Parsh's Layered Config

[Parsh]

There's this one way of setting up well with simplicity —> Virtualization / Rollback / SRP Restrictions .. and sit back
There's this other way —> the traditional multi-layers and adding some of the above good stuff
Unfortunately, the first approach ain't very practical for many users & use-cases, including my requirements.

Spoiler: My Layered Security details

Spoiler: Anti-virus/Anti-malware

Local AV: Emsisoft Antimalware (disabled "automatically allow programs with good reputation) + Heimdal Pro (limited malware engine)
File Reputation: VoodooShield (VoodooAI + Blacklist scan) + EAM Network + Kerish Doctor

Spoiler: Host Intrusion Prevention

Behavior Blocker: Emsisoft
Dedicated HIPS: ____
Application Control: ____
Lockdown: VoodooShield Pro (always ON + max settings)

Spoiler: Networking

Firewall: Sphinx Windows 10 Firewall Control (Basic license) (Zones-based, restrictive, system apps covered, deny-by-default)
Traffic Scanning: Heimdal Pro (VectorN)
MITM check: SSL-Eye
Traffic encryption: DNSCrypt with Yandex (browser only)
Reverse DNS lookup: CrowdInspect
Systemwide DNS: Heimdal Secure DNS

Spoiler: Anti-exploit

Dedicated exploit mitigation: ____
Anti-exploit: Emsisoft (limited exploit mitigation) +VoodooShield (web apps exe-based protection)
Exploit prevention: Heimdal Pro (patching + blacklist-based blocking)

Spoiler: System Hardening

Services & Task Scheduler monitor: Kerish Doctor
Disabled: wscript.exe / cscript.exe / powershell / "Allow Remote Assistance" / Remote Registry Service / Autoplay, System Restore / Untrusted Fonts / System Restore / "Hide Extensions of Known File Types" / Execution of 16-bit processes / Installation of unsigned drivers without warning
Alerts: SmartScreen (web + windows store), UAC
System Files Protection: Kerish Doctor
Security Settings protection: Kerish Doctor
Realtime failure detection: Kerish Doctor

Spoiler: Browsing protection

URL blocking: Emsisoft Surf Protection (added Hosts file) + Heimdal Pro + Yandex Protect + Netcraft
Ad blocking: uBlock Origin
Banking protection: Yandex Protect + Zemana Antilogger (identity protection)
Anti-exploit: VoodooShield Pro

Spoiler: Indentity protection

Anti-keylogging: Zemana Antilogger
Privacy containment: Covert Pro (occasional use) + Sphinx FW (restricted network communication)
Data leak protection: Heimdal Pro / Covert Pro (occasional) + Sphinx FW (restricted network communication)

Spoiler: Virtualization Software / Rollback

Rollback S/W: Shadow Defender
Sandbox: Sandboxie
Virtual Machine: VirtualBox

Spoiler: Backup & Recovery

System Backup / Recovery: Macrium Reflect
Data Backup: Manual + Drive Sync
Data Recovery: MiniTools Power Data Recovery / EaseUS MobiSaver

Spoiler: Updaters

OS patching: PortUp Updater (selective updates)
S/W updater: Heimdal Pro (automatic)

Spoiler: Utilities

File encryption: AxCrypt
VPN: Windscribe VPN
Encrypted mailing: Protonmail
Harden Windows: Hard Configurator / Win10 Security Plus
File details: Pro File Security Tools
DNS switchers: ChrisPC DNS Switcher
Maintenance: ProcessLasso Pro / Kerish Doctor / Complete Internet Repair / Windows Repair Toolbox
Other utilities: MiniTools Partition wizard / RAMDisk / Sardu USB

