Plexx's Configuration (2013 Edition) - N/A

[Plexx]

RE: Biozfear's Configuration

Haven't done any yet. Hold on. Will post results soon.

Edit:
Stock settings for Quick Scan (nothing was changed):

1st scan:

2nd scan:

 

[Plexx]

RE: Biozfear's Configuration

Been having avast with Mamutu trial running on a test computer and both seem to be running fine, so decided to reinforce avast! security on this system.

A BB does cause less alerts on gaming patches as opposed to HIPS, tho CIS D+ didn't cause many apart from the updates itself of the patches overwrite the current registry entries and therefore new alerts being generated as a result (SMITE Close Beta for example).


PS: Pairing a BB with a decent AV can be easier for the normal user as opposed to pairing HIPS with a decent AV. Can call it a dumb down variation of the famous Umbra Virus. I prefer calling the Bio approach

 

[Overkill]

RE: Biozfear's Configuration

I like this new config bio, how do you compare Avast BB to Mamutu?

 

[Deleted member 178]

RE: Biozfear's Configuration

Been having avast with Mamutu trial running on a test computer and both seem to be running fine, so decided to reinforce avast! security on this system.

it is a very good combo, for those that don't need a second AV running, you got the best proactive feature of EAM .

A BB does cause less alerts on gaming patches as opposed to HIPS, tho CIS D+ didn't cause many apart from the updates itself of the patches overwrite the current registry entries and therefore new alerts being generated as a result (SMITE Close Beta for example).

i Agree, a BB is less user-dependent than an HIPS, also Mamutu (included in EAM) download signatures and you can create rules, for example at the first time it flag a process/program that is executed you can decide to allow it; then at the next modification that will come from it, it will kicks a alert that notify the program is updated (for example every time WSA is updated to a new version, EAM notify that it is an update and if i allow it)

PS: Pairing a BB with a decent AV can be easier for the normal user as opposed to pairing HIPS with a decent AV. Can call it a dumb down variation of the famous Umbra Virus. I prefer calling the Bio approach

i will tell you the origin of the Umbra Virus aka CIS + EAM.

at beginning, i used only CIS for its HIPS, but i also read than a BB is another way to protect the system. I started googled for the definition of a BB , then i found that a BB can't be run with an HIPS, i was quite disappointed until i read an article made by an renowned expert in security that says BB functions differently than an HIPS and both could run together. You can imagine my "Jump for joy"

so i start looking for a decent BB, at that time the most popular BBs were Threatfire and Mamutu, but i read some articles that said Threathfire was a resource hog so i downloaded Mamutu and ran it alongside CIS without any issues (as said the expert).

i ran this combo for a while until i discovered EAM companion possibilities and i was surprised Mamutu was in it; so i shifted from Mamutu to EAM.

Then the Umbra Virus was created , CIS + EAM ran together in real time!

My combo,at beginning, was criticized badly by some Wilders' so-called "expert" stating the good old "running two AVs in real-time is silly and lead to chaos on the system"; without knowing how EAM worked.

I eradicated all critics by posting articles from Emsisoft showing that EAM is a companion, then silence came. I won

 

[Plexx]

RE: Biozfear's Configuration

@MRF71:
I launched some games to test out avast BB versus Mamutu.

With Mamutu disabled, avast did not kick in at all. Settings on default were to: Auto Decide.

Now the same games on HIPS (D+ of COMODO) did generate alerts as to be expected (apart from EVE Online which seems whitelisted).

Now with Mamutu enabled I get this:

Spoiler

At this stage, I am already pleased with it due to the information provided by Mamutu as well as the list of options. Needless to say I chose Exclude as I know this is a known safe game/aplication.

Moment I bypassed the launcher.exe, I got the second greeting which I fully agree:

Spoiler

Once I excluded the second process, was able to play the game without a problem. Note: Eve online does not have a virtual keyboard for logging in.

The same type of alerts observed on RaiderZ, Seven Core Online.


