Parsh's Layered Config

Status
Not open for further replies.

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
There's this one way of setting up well with simplicity —> Virtualization / Rollback / SRP Restrictions .. and sit back
There's this other way —> the traditional multi-layers and adding some of the above good stuff
Unfortunately, the first approach ain't very practical for many users & use-cases, including my requirements.

Local AV: Emsisoft Antimalware (disabled "automatically allow programs with good reputation) + Heimdal Pro (limited malware engine)
File Reputation: VoodooShield (VoodooAI + Blacklist scan) + EAM Network + Kerish Doctor
Behavior Blocker: Emsisoft
Dedicated HIPS: ____
Application Control: ____
Lockdown: VoodooShield Pro (always ON + max settings)
Firewall: Sphinx Windows 10 Firewall Control (Basic license) (Zones-based, restrictive, system apps covered, deny-by-default)
Traffic Scanning: Heimdal Pro (VectorN)
MITM check: SSL-Eye
Traffic encryption: DNSCrypt with Yandex (browser only)
Reverse DNS lookup: CrowdInspect
Systemwide DNS: Heimdal Secure DNS
Dedicated exploit mitigation: ____
Anti-exploit: Emsisoft (limited exploit mitigation) +VoodooShield (web apps exe-based protection)
Exploit prevention: Heimdal Pro (patching + blacklist-based blocking)
Services & Task Scheduler monitor: Kerish Doctor
Disabled: wscript.exe / cscript.exe / powershell / "Allow Remote Assistance" / Remote Registry Service / Autoplay, System Restore / Untrusted Fonts / System Restore / "Hide Extensions of Known File Types" / Execution of 16-bit processes / Installation of unsigned drivers without warning
Alerts: SmartScreen (web + windows store), UAC
System Files Protection: Kerish Doctor
Security Settings protection: Kerish Doctor
Realtime failure detection: Kerish Doctor
URL blocking: Emsisoft Surf Protection (added Hosts file) + Heimdal Pro + Yandex Protect + Netcraft
Ad blocking: uBlock Origin
Banking protection: Yandex Protect + Zemana Antilogger (identity protection)
Anti-exploit: VoodooShield Pro
Anti-keylogging: Zemana Antilogger
Privacy containment: Covert Pro (occasional use) + Sphinx FW (restricted network communication)
Data leak protection: Heimdal Pro / Covert Pro (occasional) + Sphinx FW (restricted network communication)
Rollback S/W: Shadow Defender
Sandbox: Sandboxie
Virtual Machine: VirtualBox
System Backup / Recovery: Macrium Reflect
Data Backup: Manual + Drive Sync
Data Recovery: MiniTools Power Data Recovery / EaseUS MobiSaver
OS patching: PortUp Updater (selective updates)
S/W updater: Heimdal Pro (automatic)
File encryption: AxCrypt
VPN: Windscribe VPN
Encrypted mailing: Protonmail
Harden Windows: Hard Configurator / Win10 Security Plus
File details: Pro File Security Tools
DNS switchers: ChrisPC DNS Switcher
Maintenance: ProcessLasso Pro / Kerish Doctor / Complete Internet Repair / Windows Repair Toolbox
Other utilities: MiniTools Partition wizard / RAMDisk / Sardu USB
Process Injection / Hollowing / RAT: CrowdInspect / RunPEDetector / Zemana /..
System analysers: Norton PE / McAfee GetSusp / Kaspersky System Checker / SecureAnywhere System Analyser
Rootkit: TDSSKiller / Norton PE / TrendMicro RootkitBuster
Multi-engine: Metadefender client (multi-engine) / HitmanPro / Zemana
Adware / Junkware: AdwCleaner / BC Junkware Removal
Other scanners: Immunet Antivirus (includes Cisco-based cloud protection, community driven) (periodic scanning) / Dr.Web CureIt / Malwarebytes / Panda Cloud Cleaner / ESET Online Scanner
Process Monitor / Scanner: CrowdInspect / KillSwitch / Process Hacker / System Explorer / Rkill / SysInternals suite / ESET SysInspector
Autoruns: Kerish Doctor / System Explorer
System / modules check: SanityCheck / FolderChangesView / ESET HiddenFileSystemReader / RegShot / HiJackThis
All-in-one Tool (SX Kit): Stream Armor / Virus Total Scanner / Windows Autorun Disable / Windows Service Manager / Windows USB Blocker / Autorun File Remover / Hidden File Finder / Net Share Monitor / Remote DLL / Spy BHO Remover / Spy DLL Remover
Windows 10: already covered
ElementaryOS: Sophos AV, FireJail, non-GUI Windscribe VPN, VirtualBox for testing (NAT)
I've been using a bootable rescue-USB using Sardu (highly recommended)
  1. Multiple antivirus rescue discs in-1
  2. All in One System Rescue Toolkit/ Trinity Rescue Kit
  3. Ubuntu boot repair tool etc.
G2EF0GG.png

