Battle Pair Windows Defender With...?

PotentialUser

Level 1
Thread author
May 28, 2020
35
Hello everyone,

This post is going to be long so apologies in advance.

Yesterday I made a post regarding pairing Windows Defender (WD) with HitmanPro.Alert (HMP.A). I received quite a few responses with a plethora of good advice (thank you!) — many of you recommended I give Andy’s Hard_Configurator (H_C) or Configure_Defender a spin. I’ve been looking into this option and have been doing a lot of reading on the program. Andy has been graciously answering my questions regarding the program as well. Once I feel like I completely understand what I’m getting into, I’ll definitely be downloading and configuring it.

I’m a careful person and don’t visit sketchy websites or download programs often. I always keep Windows up to date, don’t unnecessarily install easily exploitable software such as Java or Adobe Flash. I don’t pirate or use cracks. I purchase all software legally and from the publisher’s official website if at all possible. I have a folder in my Downloads called “Monitoring.” Anything I download (docs, EXEs, PDFs, PNGs... literally anything) is downloaded there first, swiftly uploaded to VirusTotal, and kept in that folder for 72 hours. After 72 hours of quarantine, it is once again uploaded to VirusTotal. If it still comes out clean, only then will I interact with the file.

I’m by no means a hardcore user with years of computer science under my belt but I’m also not new to computers. I know my way around some of the hidden settings in Windows, the registry, etc. I also personally tweak the antiviruses I’ve used over the years, train firewall and HIPs, etc. Basically, I usually know what I’m doing; often only needing a simple guide if I get stuck.

But I still don’t want to use WD on its own. Now I know what many of you will say. “You don’t need anything else aside from WD, you’re careful enough” etc. And you’re right. I am careful. I run Emsisoft on the family computer but don’t need a third-party AV on my personal PC as I control it completely. But just because I’m careful doesn’t mean I’m impregnible. Even mainstream platforms can fall prey to attack. Some examples being Spotify, Crunchyroll, etc. I would like something else helping WD in case it doesn’t catch something from a legitimate source that has fallen prey to attack. It’s a rare avenue for infection but it does happen.

I’m interested in finding out what program pairs well with WD? Back in the day, the precursor to WD was Microsoft Security Essentials (MSE) and it paired well with Malwarebytes Premium for decent protection. What is a good combo these days?

I’ve seen people recommend pairing WD with VoodooShield, OSArmor, Malwarebytes Premium, HitmanPro.Alert, and much more. What do you, the experts at MalwareTips, recommend? Feel free to include firewalls such as TinyWall, WFC, etc. Anything you’ve used with WD, please tell me your experience — positive or negative.

My most important requirement is stability. Stability is even more important than protection as WD does a decent job and I’m not a high-risk user. So that means no BSODs, no major conflicts with WD (I’m more than willing to add “exclusions” to both programs so they play nice together), and decent performance. I don’t mind a “heavy” set-up as I have a decent PC but nothing that will slow my computer down to a crawl or completely kill web browsing speed. I have a wired 1Gbps internet speed (up/down) so if it drops down super low, of course that’s not good.

I have Googled for WD combos and found @Protomartyr‘s post on another forum (I believe BleepingComputer) stating his/her combo is WD + Malwarebytes Premium. But I recently noticed his/her config on MT has Malwarebytes real-time modules disabled. So I’m worried about pairing WD with Malwarebytes now. If you see this Protomartyr, please post why you disabled MBAM’s real-time protection. Were there noticeable conflicts (BSODs, program crashes, etc.) or was it just too heavy?

As always, thank you all in advance to any and all advice!
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Most, if not all, potentially harmful files will be delivered to your Downloads folder via your Web browser, or Email client.

For best stability, add extensions to the browser that block harmful sites, ads and trackers, as well as to harden the OS with NVT SysHardener.

If you are not confident with standalone Microsoft Defender, switch to ESET, Emsisoft, Bitdefender or Norton - paid software. Keep it simple.

 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
@PotentialUser - Please consider reading the ConfigureDefender thread to see how the app unlocks the full power and inherent stability of WD. You may read more about, and get, ConfigureDefender here. And remember that Windows 10 includes exploit protection similar to the old EMET, and can be optionally configured to further harden apps and browsers. You can harden the OS with SystemHardener or H_C, if you feel the need. You can add OSArmor or VoodooShield, both of which are efficient, effective solutions to use with WD.

