Latest Changes
Dec 31, 1969
Operating System
  • Windows Edition
    Enterprise
    System Architecture
    64-bit
    User Access Control
    Default
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Disabled - Turned off by user
  • User Account
    Sign-in Accounts
    Malware Testing
    Malware on a secure VM - Full Network and File isolation
    Real-time Web & Malware Protection
    Webroot SecureAnywhere Complete Beta
    Custom Settings For Real-Time Protection
    Virus and Malware Removal Tools
    HitmanPro,MBAM,ESET Online Scanner
    Browsers and Extensions
    Cent Browser
    Web Privacy
    Adguard Beta
    Password Manager
    LastPass
    Web Search
    Google
    System Utilities
    CCleaner,Wise,Revo uninstaller pro
    Data Backup
    Webroot
    Frequency of Data backups
    System Backup
    Rollback RX Pro, Acronis bootable iso
    Frequency of System backups
    Occasionally

    Petrovic

    Level 63
    Verified
    Trusted
    Eset Smart Security 7 (Advanced settings HIPS)
    Setting change request HOSTS file

    Open antivirus, go to Settings
    Select Computer - HIPS. Next - Configure rules - Create.
    Create the following rule: The final files - Operations - Delete the file, write to file - notify the user checked, the rule is active, Action - request.
    On these files:
    C: \ Windows \ System32 \ drivers \ etc \ hosts


    Protecting hard disk MBR

    Action - "Request"
    On the "destination file":
    - In the "Operations" to include a tick "Direct access to the disk."
    On these files
    Valid for all
    Other parameters
    Notify Users
    Click "OK".





    Protecting System registry entries.
    Name - any
    Action - "Request" (or "Block" if, immediately configure all the exceptions for trusted applications; exceptions are added to the tab "Source Applications"
    In the "final roster":
    - In the "Operations" to include a tick "Use for all operations";
    - In the "Above these registry entries" click "Add" and then alternately add to the list the following registry path:
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *
    HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ DataBasePath
    HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
    HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
    HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *

    To lock / change request settings TCP / IP:
    HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ Interfaces \ *

    To protect the security policy IP:
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ IPSec \ *

    To lock / write request blocking static routes:
    HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ PersistentRoutes \ *

    To lock / query run blocking ESET through debuggers:
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ egui.exe \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ekrn.exe \ *

    Click "OK".


    To protect against winlock
    Configure rules - Create.
    Must in turn create the following rules (final roster - Operations - Use for all operations
    checked to notify the user, the rule is active, Action - block)

    Above these registry entries:

    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Shell
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
    HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
     

    Petrovic

    Level 63
    Verified
    Trusted
    Nice HIPS Config, I like it, Really untill now i am not good at configuring HIPS, but now i will try this out.
    Will be plenty of pop-ups, requires an understanding for a decision.
    These settings can be supplemented its rules.
     

    Mazhar

    New Member
    Eset Smart Security 7 (Advanced settings HIPS)
    Petrovic ESS config is like loading the dice against all the possible bad things that can happen to your system. Hope they work.

    But in reality, ESET firewall has not passed the leak tests though it's good against port scans. I'm testing Agnitum Outpost Firewall versus ESS and still not able to reconcile to the public acclaim for ESS firewall. Outpost Firewall seems to have an edge over ESS. If you really wanna harden ESS, I suggest you also install seconfig.exe and configure according to your choice so that system and port vulnerabilities missed by ESS are plugged properly.

    :)Seconfig XP is a damn good FREE network hardening tool for configuring mostly hidden Windows 2000/XP/2003 (and probably up) settings. With this tool it is easy to adjust Windows to relatively VERY SECURE hacker-proof network security level.

    It's got these:



    1. Restrict Microsoft Networks
    2. Services settings
    3. TCP/IP settings
    4. Disable NetBIOS over TCP/IP (all adapters)
    5. Disable SMB over TCP/IP
    6. Disable RPC over TCP/IP
    7. NetBIOS Scope ID
    8. Disable Remote Registry service
    9. Disable Messenger service

    [Note: The Messenger service is not related to Windows Messenger or MSN Messenger].
    10. Disable SSDP Discovery Service service
    11. Do not start IPSEC Services service automatically
    12. Drop all incoming IP source routed packets
    13. Disable automatic detection of "dead" gateways

    14. Disable IRDP (all interfaces)
    15. Disable ICMP redirect

    16. Enable strict ARP table update
    17. Accept responses only from queried DNS servers

    18. Disable ports 1025 to N

    Configure the app to suit your VPN or home/network use settings and lock it up Seconfig XP in :)Easy File Locker v1.5.0, which is yet another FREE folder and file locking application. Now, no malware can touch your TCP/IP settings and browse happily with gusto. I closed all my TCP and UDP 135-139 ports,especially NetBios ones and these two apps have really hardened my ESS. Try!
     
    • Like
    Reactions: Parsh

    Mazhar

    New Member
    ESET FAILS FIREWALL LEAK TEST

    Please go to https://www.grc.com/lt/leaktest.htm and test ESS firewall.

    Alternatively, one can download 'Firewall leak Test' at https://www.grc.com/files/leaktest.exe

    Except Zonealarm Firewall, all other firewalls including ESS 8 FAILED the firewall leak test in the auto pilot mode.

    Here is my result for ESS 8 in auto configured mode:



    In the auto configured mode, which most of the ESET users tick for, the RPC DCom, NetBios and UPnP ports are OPEN, thereby spurring the hacker to probe further even if the firewall shows it as STEALTH or CLOSED. Hackers by instinct dig further to really see you are CLOSED or SEEMINGLY CLOSED.

    ESS auto configured mode is FLAWED!

    I plugged my ESS 8 fortress with Seconfig XP though the ESS 8 was configured by me for max shield following tips given in this website forums.
     
    • Like
    Reactions: _CyberGhosT_