Latest changes
Dec 31, 1969
Windows Edition
Enterprise
System type
64-bit operating system; x64-based processor
Windows UAC
Default - Notify me only when programs try to make changes to my computer
Firewall protection
Microsoft Defender Firewall
Account privileges
Account type
Exposure to malware
Malware samples are downloaded on a Virtual machine
Real-time Malware protection
Webroot SecureAnywhere Complete Beta
Periodic scanners
HitmanPro,MBAM,ESET Online Scanner
Browser and Add-ons
Cent Browser
Privacy tools and VPN
Adguard Beta
Password manager
LastPass
Search engine
Google
Maintenance tools
CCleaner,Wise,Revo uninstaller pro
Photos and Files backup
Webroot
File Backup schedule
Backup and Restore
Rollback RX Pro, Acronis bootable iso
Backup schedule
Once or more per month

Petrovic

Level 64
Verified
Trusted
Eset Smart Security 7 (Advanced settings HIPS)
Setting change request HOSTS file

Open antivirus, go to Settings
Select Computer - HIPS. Next - Configure rules - Create.
Create the following rule: The final files - Operations - Delete the file, write to file - notify the user checked, the rule is active, Action - request.
On these files:
C: \ Windows \ System32 \ drivers \ etc \ hosts


Protecting hard disk MBR

Action - "Request"
On the "destination file":
- In the "Operations" to include a tick "Direct access to the disk."
On these files
Valid for all
Other parameters
Notify Users
Click "OK".





Protecting System registry entries.
Name - any
Action - "Request" (or "Block" if, immediately configure all the exceptions for trusted applications; exceptions are added to the tab "Source Applications"
In the "final roster":
- In the "Operations" to include a tick "Use for all operations";
- In the "Above these registry entries" click "Add" and then alternately add to the list the following registry path:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ DataBasePath
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *

To lock / change request settings TCP / IP:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ Interfaces \ *

To protect the security policy IP:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ IPSec \ *

To lock / write request blocking static routes:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ PersistentRoutes \ *

To lock / query run blocking ESET through debuggers:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ egui.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ekrn.exe \ *

Click "OK".


To protect against winlock
Configure rules - Create.
Must in turn create the following rules (final roster - Operations - Use for all operations
checked to notify the user, the rule is active, Action - block)

Above these registry entries:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Shell
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
 

Petrovic

Level 64
Verified
Trusted
Nice HIPS Config, I like it, Really untill now i am not good at configuring HIPS, but now i will try this out.
Will be plenty of pop-ups, requires an understanding for a decision.
These settings can be supplemented its rules.
 

Mazhar

New Member
Eset Smart Security 7 (Advanced settings HIPS)
Petrovic ESS config is like loading the dice against all the possible bad things that can happen to your system. Hope they work.

But in reality, ESET firewall has not passed the leak tests though it's good against port scans. I'm testing Agnitum Outpost Firewall versus ESS and still not able to reconcile to the public acclaim for ESS firewall. Outpost Firewall seems to have an edge over ESS. If you really wanna harden ESS, I suggest you also install seconfig.exe and configure according to your choice so that system and port vulnerabilities missed by ESS are plugged properly.

:)Seconfig XP is a damn good FREE network hardening tool for configuring mostly hidden Windows 2000/XP/2003 (and probably up) settings. With this tool it is easy to adjust Windows to relatively VERY SECURE hacker-proof network security level.

It's got these:



1. Restrict Microsoft Networks
2. Services settings
3. TCP/IP settings
4. Disable NetBIOS over TCP/IP (all adapters)
5. Disable SMB over TCP/IP
6. Disable RPC over TCP/IP
7. NetBIOS Scope ID
8. Disable Remote Registry service
9. Disable Messenger service

[Note: The Messenger service is not related to Windows Messenger or MSN Messenger].
10. Disable SSDP Discovery Service service
11. Do not start IPSEC Services service automatically
12. Drop all incoming IP source routed packets
13. Disable automatic detection of "dead" gateways

14. Disable IRDP (all interfaces)
15. Disable ICMP redirect

16. Enable strict ARP table update
17. Accept responses only from queried DNS servers

18. Disable ports 1025 to N

Configure the app to suit your VPN or home/network use settings and lock it up Seconfig XP in :)Easy File Locker v1.5.0, which is yet another FREE folder and file locking application. Now, no malware can touch your TCP/IP settings and browse happily with gusto. I closed all my TCP and UDP 135-139 ports,especially NetBios ones and these two apps have really hardened my ESS. Try!
 
  • Like
Reactions: Parsh

Mazhar

New Member
ESET FAILS FIREWALL LEAK TEST

Please go to https://www.grc.com/lt/leaktest.htm and test ESS firewall.

Alternatively, one can download 'Firewall leak Test' at https://www.grc.com/files/leaktest.exe

Except Zonealarm Firewall, all other firewalls including ESS 8 FAILED the firewall leak test in the auto pilot mode.

Here is my result for ESS 8 in auto configured mode:



In the auto configured mode, which most of the ESET users tick for, the RPC DCom, NetBios and UPnP ports are OPEN, thereby spurring the hacker to probe further even if the firewall shows it as STEALTH or CLOSED. Hackers by instinct dig further to really see you are CLOSED or SEEMINGLY CLOSED.

ESS auto configured mode is FLAWED!

I plugged my ESS 8 fortress with Seconfig XP though the ESS 8 was configured by me for max shield following tips given in this website forums.
 
  • Like
Reactions: _CyberGhosT_
Top