Or you may choose WD + built-in exploit protection alone if you consider the following:

The overall tone of your posts to date suggests that you have a heightened state of awareness that goes beyond being "a safe user". They sound hyper-vigilant. Most everyone on MT use setups beyond what average users employ or are even aware of. Some use what we call "paranoid" setups. Find the setup that is comfortable for you.

I always suggest this: "Stay safe. Not Paranoid!" (y) :D

Edit: I forgot to add that you may use RunBySmartscreen to simplify your application checking prior to or upon installation. This applies Smartscreen system-wide. Together with ConfigureDefender they make a beautiful, update- and system-friendly setup.
 
Last edited:

Tiamati

Level 12
Verified
Top Poster
Well-known
Nov 8, 2016
574
I always suggest this: "Stay safe. Not Paranoid!" (y) :D

The best suggest you'll find here. ;)
...

Now, my opinion; you can pair a second opinion scan to automatically scan your system; i made a thread teaching how to automatically scan your system with EEK. IMHO, EEK it better than malwarebytes as a second opinions scanner, and you can schedule it.

On the other hand, why are you going to use WD? Instead of using all sort of combos, just install bitdefender free. It has all the important features from the paid version, and its fully automated. And - if you really want to be overcautious - add a system hardener like the ones they suggested.
From the more friendly to the less friendly i would suggest this:

SysHardener > H_C > VoodooShielhd
Those are the ones i tested.
 

PotentialUser

Level 1
Thread author
May 28, 2020
35
Thank you to everyone who has answered! I believe I’ll be sticking with a heavily tweaked WD (I PM’d @Andy Ful regarding this) plus periodic secondary-engine scanning (thank you for the thread @Tiamati!)

After reading your responses and playing around with Configure Defender in a VM, I now believe the way I use my system doesn’t call for a secondary active protection if I can get my WD tweaked the way I need it. I’m sure Andy will pull through regarding that.

And like @Spawn said, most malware infiltrates via the browser and email client. I recently found out Sandboxie just went open-source so that is another option to look into. Not sure who is going to (or already has?) picked up the mantle. I wish tzuk came back to develop the program like old times. If anyone has any info regarding the new dev of Sandboxie or where to get their most updated installer, feel free to tag me here or PM me.

Thanks again for all the help all! If anyone still wants to comment on this thread, please feel free. I never tire of learning from knowledgeable people like you all.


@PotentialUser - Please consider reading the ConfigureDefender thread to see how the app unlocks the full power and inherent stability of WD. You may read more about, and get, ConfigureDefender here. And remember that Windows 10 includes exploit protection similar to the old EMET, and can be optionally configured to further harden apps and browsers. You can harden the OS with SystemHardener or H_C, if you feel the need. You can add OSArmor or VoodooShield, both of which are efficient, effective solutions to use with WD.

Or you may choose WD + built-in exploit protection alone if you consider the following:

The overall tone of your posts to date suggests that you have a heightened state of awareness that goes beyond being "a safe user". They sound hyper-vigilant. Most everyone on MT use setups beyond what average users employ or are even aware of. Some use what we call "paranoid" setups. Find the setup that is comfortable for you.

I always suggest this: "Stay safe. Not Paranoid!" (y) :D

Edit: I forgot to add that you may use RunBySmartscreen to simplify your application checking prior to or upon installation. This applies Smartscreen system-wide. Together with ConfigureDefender they make a beautiful, update- and system-friendly setup.

You’re definitely correct. I am hyper-vigilant but that’s not because I’m necessarily paranoid. Paranoia may be part of it but mostly it’s related to what @WhiteMouse said. Anything that can go wrong usually does go wrong at some point or another. I don’t trust my family to take security as seriously as I do, hence why they use a tuned-up EAM on the family PC.

I personally don’t need or want a third-party AV. Nor do I like overloading on a bunch of apps or browser extensions. I like to keep it simple now. But I did initially believe WD may need a supplement. I was wrong. After reading into Microsoft’s Exploit Guard (ASR) and how their Network Protection works, WD can be a beast if configured correctly. Playing around with Configure Defender in a VM definitely hammered that in. That’s why I reached out to Andy via PM since he’s the Windows‘ built-in security guru. :)
 
Last edited:

Protomartyr

Level 7
Sep 23, 2019
314
Currently there are two main forks of Sandboxie development now that the code is open source and has been released.
Granted, each thread is about a Sandboxie Open source project, but this is all they have in common, as both projects have different goals in mind.

Tom's project leans more toward continuity, to keeping the software being what it is. No big changes. Conservative.

On the other hand, David's project is more liberal, he want's to make a lot of changes to Sandboxie.

