Advice Request Other standalone Default-Deny software?

[Moonhorse]

If Comodo works good for you, how's about this for ya: run H_C with the config for Avast Hardened mode. This config is good also for Comodo at CruelSister settings. The big difference here is that the SRP is now set to default/allow, since Comodo is watching your exe files. This way, you probably won't even notice H_C at all. It won't block regular stuff. It will just harden your system.
@Andy Ful might be able to give some details/corrections.

I just installed the H_C, there is the problem i had earlier but its fine...im about to clean up system when 1909 march/april update arrives so i have decided to live with H_C as it is for now

I mainly used comodo firewall to sandbox tor browser/Basilisk , cheers.

Id like to use Windows defender but with either H_C , CF or something else, now its H_C again

The main point i want to have is just avoid installing drivers/ full registry with something useless and keep the OS as clean as possible

 

[oldschool]

The main point i want to have is just avoid installing drivers/ full registry with something useless and keep the OS as clean as possible

It feels like that is the trend around here now.

 

[Moonhorse]

It feels like that is the trend around here now.

Yeah, but even with my 'gaming rig' theres difference between WD and other antiviruses, like comodo makes tons of svchosts running around and WD is just silent in the corner - built in...everything is smoother with WD. And whats the best it wont inject browsers at all

 

[Andy Ful]

...
Would it ever be possible to H_C work as like VS do, set up your computer > snapshot > lockdown

This would be somewhat dangerous because when using for whitelisting, the user could easily whitelist the malware in the user space. The H_C uses a compromise, it simply whitelists by default SystemSpace, where applications are usually installed and system executables are located. Other locations must be controlled and eventually whitelisted by the user. Futhermore, whitelisting the applications (after some training) can take usually less time than making a snapshots.

 

[Andy Ful]

If Comodo works good for you, how's about this for ya: run H_C with the config for Avast Hardened mode. This config is good also for Comodo at CruelSister settings. The big difference here is that the SRP is now set to default/allow, since Comodo is watching your exe files. This way, you probably won't even notice H_C at all. It won't block regular stuff. It will just harden your system.
@Andy Ful might be able to give some details/corrections.

That is right. I can also recommend the setting <Run As SmartScreen> = Standard User. This allows using "Run By SmartScreen" form Explorer context menu, for any file. Files with over 250 potentially dangerous extensions will be blocked, others will be allowed to run/open/play.

 

[ικανότητα]

And whats the best it wont inject browsers at all

The notion that Windows Defender doesn't inject into anything did not come from Microsoft - it's an idea which only security software forum geeks have assumed at their own discretion.

Windows Defender injects into Internet Explorer, Microsoft Edge and Google Chrome to name a few web browsers. It also injects into script interpreter processes if you must know.

 

[oldschool]

Yeah, but even with my 'gaming rig' theres difference between WD and other antiviruses, like comodo makes tons of svchosts running around and WD is just silent in the corner - built in...everything is smoother with WD. And whats the best it wont inject browsers at all

I'm happy that you said this since we here so many negatives about using WD, especially for gaming, even though we know no solution is perfect.

 

[ικανότητα]

Google allows Microsoft to inject Chrome.

Wu... wu… wut did you say ?

Let's not forget the other privileges Microsoft dishes out at their own discretion that leaves others at an unfair position for competition: proper documentation for IOfficeAntivirus & AMSI, Microsoft co-signing, access to ELAM and in the past they milked out thousands for that MS Detours experimental project.

"Huh ? No ! Microsoft are my hero ! Windows security FTW !!!"

Ladies it's all about dominating the market... so far it has worked out for Microsoft pretty well. Microsoft have everyone by the nuts with a very tight grip and if you step out of line they will squeeze until you get your butt back in line. Straight form, no twitching !

Microsoft answer to no one and they sure as heck ain't gonna start answering now whilst everyone is flashing their wallets at them.

 

[17410742]

Any kind of default deny is no good for the reasons shown here. Typical users cannot handle it and do not do well with such things as Appguard, ERP and Voodooshield. Because of the gizmos and spotty record, comodo is even more inappropriate for average users. Plus ERP and Voodooshield are one man operations. One man operations tend to be spread thin that results in spotty update schedules and insufficient product support.



Default allow is much better suited to the average user.

DD is essential in any good security IMO.

if pop-ups are what you think are no good for the average user, use a default-deny like CCAV that runs all untrusted/unknown files automatically sandboxed with no user pop ups.

 

[ικανότητα]

if pop-ups are what you think are no good for the average user, use a default-deny like CCAV that runs all untrusted/unknown files automatically sandboxed with no user pop ups.

Nothing from Comodo is appropriate for the environment of an average user - Comodo do not take their security software solutions seriously and they are designed & developed for security software geeks.

What is an average user going to do when Comodo's famous years-old bugs run out or something inevitably breaks as a result of Comodo ?

Well, what will happen is the average user will have no clue what is going on or what to do and will have to pay someone to sort it out for them.

 

[17410742]

Nothing from Comodo is appropriate for the environment of an average user - Comodo do not take their security software solutions seriously and they are designed & developed for security software geeks.

What is an average user going to do when Comodo's famous years-old bugs run out or something inevitably breaks as a result of Comodo ?

Well, what will happen is the average user will have no clue what is going on or what to do and will have to pay someone to sort it out for them. And hopefully it won't be GeekBuddy.

Spoken like someone who has really tried CCAV lately and/or isnt biased at all.....

if you had, youd know it has no more issues than any other AV but runs a Default-Deny based solution without pop ups.

if pop-ups are the issue, this removes the issue.
if pop-ups arent the issue, there are other DD solutions too.

You speak of average users as completely dumb, if this is the case - they will ignore any pop up or warning from any other antivirus regardless.