Spoiler: On-demand scanners

Process Injection / Hollowing / RAT: CrowdInspect / RunPEDetector / Zemana /..
System analysers: Norton PE / McAfee GetSusp / Kaspersky System Checker / SecureAnywhere System Analyser
Rootkit: TDSSKiller / Norton PE / TrendMicro RootkitBuster
Multi-engine: Metadefender client (multi-engine) / HitmanPro / Zemana
Adware / Junkware: AdwCleaner / BC Junkware Removal
Other scanners: Immunet Antivirus (includes Cisco-based cloud protection, community driven) (periodic scanning) / Dr.Web CureIt / Malwarebytes / Panda Cloud Cleaner / ESET Online Scanner

Spoiler: System Monitor / Explorer

Process Monitor / Scanner: CrowdInspect / KillSwitch / Process Hacker / System Explorer / Rkill / SysInternals suite / ESET SysInspector
Autoruns: Kerish Doctor / System Explorer
System / modules check: SanityCheck / FolderChangesView / ESET HiddenFileSystemReader / RegShot / HiJackThis
All-in-one Tool (SX Kit): Stream Armor / Virus Total Scanner / Windows Autorun Disable / Windows Service Manager / Windows USB Blocker / Autorun File Remover / Hidden File Finder / Net Share Monitor / Remote DLL / Spy BHO Remover / Spy DLL Remover

Spoiler: Dual-boot setup (Laptop)

Windows 10: already covered
ElementaryOS: Sophos AV, FireJail, non-GUI Windscribe VPN, VirtualBox for testing (NAT)

Spoiler: USB Multi-boot Utility

I've been using a bootable rescue-USB using Sardu (highly recommended)

1. Multiple antivirus rescue discs in-1
2. All in One System Rescue Toolkit/ Trinity Rescue Kit
3. Ubuntu boot repair tool etc.

With partitioning, you can add some portable executable scanners too. Write-protect the USB then for On-the-go usage.

Spoiler: Safe practices

1. The independent AV tests are NOT absolute truth, and experienced users are aware of that. Also, with modified configurations (mostly defaults are tested), these tools can deliver varied level of protection.
2. Test the sleepiness of your antivirus here
3. Complement your security software. But have no more than 1 real-time AV (some are born incompatible, others may conflict at critical times)
4. After uninstalling an antivirus, use their official 'removal tools' for clean removal
5. Scan with a bootable-rescue-disc monthly or quarterly (prefer BD, Kaspersky, Avira, ESET & Dr.Web)
6. Provide admin-rights with utmost care. Prefer Standard account
7. Use lockdown / anti-executables if feasible alongside an AV
8. Avoid trying cracks. Those can do more than what's in their name!
9. Keep Auto-play always OFF. Write-protect your USB when porting
10. Download programs from Vendor sites or trusted downloads sites only
11. During potentially risky activities, use sandbox or multi-protection always (AM + URL blocker + anti-exploit + extensions)
12. For ransomware protection besides antivirus, WinAntiRansom / Kaspersky AntiRansom Tool / HMPA etc are nice options
13. Important tips like low-risk activities, safe browsing, using Windows built-in mechanisms for security are already famous elsewhere. Let me link them here
14. Do not share your credentials or personal information with others. These can be misused for hacking your stuff
15. Use Sardu to create a Multiboot USB tool to include Multiple AV Rescue Discs, USB repair tools, Linux Distros(s) and some more portable apps. Write protect it then, as needed.
16. Install a Linux distro for side-by healthy computing!

An AV is like a bulletproof vest. It won't guarantee protection everywhere. Lockdown.
Feedback welcome
Keep safe, be safe!

 

[Exterminator]

Looks good! Thanks for sharing your config

 

[tim one]

Appreciable explanations and good config.
I use CCleaner and the few bugs have been fixed in the latest version.
Iobit ASC and similar all-in-one tools are useless because they do not lead to substantial benefits in terms of speed and stability.
Also an incorrect use may cause problems at OS level.
It is useful to say that some "antivirus uninstall tools" have to be used after the normal uninstall via own uninstaller (McAfee for example).
It is necessary to focus on the absolute utility of a backup plan: the power is useless without control.