There are other major differences, Tom will sign his builds, David will not. His builds will get flagged as malware, and Tom's won't. With Tom's build, we will run our computers and use SBIE as we always have, with David's builds you might have to run your computers in test mode or boot with driver signing disabled.

I think the differences in both projects is so clear that there is room for both projects to exist on their own, each project has to offer what it takes to attract their kind of users, and because of that, both deserve their own dedicated thread.

Bo

More info on the changes that are planned for Sandboxie Plus is detailed in this post.

Currently:
 

PotentialUser

Level 1
Thread author
May 28, 2020
35
Currently there are two main forks of Sandboxie development now that the code is open source and has been released.


More info on the changes that are planned for Sandboxie Plus is detailed in this post.

Currently:

Ah, Wilders! I haven’t seen that forum name in forever. I completely forgot to check there regarding Sandboxie. Thank you Protomartyr! I’m definitely interested in Tom’s Sandboxie development. I wish David all the best but for me, Sandboxie is best left with just QOL updates and nothing more.

Hopefully Sandboxie Open Source gets its website and forums live soon!
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Hello everyone,

This post is going to be long so apologies in advance.

Yesterday I made a post regarding pairing Windows Defender (WD) with HitmanPro.Alert (HMP.A). I received quite a few responses with a plethora of good advice (thank you!) — many of you recommended I give Andy’s Hard_Configurator (H_C) or Configure_Defender a spin. I’ve been looking into this option and have been doing a lot of reading on the program. Andy has been graciously answering my questions regarding the program as well. Once I feel like I completely understand what I’m getting into, I’ll definitely be downloading and configuring it.

I’m a careful person and don’t visit sketchy websites or download programs often. I always keep Windows up to date, don’t unnecessarily install easily exploitable software such as Java or Adobe Flash. I don’t pirate or use cracks. I purchase all software legally and from the publisher’s official website if at all possible. I have a folder in my Downloads called “Monitoring.” Anything I download (docs, EXEs, PDFs, PNGs... literally anything) is downloaded there first, swiftly uploaded to VirusTotal, and kept in that folder for 72 hours. After 72 hours of quarantine, it is once again uploaded to VirusTotal. If it still comes out clean, only then will I interact with the file.

I’m by no means a hardcore user with years of computer science under my belt but I’m also not new to computers. I know my way around some of the hidden settings in Windows, the registry, etc. I also personally tweak the antiviruses I’ve used over the years, train firewall and HIPs, etc. Basically, I usually know what I’m doing; often only needing a simple guide if I get stuck.

But I still don’t want to use WD on its own. Now I know what many of you will say. “You don’t need anything else aside from WD, you’re careful enough” etc. And you’re right. I am careful. I run Emsisoft on the family computer but don’t need a third-party AV on my personal PC as I control it completely. But just because I’m careful doesn’t mean I’m impregnible. Even mainstream platforms can fall prey to attack. Some examples being Spotify, Crunchyroll, etc. I would like something else helping WD in case it doesn’t catch something from a legitimate source that has fallen prey to attack. It’s a rare avenue for infection but it does happen.

I’m interested in finding out what program pairs well with WD? Back in the day, the precursor to WD was Microsoft Security Essentials (MSE) and it paired well with Malwarebytes Premium for decent protection. What is a good combo these days?

I’ve seen people recommend pairing WD with VoodooShield, OSArmor, Malwarebytes Premium, HitmanPro.Alert, and much more. What do you, the experts at MalwareTips, recommend? Feel free to include firewalls such as TinyWall, WFC, etc. Anything you’ve used with WD, please tell me your experience — positive or negative.

My most important requirement is stability. Stability is even more important than protection as WD does a decent job and I’m not a high-risk user. So that means no BSODs, no major conflicts with WD (I’m more than willing to add “exclusions” to both programs so they play nice together), and decent performance. I don’t mind a “heavy” set-up as I have a decent PC but nothing that will slow my computer down to a crawl or completely kill web browsing speed. I have a wired 1Gbps internet speed (up/down) so if it drops down super low, of course that’s not good.

I have Googled for WD combos and found @Protomartyr‘s post on another forum (I believe BleepingComputer) stating his/her combo is WD + Malwarebytes Premium. But I recently noticed his/her config on MT has Malwarebytes real-time modules disabled. So I’m worried about pairing WD with Malwarebytes now. If you see this Protomartyr, please post why you disabled MBAM’s real-time protection. Were there noticeable conflicts (BSODs, program crashes, etc.) or was it just too heavy?

