Spam is disabled because I have some bad experience with Bitdefender Anti-Spam, which by default blocks any email written in Asian character.

Norton Toolbar is disabled since it conflicts with Sandboxie.

Excluding the full folder of Spyshelter Free from the real-time scanning and Sonar of Norton Internet Security.

Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

Hooks Guards of the Spyshelter Keystroke Encryption module is set to the "Better compatibility mode".

Changing the policy of Spyshelter for "Certified Application" to "Allow all - High security level".

Disabling "Allow terminating Spyshelter via Task Manager".

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and the documents folder are excluded from Shadow Defender.

 

[frogboy]

Updates in Sep 4, 2015:

Added:

+ Spyshelter Free 10.1
+ Shadow Defender 1.4​

Excluding the full folder of Spyshelter Free from the real-time scanning and sonar of Norton Internet Security.

Excluding the full folders of "Program Files (x86)\Norton Internet Security" and "Program Data\Norton" from Spyshelter Free.

Hooks Guards of the Keystroke Encryption module is set to the "Better compatibility mode".

Change the policy for "Certified Application" to "Allow all - High security level".

Disable "Allow terminating Spyshelter via Task Manager".

Just like some other users of SD in MT, I also only use Shadow Defender on demand.

The folders "Program Files (x86)\Norton Internet Security", "Program Data\Norton", and documents folder are excluded from Shadow Defender.

Some good additions right there.

 

[Online_Sword]

Updates:

Removed:

• Norton Internet Security
• Spyshelter Free

Added:

• Emsisoft Internet Security
• EXE Radar Pro
• EMET

Changed:

• Adblock Plus (Firefox) to uBlock Origin (Firefox). I still keep Adblock in Chrome.

I should say that my previous combo "Norton + Spyshelter" runs very well on my computer.
But, sometimes I really want to make some change. I just want to try some "interesting" combos.
I think many MT members can understand my feeling.

My new configuration is interesting, partially because it has an interesting shorthand "IEEE". In particular,

- I: Just "me" (my Common Sense).​

- The first E: Emsisoft Internet Security.

• AMN is enabled.
• All notifications except computer restart notification and removable device notification are disabled.
• In Surf Protection, Privacy risks are "Blocked silently".
• In File Guard, PUP detection is set to "Alert".
• The program folders of EXE Radar Pro, Sandboxie and Shadow Defender are whitelisted in both Scanner, File Guard, and Behavior Blocker.

- The second E: EXE Radar Pro.

• Lockdown mode in most cases.
• Disable new version notification. (Otherwise it continues to notify me that v3.0 stable is released.)
• External Devices: I check the option "Block processes executed from USBs". The other options are not checked because I do not have a CD-Rom drive, a network drive or a Ram disk.
• Lockdown mode: Here I tick the option "Ask user what to do" for vulnerable processes.
• I make some customized rules to whitelist some command lines for my printer.

- The third E: EMET.

• I add Chrome and Firefox to the application list.
• All options are kept default.