 

[Parsh]

Iobit ASC and similar all-in-one tools are useless because they do not lead to substantial benefits in terms of speed and stability.
Also an incorrect use may cause problems at OS level.
It is useful to say that some "antivirus uninstall tools" have to be used after the normal uninstall via own uninstaller (McAfee for example).
It is necessary to focus on the absolute utility of a backup plan: the power is useless without control.

Agreed. Yet, I am unable to edit my post. Let me get back to that later!
Regarding IOBit, just as I mentioned, I use the settings with less load ie. no real-time monitoring/ automatic activities etc.
I call it only monthly. And I prefer it because of the variety of tools it has. I haven't found it messy otherwise

 

[Deleted Member 3a5v73x]

Hey, what kind of infection you had in last 3 months? Just curious how did something get through your posted security configuration. Thanks for sharing it and have a great time at MalwareTips.

 

[AtlBo]

Great. Don't know if you knew but 360 TSE has the sandbox, and it's lighter than TS. ONLY issue is it's slightly behind in development version-wise (8.8 vs 9.0). 360 comparison shows no difference in protections though. If you don't need the TS add ons, TSE should work for you and give you the same results.

 

[Parsh]

Hey, what kind of infection you had in last 3 months? Just curious how did something get through your posted security configuration. Thanks for sharing it and have a great time at MalwareTips.

Thanks man
A month ago, I did not have Kaspersky (currently have trial activated). I had used it for 2 years, long ago.
On my college budget, I went with 360 TS (free) and I was supposedly infected.

I am not sure about the how's, but the issue was that a suspicious account named 'wpncgnncse' used to get activated on my PC alongside my admin account.
Everytime I deleted it, it came back!
And there were some anomalies while granting rights too. No suspicious registries detected. Disc usage was abnormally high. Network usage was fair. Once I tried entering that account out of curiosity, it turned to a black screen.
I decided to wipe clean my PC then.

My current config is Kaspersky + Zemana(trial) in realtime.
EDIT: Replaced Zemana with VooDooShield. Zemana license expired. Now on standby!

 

[Parsh]

Great. Don't know if you knew but 360 TSE has the sandbox, and it's lighter than TS. ONLY issue is it's slightly behind in development version-wise (8.8 vs 9.0). 360 comparison shows no difference in protections though. If you don't need the TS add ons, TSE should work for you and give you the same results.

You're right! I had installed it when I didn't have other maintenance program, so I have been with TS instead of TSE.
Now I won't need those addons
TSE might be behind, but 360 is a bit dull when it comes to using those BD and Avira engines. Doesn't detect threats everytime!

 

[JM Safe]

If you already have Avira Browser Safety you can also remove Bitdefender Trafficlight. I would also suggest to remove IObit products, CCleaner is enough.

Thanks for sharing.

 

[Parsh]

If you already have Avira Browser Safety you can also remove Bitdefender Trafficlight. I would also suggest to remove IObit products, CCleaner is enough.

Hello!
I would say that Avira has been the most effective addon, but I've seen TrafficLight block some malicious urls recently. Though multiple such addons make browsing slower, I prefer having the two. I've already removed MCAfee and Panda equivalent.
And yes, I mentioned IOBit as an option, however I just use Glary for the basics.

 

[Parsh]

So, KIS (trial) license is ending before giveaways do. I'll wait for some giveaways to run to their results
Till then
ADDITIONS

1. 360 TSE (all engines)
2. Comodo FireWall (FW + HIPS + limited Viruscope)
3. Shadow Defender (thanks to @Svoll)
4. Heimdal (auto software patching)
5. Adguard DNS in host file
6. AOMEI Backupper Professional (thanks to @Yash Khan)
7. HitmanPro (for on-demand detection) (replace KAV's definitions)
8. Kaspersky VRT (for post-detection surgery)
9. switched to INTEL TrueKey (great integration with Windows)

REMOVALS

1. KIS (man, needed quite a few apps to replace its provisions)
2. EaseUS Backup
3. LastPass
4. EEK

Enjoying the new customized setup. On the VM though, not to mention, I keep switching for tons of l'il experiments.