As always, thank you all in advance to any and all advice!
Beware: any advanced protection you add, brings along with it potential complications. Not necessarily conflicts, but things you might need to deal with sooner or later.

For instance: VoodooShield is strong protection, and easy to use, and free. But with VS you are likely to encounter safe files that you need, yet they are blocked. This is called "false positives". Voodooshield will help you make a decision on them, but a decision you will need to make.

Another example: Syshardener will block many of the methods used by malware to infect your system, but it will also block certain legitimate tasks that you might want or need to perform. Let's say you have an issue with a certain paid program or service, and you contact their support. They tell you to open a command prompt, or download their file, and follow instructions. Everything they try doesn't work, and they don't have a clue why. It's because of Syshardener. So they will tell you to just reinstall everything, because their troubleshooter was blocked by your security.

I am not coming out against advanced security. But you need to know what you are getting yourself into. It's not a free lunch. These are just two common examples that I gave; there are plenty more. :)
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I agree with the idea with the addition of VoodooShield, nice & simple & I would think you would be bulletproof taking into account the safe way you use your system - I'ts possible to over analyse, WD on it's own is pretty good, the addition of another layer that has very low system impact is helpful, adding Malwarebytes would take you into a higher system impact than a standard AV suite such as KIS for example.
 
Last edited:
F

ForgottenSeer 85179

A lot of stuff is posted here but I wonder if everyone care about real security.
Less code means less attack surface. That's the reason why system internal security mitigations are always better then external solutions.

Also for sandboxie: windows itself provide a sandbox
 

PotentialUser

Level 1
Thread author
May 28, 2020
35
Voodoo Shield Pro added to Windows Defender will offer fabulous protection for the Average Joe.
Alternatively SpyShelter Firewall however you will get a large amount of alerts, so not for the Average Joe
Or Comodo Firewall with CS settings

I used to use Comodo IS back in the day. Their forums used to be pretty packed. There was an old malware tester on YouTube, languy99, who swore by Comodo and was a mod on their forums. I used to watch all of his videos; loved watching AV products battle it out against malware. Some things never change.

Malware testers back then used to be creative and made odd combo videos like [MSE + MBAM Pro] or [NOD32 + Online Armor FW] or the beastly oldschool combo: [avast! Free + Comodo FW/HIPS] and a ton of other weird ones. Now everyone just tests entire security suites. Not sure if it’s due to a lack of good combos now, laziness (since combos require exclusions in both programs and certain FW/HIPs rule tweaks), or because security products are now designed to be less compatible with each other so you buy the company’s product only.

All the old YouTubers need to come back: mrizos, winsevenholic, languy99, Malware Geek, nsm0220, and a bunch of others I cannot remember the names of but are also missed. :(

A lot of stuff is posted here but I wonder if everyone care about real security.
Less code means less attack surface. That's the reason why system internal security mitigations are always better then external solutions.

Also for sandboxie: windows itself provide a sandbox

The only issue I have with Windows 10 sandbox is it boots up an entire VM. It can’t sandbox an individual app like Sandboxie does where it looks all normal but if you go into the corners, the yellow lines indicate it is sandboxed. Please correct me if I’m wrong.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,635
A lot of stuff is posted here but I wonder if everyone care about real security.
Less code means less attack surface. That's the reason why system internal security mitigations are always better then external solutions.

Also for sandboxie: windows itself provide a sandbox
Even if the “internal security mitigations” run in user-mode as opposed to kernel-mode?

Most attackers would probably find it easier to bypass internal security mitigations that run in user-mode then to bypass third party mechanisms that run in kernel-mode, even if extra code is required for the kernel-mode driver.

Consider the security products from XP days that ran in user-mode and compare these to the amazing modern security products that run in kernel-mode.

Real security probably does not run in user-mode, it probably runs in kernel-mode.
 
F

ForgottenSeer 85179

Even if the “internal security mitigations” run in user-mode as opposed to kernel-mode?

Most attackers would probably find it easier to bypass internal security mitigations that run in user-mode then to bypass third party mechanisms that run in kernel-mode, even if extra code is required for the kernel-mode driver.

Consider the security products from XP days that ran in user-mode and compare these to the amazing modern security products that run in kernel-mode.

Real security probably does not run in user-mode, it probably runs in kernel-mode.
Kernel bugs are rarely used nowadays and get fast fixes. Attacker use easy methods with best profit instead of much work.

You can't compare XP with Vista, 7, 8 or 10 ;)
Different kernel('s)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top