Slyguy

Level 43
Panda Advanced Premium (w/SG Settings) + Syshardener (executed) and OSArmor is my combo deployed to literally every family/friend outside of my home.

So far no infections and no complaints. It's fire and forget, cheap as hell for unlimited devices, and in the above configuration vastly protective enough for the average Joe, Senior Citizen, troublemaker kids.
 

RodM1956

Level 4
We've got Panda in the lab this week and I am playing with settings and tweaks in my home lab.

So far - they've fixed all of the bugs I reported to them months ago, such as;

  1. Notifications not popping. (be sure to have Win10 notifications on)
  2. Stalling on unknown processes accessing X folders.
  3. Stalling on unknown processes modifying X files.
  4. Broken firewall policy hierarchy under some conditions.
  5. Port amount limitations on blacklisting.
  6. GUI lag.

Also note, they appear to have make the product a good bit lighter to the point it feels about as lightweight as anything I have tried lately. I will elaborate more later, but I'm calling these settings "PA w/SG". A blatant ripoff of CF w/CS. These settings utilize knowledge of firewalls and cascading policies as well as exploiting the application control and data shield aspects of the product to help harden the system. Upon setup make the following changes - to which I will elaborate more on later, including screenshots, and maybe a video of some testing.

Here's what we did. (Please note, these tweaks aren't available on the free version of Panda)

  1. Scroll the interface down to the firewall button, click it, set it to PUBLIC.
  2. Click the gear in the upper right to access firewall settings.
  3. Go to the RULES section, ADD new rule. Select "ALL Inbound and Outbound", BLOCK, then enter a large list of normal Trojan Ports then make this rule the TOP RULE in the policy list. (I will provide detailed instructions later)
  4. Go to DATASHIELD, set 'BLOCK' for unknown applications accessing files. Then go up and enter a list of file extensions we created. Then set the directory to the ROOT 'C:\'
  5. Go to APPLICATION CONTROL, set it to deny accessing data for all unknown processes.

So what this does is

  1. Prevents all processes from ingress/egress out all commonly exploited ports. (21, 22,23, whatever) Further strengthening the system via the firewall as the first policy in the cascade preventing all malware-like port activity on the system.
  2. Sets your Windows Drive (C:\) as a fully protected drive under DATASHIELD. Sets all generally used file types as protected file types. Then designates those files as off-limits for all unknown/unclassified processes. We've included DLL's, INI, Script Engines, Powershell, Batches and everything else in this list.
  3. Automatically block unknown applications/processes from accessing all protected areas of the system. (Application Control)

So far the results are quite nice. In testing we created an executable designed to go around the system and modify some files. (INI, BAT, DLL etc) Then we attempted to launch this file and run the modification scripts which were all denied. We setup a script to launch this file repeatedly, over and over to flood Panda, and it successfully blocked it. We then set this file up to trigger on launch and modify random files on boot, which was successfully blocked without any system degradation or stuttering. We used a penetration test tool to attempt to ex-filtrate data out from the system. SSH, Telenet, BO, etc. All of those were blocked by the Panda firewall because at the top of the policy list are blocking for all 'generally' used malware ports.

Next we will test ITW malware and see how effective these modifications are. Also, we're looking into setting the firewall up to block ALL PORTS except explicitly needed ones (53, 80, 8080, 443, 4443, whatever whitelisted then block everything else) This would be trickier to setup as virtually every game/application/system has to be factored to create a master whitelist, but would provide impressive system protection once completed.

SlyGuy is it possible to get your Panda Dome "Complete" settings in a file (You export the file, and I import the same file to my PC).
If so, Thanks...Easier to import the settings, that going thru all those settings by hand.
 

davisd

Level 2
Verified
5) Go to APPLICATION CONTROL, set it to deny accessing data for all unknown processes.
3) Automatically block unknown applications/processes from accessing all protected areas of the system. (Application Control)
I do it this way, so scripts cannot even run in the first place. Yes, it's not really a perfect method as current Application Control doesn't have wildcard support/edit/search options, and it has resizing bug in which you cannot see full paths added so you might have difficulties adding other LOLBins, but I see a great potential in it.

js.png

js1.png
 

oldschool

Level 55
Verified
Can I ask would Panda Dome Advanced + MBAE + Windows Exploit Protection provide similar protection as Panda + OS Armor? From reading this thread I take that OS Armor is added because of its superior protection against scripts.
First, I can tell you that MBAE will conflict with native Exploit Protection or you will get a warning each time you open the browser, at least.

Second, I can't compare your proposed setup to Panda + OSA, but I will say OSA offers a wider range of coverage and better protection overall.

You can always try your proposed setup and see for yourself, and later try the other one.

BTW: I don't know if OSA will conflict with Exploit Protection or not. That question is above my pay grade.
 

Cortex

Level 22
Verified
Does Dome still have major issues with Shadow Defender, the reason I stopped using it? It wasn't to happy with a VPN or did I dream that
 
Top