 

[Svoll]

ADDITIONS

1. 360 TSE (all engines)
2. Comodo FireWall (FW + HIPS + limited Viruscope)
3. Shadow Defender (thanks to @Svoll)
4. Heimdal (auto software patching)
5. Adguard DNS in host file
6. AOMEI Backupper Professional (thanks to @Yash Khan)
7. HitmanPro (for on-demand detection) (replace KAV's definitions)
8. Kaspersky VRT (for post-detection surgery)
9. switched to INTEL TrueKey (great integration with Windows)

Omg, Look at that army of security suites =P

First line defense if failed, goes to mitigation, if that fails, Virtualization or Shadow Mode restart, if that fails, AOMEI to the rescue.
I am pretty sure, its hard even getting to the second layer

 

[Parsh]

Omg, Look at that army of security suites =P
First line defense if failed, goes to mitigation, if that fails, Virtualization or Shadow Mode restart, if that fails, AOMEI to the rescue.
I am pretty sure, its hard even getting to the second layer

Some hospitality for dear malware
Everything looks perfect but we never know what can get past and how.
I've avoided any overkill with this portfolio though.
Waiting for mainly Emsisoft giveaway results now

Btw, I've made a some good collection of freemiums this week!

 

[Svoll]

Btw, I've made a some good collection of freemiums this week!

You been slacking, MT has so much to offer!, I really like your config!

I am trying something you wanted to try.

EIS+MB anti Exploit+ZemanaAntiLogger =P

its high on memory + cpu just FYI..

Good Luck! i want that Macrium Backup Giveaway crosses Finger..

Back on Track: You have a solid config already, what are you gonna replace if you win the Emsisoft license?

 

[amico81]

360 TSE still ad-free? I don't like advertisment in a av-programm.

 

[Sr. Normal 2.0]

360 TSE still ad-free? I don't like advertisment in a av-programm.

Me neither, but it is the price of gratuity. Others have done it before and others will do it.

 

[Parsh]

You been slacking, MT has so much to offer!, I really like your config!
I am trying something you wanted to try.
EIS+MB anti Exploit+ZemanaAntiLogger =P
its high on memory + cpu just FYI..

Haha you reached there too
Yup, EIS and Zemana real-time would be as heavy as awesome they are together!
I'll trust EIS/EAM for the anti-malware job and Zemana as on-demand partner.
EAM and 360 especially have quite some alerts about running processes/executions and so on, and I like it. Helps take security a lot beyond signature detection.

Good Luck! i want that Macrium Backup Giveaway crosses Finger..

Good luck to you and your data too How's Norton Ghost working?

Back on Track: You have a solid config already, what are you gonna replace if you win the Emsisoft license?

Simply throw away 360TSE. I'll just feed EAM and a good FW to my PC for RT.

 

[Zero Knowledge]

Awesome config. No advice needed.

 

[Deleted member 2913]

So, KIS license is ending before giveaways do. I'll wait for some giveaways to run to their results
Till then
ADDITIONS

1. AOMEI Backupper Professional (thanks to @Yash Khan)

REMOVALS

1. KIS (man, needed quite a few apps to replace its provisions)
2. EaseUS Backup

1. You like KIS & would like to continue using it?
2. Why replaced EaseUS Backup?

 

[Parsh]

360 TSE still ad-free? I don't like advertisment in a av-programm.

Oh man, I'm having serious troubles with my display drivers. Got to use my phone for this.
Yeah it does and it will until it provides paid components or switches to paid product I guess.
A lot of power, a little advertisement, no big problem