PotentialUser

Level 1
May 28, 2020
35
Hello everyone,

This post is going to be long so apologies in advance.

Yesterday I made a post regarding pairing Windows Defender (WD) with HitmanPro.Alert (HMP.A). I received quite a few responses with a plethora of good advice (thank you!) — many of you recommended I give Andy’s Hard_Configurator (H_C) or Configure_Defender a spin. I’ve been looking into this option and have been doing a lot of reading on the program. Andy has been graciously answering my questions regarding the program as well. Once I feel like I completely understand what I’m getting into, I’ll definitely be downloading and configuring it.

I’m a careful person and don’t visit sketchy websites or download programs often. I always keep Windows up to date, don’t unnecessarily install easily exploitable software such as Java or Adobe Flash. I don’t pirate or use cracks. I purchase all software legally and from the publisher’s official website if at all possible. I have a folder in my Downloads called “Monitoring.” Anything I download (docs, EXEs, PDFs, PNGs... literally anything) is downloaded there first, swiftly uploaded to VirusTotal, and kept in that folder for 72 hours. After 72 hours of quarantine, it is once again uploaded to VirusTotal. If it still comes out clean, only then will I interact with the file.

I’m by no means a hardcore user with years of computer science under my belt but I’m also not new to computers. I know my way around some of the hidden settings in Windows, the registry, etc. I also personally tweak the antiviruses I’ve used over the years, train firewall and HIPs, etc. Basically, I usually know what I’m doing; often only needing a simple guide if I get stuck.

But I still don’t want to use WD on its own. Now I know what many of you will say. “You don’t need anything else aside from WD, you’re careful enough” etc. And you’re right. I am careful. I run Emsisoft on the family computer but don’t need a third-party AV on my personal PC as I control it completely. But just because I’m careful doesn’t mean I’m impregnible. Even mainstream platforms can fall prey to attack. Some examples being Spotify, Crunchyroll, etc. I would like something else helping WD in case it doesn’t catch something from a legitimate source that has fallen prey to attack. It’s a rare avenue for infection but it does happen.

I’m interested in finding out what program pairs well with WD? Back in the day, the precursor to WD was Microsoft Security Essentials (MSE) and it paired well with Malwarebytes Premium for decent protection. What is a good combo these days?

I’ve seen people recommend pairing WD with VoodooShield, OSArmor, Malwarebytes Premium, HitmanPro.Alert, and much more. What do you, the experts at MalwareTips, recommend? Feel free to include firewalls such as TinyWall, WFC, etc. Anything you’ve used with WD, please tell me your experience — positive or negative.

My most important requirement is stability. Stability is even more important than protection as WD does a decent job and I’m not a high-risk user. So that means no BSODs, no major conflicts with WD (I’m more than willing to add “exclusions” to both programs so they play nice together), and decent performance. I don’t mind a “heavy” set-up as I have a decent PC but nothing that will slow my computer down to a crawl or completely kill web browsing speed. I have a wired 1Gbps internet speed (up/down) so if it drops down super low, of course that’s not good.

I have Googled for WD combos and found @Protomartyr‘s post on another forum (I believe BleepingComputer) stating his/her combo is WD + Malwarebytes Premium. But I recently noticed his/her config on MT has Malwarebytes real-time modules disabled. So I’m worried about pairing WD with Malwarebytes now. If you see this Protomartyr, please post why you disabled MBAM’s real-time protection. Were there noticeable conflicts (BSODs, program crashes, etc.) or was it just too heavy?

As always, thank you all in advance to any and all advice!
 

Local Host

Level 24
Verified
Top poster
Well-known
Sep 26, 2017
1,397
Kernel bugs are rarely used nowadays and get fast fixes. Attacker use easy methods with best profit instead of much work.

You can't compare XP with Vista, 7, 8 or 10 ;)
Different kernel('s)
Windows Defender is the number one target and easy to bypass, due to coming pre-installed with Windows 10.

I would say ~90% of malware is aware of WD nowadays, developers are more lazy to try and bypass third-party AVs rather than WD.
 

danb

From VoodooShield
Verified
Top poster
Developer
Well-known
May 31, 2017
1,128
Kernel bugs are rarely used nowadays and get fast fixes. Attacker use easy methods with best profit instead of much work.

You can't compare XP with Vista, 7, 8 or 10 ;)
Different kernel('s)
Kernel bugs / exploits are just one issue… there are tons of other reasons security software should run in kernel-mode, here are a few…



What a lot of people do not realize is that most kernel-mode drivers are simply modified versions of official Microsoft kernel-mode driver templates, so they too are essentially “internal security mitigations”.

There is absolutely nothing wrong with starting in user-mode while developing a security product, but at some point it is probably best to venture into kernel land.
 

HarborFront

Level 60
Verified
Top poster
Content Creator
Oct 9, 2016
4,910
The only issue I have with Windows 10 sandbox is it boots up an entire VM. It can’t sandbox an individual app like Sandboxie does where it looks all normal but if you go into the corners, the yellow lines indicate it is sandboxed. Please correct me if I’m wrong.

Yup, just tried it. Pretty limited. If you copy the exe shortcut of your browser from the main desktop and paste into the virtual desktop it simply won't work

If you want to use a browser other than Edge, you need to install it. You need to transfer your bookmarks and re-install your favorite browser extensions and add-ins. No bookmarks get saved. No extensions or add-ins get saved.

However, you can

run single exe portable files like AdwCleaner, SumatraPDF etc (i.e. no exe shortcuts). Portable apps which extracted to many files cannot be run.
install and run software like browser etc

in the sandbox without issue
 
Last edited:

valvaris

Level 5
Verified
Well-known
Jul 26, 2015
224
I myself use - WD with Glasswire in "Ask to Connect" mode plus WD Application Guard - Microsoft Edge Chromium with UBlock (Advanced Mode) - That covers my Layer 7 needs.

As for Network Protection I use a Mikrotik Router as my Home Router (RB4011) and another with The Dude (hEX S with SD Card) for Network Monitoring. The Rules in the Firewall in use are in the MIkrotik Forums -> [Share] - Router Config with Firewall (Tcp/Udp) Filter - MikroTik

Best Regards
Val.
 

Back3

Level 9
Apr 14, 2019
438
My basic setup for the last 2 years has been Windows Defender with Configure Defender ( High) and the firewall rules of SysHardener, I make an image of that setup with Macrium Free. This is the system I use when I upgrade Windows.
To that structure, I have added Comodo Firewall at Cs settings for over a year but I have never upgraded Windows with Comodo or other security apps on board.
Nowadays, I still have my basic setup with Voodooshield Free and SWH with only Windows Hardening.
 

HarborFront

Level 60
Verified
Top poster
Content Creator
Oct 9, 2016
4,910
@PotentialUser

Since you are using Emsisoft with WD they already make a good combo pair against malware attacks.

You don't require another firewall since Emsisoft's firewall sits on top of Windows default firewall.

My suggestions for hardening of security/privacy would be to

1) Harden your Windows OS
2) Harden your system
3) Harden you browser(s)

Try these

Shadow Defender - I think there's some free lifetime promotion ongoing. Search for it
Sandboxie or Sandboxie Plus - free
Virtualbox - free

and run a reputable paid VPN

If you are uncomfortable with your mainstream malware protection's adequacy try the AI-driven WiseVector StopX. It works ok with WD but not sure whether it'll clash with Emsisoft
 
Last edited:
Top