 

[ικανότητα]

if you had, youd know it has no more issues than any other AV but runs a Default-Deny based solution without pop ups.

No software is perfect but that doesn't change the fact that Comodo solutions are not crafted to be used by average users. If they were, they would be very different to how they have been in the past and currently are.

One very simple thing to take a look at would be customer support. Comodo's customer support is not good - average users want good customer support and if you aren't going to provide good customer support then you can forget about having a large user-base of average users.

You speak of average users as completely dumb, if this is the case - they will ignore any pop up or warning from any other antivirus regardless.

Default-deny does not tell you whether something is clean or not - it simply blocks or asks you if you want to block.

Average users almost always go for default-allow because it is convenient for them. Less breakages.

With default-allow they will be told if something was considered to be malicious when it is blocked… and even if that happens, they will do exactly what you said and go ahead with it despite the pop-up/warning.

The only way is to be as automatic as you can and provide the user with less controls. Flagged something? Auto-quarantine it. There's a reason vendors like Symantec are doing this off-the-bat. Others like SOPHOS and Cylance have gone to further lengths to restrict control from the average user.

You like Comodo and you like default-deny - average users do not care about either enough hence why neither are prevalent for average users.

 

[bribon77]

Nothing from Comodo is appropriate for the environment of an average user - Comodo do not take their security software solutions seriously and they are designed & developed for security software geeks.

I do not think he is a geek. and I'm using Comodo Firewall with the sister configuration Cruel in W7 and I have no problem

 

[oldschool]

(music playing ... % % % ) Oh where, oh where, ... ... has ... this thread gone? It's gone off-topic for most everyone!

 

[ForgottenSeer 72227]

Yeah, but even with my 'gaming rig' theres difference between WD and other antiviruses, like comodo makes tons of svchosts running around and WD is just silent in the corner - built in...everything is smoother with WD. And whats the best it wont inject browsers at all

+1 the simpler the better for me. I have written off pretty much all 3rd party AV's with the exception of 1 or 2, as there's always something to annoy me. I only want to be notified when something is wrong, not to tell me that it ran a scan and here's your weekly security report.

I'm happy that you said this since we here so many negatives about using WD, especially for gaming, even though we know no solution is perfect.

Absolutely! Nothing is ever truly perfect, hence why it's very important to test and run the program for yourself and see for yourself. I agree with both you and @Moonhorse, WD on both my gaming rig and laptop have had nothing but excellent performance. I know that not everyone has been as lucky, but in my experience from using it, I don't think it's as bad as it's made out to be, but again everyone has to try it for themselves and come to their own conclusions.


Now back to our regular scheduled program!

I know earlier I said that SRP drove me a little crazy, which it did, but as you know I'm stubborn, so once the April update from MS is released, I am going to give it a try again. I think some of my problems was that I was using H_C with a Standard user account, which does work, but if I switch to an Administrator account it, may remedy some of my issues. Plus I am just going to run it using recommended settings only and see how it goes.

 

[oldschool]

I think some of my problems was that I was using H_C with a Standard user account, which does work, but if I switch to an Administrator account it, may remedy some of my issues. Plus I am just going to run it using recommended settings only and see how it goes.

A wise decision in light of your past experience. I first used it with a SUA and I learned from the experience so there was a benefit.

 

[davisd]

What are Voodooshield's pros over AppGuard if free/pro versus paid factor and target environments is ignored for a moment and just talking directly from the functionality and usability perspective, which one offers more solidified inbuilt protection mechanisms against sophisticated threats and would require less user maintenance over time when configured and set properly?

/Time and "knowledge" required to set-up for working, office-like PC doesn't matter, just interested in high tier and robust SRP/Default-Deny. Thanks.

 

[ebocious]

What are Voodooshield's pros over AppGuard if free/pro versus paid factor and target environments is ignored for a moment and just talking directly from the functionality and usability perspective, which one offers more solidified inbuilt protection mechanisms against sophisticated threats and would require less user maintenance over time when configured and set properly?

/Time and "knowledge" required to set-up for working, office-like PC doesn't matter, just interested in high tier and robust SRP/Default-Deny. Thanks.

AppGuard boasts a perfect track record for 20 years. "In 20 years of providing cybersecurity solutions, there has been not one reported breach of our solutions." I've experienced problems with VoodooShield's updating. It throws up an alert, asking you if you want to update. When you click yes, it does nothing, and asks you again later. If you click no, protection shuts off. The software refuses to work until you've installed the latest version; which, lately, seems to necessitate downloading and installing it manually yourself.

Other than being available for free, the only advantage I see in VS is the auto VirusTotal uploader.

 

[Burrito]

Besides Cfw/cs is there any standalone software that is considered Default/Deny or can be configured that way?

Just curious as many here like the concept.

AOL (yes.... that AOL from the 'old days'..) has something called Tech Fortress.

It's powered by AppGuard. Is it just rebranded AppGuard... or licenses the AppGuard engine --- I don't know.

But here it is:
AOL Tech Fortress for AOL Members: Help Stop Computer Threats | AOL MyBenefits

AOL Tech Fortress - MyBenefits

I just poked around the website a little bit...and I think it's $9.99 a month. So that is not inexpensive protection. But maybe there is a more inexpensive way to purchase it.

 

[oldschool]

@ebocious - that's interesting. I have not heard of this before. Have you ever contacted VoodooShield with this issue? I know there are users who run older versions knowingly. VS has always worked well for me.

@0011 - I would guess that the two are not strictly comparable. AppGuard employs a unique and ultra-strong protection that has "... no default deny functionality, ... " (source: AG website), but many would consider it to be D-D in a general sense. And since it is offered in enterprise and small business versions it would be considered "high tier". You might post your specific questions in an AppGuard thread here or at Wilders.