OSA/VS/AG/SAP differences

[ForgottenSeer 823865]

@Umbra I have a few questions if you don't mind.

1) so how Voodoo fits on all this. Acording to what i read, it does have some anti-exploit features (but only the paid version?) along with the anti-exe/white-list feature. Besides that, how the "snapshot" feature would work here? Wouldn't that be an anti-exploit too?

No, VS doesn't have true anti-exploit capabilities, this is just marketing gimmick like many vendors does to boost sales.
However, it has anti-post-exploit capabilities. to be qualified as a true anti-exploit, one must be able to protect the memory space.
VS like other anti-exes don't have this feature.
Anyway VS and anti-exe arent supposed to block exploit, it isn't their scope, they still works well with Win10 Exploit Guard or other anti-exploits like MBAE and HMPA.

2) I'm currently using Bitdefender Internet Security... that has - as far as i know - some anti-exploit features, so do i need MBAE ou HMPA still? If so, can i use the beta version from MBAE without worries? And if i use MBAE, do i still need to harden OS trough SysH. or H_C?

I never used BD, but if it has real anti-exploit capabilities, then you dont need MBAE or HMPA. If it has i would avoid adding MBAE to avoid potential conflicts.
if you use MBAE (must be without BDIS) then yes, you can use SH or HC (better H_C than SH btw).
i rather use this combo than BDIS: Windows Defender + MBAE/MBAM + H_C.

3) On the other side, using only Voodooh free version would add any benefit to my system, considering it's already protected by bitidefender?

yes and no. Yes because it has its reputation querry feature and no if you learn how to tweak BDIS. btw, dont use the free version, it is useless, no access to settings, you my ask its dev for a testing license, he used to offer many to forum members.

4) Comodo firewall default setting would be enough as a substitute for Vodooh? If not, Cruelsister config would be enough?

HIPS are superior to any anti-exe, they monitor more stuff like dlls, drivers, etc...i was a big fan of Comodo back in the days of v5-6, if you learn how to use it, you wont need anything else. I used to use it heavily tweaked and in paranoid mode.
Cruelsister config is ok for new users but it is not the maximum protection you can get since she relies a lot on the sandbox and not on the HIPS (which was Comodo main value)

 

[Tiamati]

VS like other anti-exes don't have this feature.
Anyway VS and anti-exe arent supposed to block exploit, it isn't their scope, they still works well with Windows 10 Exploit Guard or other anti-exploits like MBAE and HMPA.

But the windows 10 exploit guard can be used despite windows defender is off and BIS on?

HIPS are superior to any anti-exe, they monitor more stuff like dlls, drivers, etc...i was a big fan of Comodo back in the days of v5-6, if you learn how to use it, you wont need anything else. I used to use it heavily tweaked and in paranoid mode.
Cruelsister config is ok for new users but it is not the maximum protection you can get since she relies a lot on the sandbox and not on the HIPS (which was Comodo main value)

I liked COMODO when o used... But it had too many popups. IDK how they are going now.

yes and no. Yes because it has its reputation querry feature and no if you learn how to tweak BDIS. btw, dont use the free version, it is useless, no access to settings, you my ask its dev for a testing license, he used to offer many to forum members.

I tried to tweak BIS a few times but never found something that could be similar to an anti-exe or anti exploit

Ty for you help

 

[Andy Ful]

Tiamati,
Using H_C in default-deny setup alongside OSArmor is useless in the home environment. H_C will block anything before OSArmor could react.
There is a possibility to use them both when H_C is set to allow EXE files. But, this will be a highly overlapping setup, too. Furthermore, as @ErzCrz already mentioned, if you block PowerShell in OSArmor, then some H_C functionality will be blocked (ConfigureDefender will not work properly).

Reading your posts, I have the impression that you seek the best way to make your computer hardly usable.
If I could advise you something, then simply use the AV you like and add one of the mentioned solutions (SH, OSA, VS, AG or H_C).

 

[Tiamati]

Tiamati,
Using H_C in default-deny setup alongside OSArmor is useless in the home environment. H_C will block anything before OSArmor could react.
There is a possibility to use them both when H_C is set to allow EXE files. But, this will be a highly overlapping setup, too. Furthermore, as @ErzCrz already mentioned, if you block PowerShell in OSArmor, then some H_C functionality will be blocked (ConfigureDefender will not work properly).

Ty @Andy Ful!!

Reading your posts, I have the impression that you seek the best way to make your computer hardly usable.
If I could advise you something, then simply use the AV you like and add one of the mentioned solutions (SH, OSA, VS, AG or H_C).

No, I would like a good setup without intrusive changes that may difficult using the PC... But a lot of questions i do is to learn more about them, so i can start to learn more by myself later. Most part is curiosity !

 

[bribon77]

Well, all the solutions mentioned above are good, I would highlight H_C, it is an excellent program with WD, it is tremendous, the other would be comfortable with the CS configuration, it is good enough to use it alone, if you understand how it works, although you can combine with an AV.
What you can't do is use them all at the same time since your machine can explode.

 

[ForgottenSeer 823865]

Proper security doesn't come from the number of software you use but how you combine one with your skills.