Petrovic config

Last updated
Dec 31, 1969
Windows Edition
Enterprise
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
Webroot SecureAnywhere Complete Beta
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
HitmanPro,MBAM,ESET Online Scanner
Malware sample testing
Browser(s) and extensions
Cent Browser
Maintenance tools
CCleaner,Wise,Revo uninstaller pro
File and Photo backup
Webroot
System recovery
Rollback RX Pro, Acronis bootable iso

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Eset Smart Security 7 (Advanced settings HIPS)
Setting change request HOSTS file

Open antivirus, go to Settings
Select Computer - HIPS. Next - Configure rules - Create.
Create the following rule: The final files - Operations - Delete the file, write to file - notify the user checked, the rule is active, Action - request.
On these files:
C: \ Windows \ System32 \ drivers \ etc \ hosts
70fn.png


Protecting hard disk MBR

Action - "Request"
On the "destination file":
- In the "Operations" to include a tick "Direct access to the disk."
On these files
Valid for all
Other parameters
Notify Users
Click "OK".

9fo2.png




Protecting System registry entries.
Name - any
Action - "Request" (or "Block" if, immediately configure all the exceptions for trusted applications; exceptions are added to the tab "Source Applications"
In the "final roster":
- In the "Operations" to include a tick "Use for all operations";
- In the "Above these registry entries" click "Add" and then alternately add to the list the following registry path:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ DataBasePath
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ *
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce \ *
HKEY_USERS \ * \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ *

To lock / change request settings TCP / IP:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ Interfaces \ *

To protect the security policy IP:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ IPSec \ *

To lock / write request blocking static routes:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ PersistentRoutes \ *

To lock / query run blocking ESET through debuggers:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ egui.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ ekrn.exe \ *

Click "OK".


To protect against winlock
Configure rules - Create.
Must in turn create the following rules (final roster - Operations - Use for all operations
checked to notify the user, the rule is active, Action - block)

Above these registry entries:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Shell
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ userinit.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ explorer.exe \ *
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ taskmgr.exe \ *
 

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Nice HIPS Config, I like it, Really untill now i am not good at configuring HIPS, but now i will try this out.
Will be plenty of pop-ups, requires an understanding for a decision.
These settings can be supplemented its rules.
 

Mazhar

New Member
Jun 30, 2014
9
Eset Smart Security 7 (Advanced settings HIPS)
Petrovic ESS config is like loading the dice against all the possible bad things that can happen to your system. Hope they work.

But in reality, ESET firewall has not passed the leak tests though it's good against port scans. I'm testing Agnitum Outpost Firewall versus ESS and still not able to reconcile to the public acclaim for ESS firewall. Outpost Firewall seems to have an edge over ESS. If you really wanna harden ESS, I suggest you also install seconfig.exe and configure according to your choice so that system and port vulnerabilities missed by ESS are plugged properly.

:)Seconfig XP is a damn good FREE network hardening tool for configuring mostly hidden Windows 2000/XP/2003 (and probably up) settings. With this tool it is easy to adjust Windows to relatively VERY SECURE hacker-proof network security level.

It's got these:

main.gif


1. Restrict Microsoft Networks
2. Services settings
3. TCP/IP settings
4. Disable NetBIOS over TCP/IP (all adapters)
5. Disable SMB over TCP/IP
6. Disable RPC over TCP/IP
7. NetBIOS Scope ID
8. Disable Remote Registry service
9. Disable Messenger service

[Note: The Messenger service is not related to Windows Messenger or MSN Messenger].
10. Disable SSDP Discovery Service service
11. Do not start IPSEC Services service automatically
12. Drop all incoming IP source routed packets
13. Disable automatic detection of "dead" gateways

14. Disable IRDP (all interfaces)
15. Disable ICMP redirect

16. Enable strict ARP table update
17. Accept responses only from queried DNS servers

18. Disable ports 1025 to N

Configure the app to suit your VPN or home/network use settings and lock it up Seconfig XP in :)Easy File Locker v1.5.0, which is yet another FREE folder and file locking application. Now, no malware can touch your TCP/IP settings and browse happily with gusto. I closed all my TCP and UDP 135-139 ports,especially NetBios ones and these two apps have really hardened my ESS. Try!
 
  • Like
Reactions: Parsh

Mazhar

New Member
Jun 30, 2014
9
ESET FAILS FIREWALL LEAK TEST

Please go to https://www.grc.com/lt/leaktest.htm and test ESS firewall.

Alternatively, one can download 'Firewall leak Test' at https://www.grc.com/files/leaktest.exe

Except Zonealarm Firewall, all other firewalls including ESS 8 FAILED the firewall leak test in the auto pilot mode.

Here is my result for ESS 8 in auto configured mode:

TTlM63II_bNCrDos-GoCuYYUsPJauvswVtXyLWOG8D-g6I85o2aprfMr9op1EbJwZy8dog=s85


In the auto configured mode, which most of the ESET users tick for, the RPC DCom, NetBios and UPnP ports are OPEN, thereby spurring the hacker to probe further even if the firewall shows it as STEALTH or CLOSED. Hackers by instinct dig further to really see you are CLOSED or SEEMINGLY CLOSED.

ESS auto configured mode is FLAWED!

I plugged my ESS 8 fortress with Seconfig XP though the ESS 8 was configured by me for max shield following tips given in this website forums.
 
  • Like
Reactions: _CyberGhosT_

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
Gotta love the low impact of Webroot. Might not be the best but for someone that knows what their doing then its good enough.

Nice Config. :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top