With partitioning, you can add some portable executable scanners too. Write-protect the USB then for On-the-go usage.
  1. The independent AV tests are NOT absolute truth, and experienced users are aware of that. Also, with modified configurations (mostly defaults are tested), these tools can deliver varied level of protection.
  2. Test the sleepiness of your antivirus here
  3. Complement your security software. But have no more than 1 real-time AV (some are born incompatible, others may conflict at critical times)
  4. After uninstalling an antivirus, use their official 'removal tools' for clean removal
  5. Scan with a bootable-rescue-disc monthly or quarterly (prefer BD, Kaspersky, Avira, ESET & Dr.Web)
  6. Provide admin-rights with utmost care. Prefer Standard account
  7. Use lockdown / anti-executables if feasible alongside an AV
  8. Avoid trying cracks. Those can do more than what's in their name!
  9. Keep Auto-play always OFF. Write-protect your USB when porting
  10. Download programs from Vendor sites or trusted downloads sites only
  11. During potentially risky activities, use sandbox or multi-protection always (AM + URL blocker + anti-exploit + extensions)
  12. For ransomware protection besides antivirus, WinAntiRansom / Kaspersky AntiRansom Tool / HMPA etc are nice options
  13. Important tips like low-risk activities, safe browsing, using Windows built-in mechanisms for security are already famous elsewhere. Let me link them here
  14. Do not share your credentials or personal information with others. These can be misused for hacking your stuff
  15. Use Sardu to create a Multiboot USB tool to include Multiple AV Rescue Discs, USB repair tools, Linux Distros(s) and some more portable apps. Write protect it then, as needed.
  16. Install a Linux distro for side-by healthy computing!
An AV is like a bulletproof vest. It won't guarantee protection everywhere. Lockdown.
Feedback welcome :)
Keep safe, be safe!
 
Last edited:

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Appreciable explanations and good config.
I use CCleaner and the few bugs have been fixed in the latest version.
Iobit ASC and similar all-in-one tools are useless because they do not lead to substantial benefits in terms of speed and stability.
Also an incorrect use may cause problems at OS level.
It is useful to say that some "antivirus uninstall tools" have to be used after the normal uninstall via own uninstaller (McAfee for example).
It is necessary to focus on the absolute utility of a backup plan: the power is useless without control.
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Iobit ASC and similar all-in-one tools are useless because they do not lead to substantial benefits in terms of speed and stability.
Also an incorrect use may cause problems at OS level.
It is useful to say that some "antivirus uninstall tools" have to be used after the normal uninstall via own uninstaller (McAfee for example).
It is necessary to focus on the absolute utility of a backup plan: the power is useless without control.

Agreed. Yet, I am unable to edit my post. Let me get back to that later!
Regarding IOBit, just as I mentioned, I use the settings with less load ie. no real-time monitoring/ automatic activities etc.
I call it only monthly. And I prefer it because of the variety of tools it has. I haven't found it messy otherwise :)
 
Last edited:

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Great. Don't know if you knew but 360 TSE has the sandbox, and it's lighter than TS. ONLY issue is it's slightly behind in development version-wise (8.8 vs 9.0). 360 comparison shows no difference in protections though. If you don't need the TS add ons, TSE should work for you and give you the same results.
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Hey, what kind of infection you had in last 3 months? Just curious how did something get through your posted security configuration. Thanks for sharing it and have a great time at MalwareTips. :)

Thanks man :)
A month ago, I did not have Kaspersky (currently have trial activated). I had used it for 2 years, long ago.
On my college budget, I went with 360 TS (free) and I was supposedly infected.

I am not sure about the how's, but the issue was that a suspicious account named 'wpncgnncse' used to get activated on my PC alongside my admin account.
Everytime I deleted it, it came back!
And there were some anomalies while granting rights too. No suspicious registries detected. Disc usage was abnormally high. Network usage was fair. Once I tried entering that account out of curiosity, it turned to a black screen.
I decided to wipe clean my PC then.

My current config is Kaspersky + Zemana(trial) in realtime.
EDIT: Replaced Zemana with VooDooShield. Zemana license expired. Now on standby!
 
Last edited:

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Great. Don't know if you knew but 360 TSE has the sandbox, and it's lighter than TS. ONLY issue is it's slightly behind in development version-wise (8.8 vs 9.0). 360 comparison shows no difference in protections though. If you don't need the TS add ons, TSE should work for you and give you the same results.

You're right! I had installed it when I didn't have other maintenance program, so I have been with TS instead of TSE.
Now I won't need those addons :)
TSE might be behind, but 360 is a bit dull when it comes to using those BD and Avira engines. Doesn't detect threats everytime!
 
Last edited:

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
If you already have Avira Browser Safety you can also remove Bitdefender Trafficlight. I would also suggest to remove IObit products, CCleaner is enough.
Hello!
I would say that Avira has been the most effective addon, but I've seen TrafficLight block some malicious urls recently. Though multiple such addons make browsing slower, I prefer having the two. I've already removed MCAfee and Panda equivalent.
And yes, I mentioned IOBit as an option, however I just use Glary for the basics.
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
So, KIS (trial) license is ending before giveaways do. I'll wait for some giveaways to run to their results :D
Till then
ADDITIONS
  1. 360 TSE (all engines)
  2. Comodo FireWall (FW + HIPS + limited Viruscope)
  3. Shadow Defender (thanks to @Svoll) :)
  4. Heimdal (auto software patching)
  5. Adguard DNS in host file
  6. AOMEI Backupper Professional (thanks to @Yash Khan) :)
  7. HitmanPro (for on-demand detection) (replace KAV's definitions)
  8. Kaspersky VRT (for post-detection surgery)
  9. switched to INTEL TrueKey (great integration with Windows)
REMOVALS
  1. KIS (man, needed quite a few apps to replace its provisions)
  2. EaseUS Backup
  3. LastPass
  4. EEK
Enjoying the new customized setup. On the VM though, not to mention, I keep switching for tons of l'il experiments.
 
Last edited:

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
ADDITIONS
  1. 360 TSE (all engines)
  2. Comodo FireWall (FW + HIPS + limited Viruscope)
  3. Shadow Defender (thanks to @Svoll) :)
  4. Heimdal (auto software patching)
  5. Adguard DNS in host file
  6. AOMEI Backupper Professional (thanks to @Yash Khan) :)
  7. HitmanPro (for on-demand detection) (replace KAV's definitions)
  8. Kaspersky VRT (for post-detection surgery)
  9. switched to INTEL TrueKey (great integration with Windows)

Omg, Look at that army of security suites =P

First line defense if failed, goes to mitigation, if that fails, Virtualization or Shadow Mode restart, if that fails, AOMEI to the rescue.
I am pretty sure, its hard even getting to the second layer :)
:););););););):D:D:D
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Omg, Look at that army of security suites =P
First line defense if failed, goes to mitigation, if that fails, Virtualization or Shadow Mode restart, if that fails, AOMEI to the rescue.
I am pretty sure, its hard even getting to the second layer :)
:););););););):D:D:D
Some hospitality for dear malware :)o_O;)
Everything looks perfect but we never know what can get past and how.
I've avoided any overkill with this portfolio though.
Waiting for mainly Emsisoft giveaway results now :D

Btw, I've made a some good collection of freemiums this week!
 

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
Btw, I've made a some good collection of freemiums this week!

You been slacking, MT has so much to offer!, I really like your config!

I am trying something you wanted to try.

EIS+MB anti Exploit+ZemanaAntiLogger =P

its high on memory + cpu just FYI..

Good Luck! i want that Macrium Backup Giveaway crosses Finger..

Back on Track: You have a solid config already, what are you gonna replace if you win the Emsisoft license?
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
You been slacking, MT has so much to offer!, I really like your config!
I am trying something you wanted to try.
EIS+MB anti Exploit+ZemanaAntiLogger =P
its high on memory + cpu just FYI..
Haha you reached there too :p
Yup, EIS and Zemana real-time would be as heavy as awesome they are together!
I'll trust EIS/EAM for the anti-malware job and Zemana as on-demand partner.
EAM and 360 especially have quite some alerts about running processes/executions and so on, and I like it. Helps take security a lot beyond signature detection.

Good Luck! i want that Macrium Backup Giveaway crosses Finger..
Good luck to you and your data too;) How's Norton Ghost working?

Back on Track: You have a solid config already, what are you gonna replace if you win the Emsisoft license?
Simply throw away 360TSE. I'll just feed EAM and a good FW to my PC for RT.
 
D

Deleted member 2913

So, KIS license is ending before giveaways do. I'll wait for some giveaways to run to their results :D
Till then
ADDITIONS
  1. AOMEI Backupper Professional (thanks to @Yash Khan) :)
REMOVALS
  1. KIS (man, needed quite a few apps to replace its provisions)
  2. EaseUS Backup
1. You like KIS & would like to continue using it?
2. Why replaced EaseUS Backup?
 

Parsh

Level 25
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
360 TSE still ad-free? I don't like advertisment in a av-programm.
Oh man, I'm having serious troubles with my display drivers. Got to use my phone for this.
Yeah it does and it will until it provides paid components or switches to paid product I guess.
A lot of power, a little advertisement, no big problem :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top