Note that I am in no way saying avast! Behavior Shield doesn't work. What I am saying is that it did not kick off on applications I expected to kick off. Also without avast! Behavior Shield, Script Shield becomes useless. As long as both Mamutu's 2 processes are excluded in avast! and avast!'s 2 processes excluded in Mamutu, they live in harmony. Plus, Mamutu as a standalone BB completes avast in my opinion.

For those interested in the RAM used of Mamutu:

Spoiler

I will make a guide in due course of Mamutu showing what to exclude etc and how to pair it with avast.

@Umbra:
This config is a stripped down version. I have been running without an On Demand Scanner for awhile since I do not really need it and whilst using CIS it was fine, when using other vendors there seem to always have something missing in a way (avg as an exception as it has a BB called Identity Protection).

If a traditional user wishes to use this as a guide, then for sure it is advised to have MBAM and or HMP as a second opinion scanner.

So that was the origin of your config, it started with Mamutu. Interesting.

 

[MrExplorer]

RE: biozfear configuration

You have used both CIS & Emsisoft Mumntu.
Which BB you like Emsisoft Mumntu ot CIS BB

 

[Deleted member 178]

RE: Biozfear's Configuration

@Umbra:
I have been running without an On Demand Scanner for awhile since I do not really need it and whilst using CIS it was fine

yes me too, CCE is on the USB, i leave the protection to my Umbra Virus v2 aka "EIS + WSA"

So that was the origin of your config, it started with Mamutu. Interesting.

yes, then i cant live without it ^^

Emsisoft won my love step-by-step : Mamutu > EAM > OAP > EIS

 

[Plexx]

RE: biozfear configuration

You have used both CIS & Emsisoft Mumntu.
Which BB you like Emsisoft Mumntu ot CIS BB

CIS (5.10 as I did not use version 6 long enough nor am I too familiar with it as I am still learning from posts here, posts in CIS forum and Chiron's guide), uses HIPS (Defense +). That is the main strength.

In general, HIPS are more complete than Behavior Blocker in a nutshell as they offer more protection and monitor more than a BB.

Now there are different variations of Behavior Blockers. Some use a white listing method, while others pre-defined rules. This is where it sort of shows similarities to HIPS (not Classical HIPS).

If you want a deep down explanation of Classical HIPS, Littlebits would be the best person I can think of that would be able to give you more insight.

If you want a deep down explanation on Comodo HIPS (prior to version 6) then Chiron and HeffeD.

If you want a deep down explanation on Online Armor HIPS (which works slightly different than Comodo's, then Umbra is your best bet.

If you want a deep down explanation on ESET HIPS, you may look at my guide to customize ESET HIPS. ESET HIPS follows rules as in Interactive mode will ask all steps to the user, whilst policy based will follow rules and if none exist for such action, it will deny it being ran. ESET HIPS is considered in the market the most fresh/new HIPS. It also protects slightly less than Comodo's Defense + and its customization.


As for your question itself, I always liked HIPS (up to a certain extent Comodo was my favorite). But as you know, I am a gamer and it can be dauting at first to configure everything.

Using Mamutu is slightly more user friendly for average user, although I am advanced, other family members aren't so Mamutu would provide just that layer of protection which I was missing without using HIPS.

Sure I could customize the HIPS on the machines and then let them use but on the off case of a pop up appearing and me not being around, it would either cause confusion or put them off.

So in the end, I like both but for simplicity sake, I am running Mamutu and am finally happy. Now pairing Mamutu and AVG is a different story and that will require some slight testing.

 

[Deleted member 178]

RE: Biozfear's Configuration

All is said in this post

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

Removed avast! 7 and replaced with McAfee SaaS Endpoint Protection.

McAfee SaaS Endpoint Protection includes:
AV module
Firewall module
Browser Protection module (which includes McAfee Site Inspector Enterprise and is also a web protection module. Do not confuse this with SaaS Web Protection which is a separate service)

Below are some screenshots. Note that configuration of AV module including exclusions/schedule/updates/etc, Firewall module and Web Protection module are done in your McAfee account via a Secure address (similar concept used by avast on my avast account).

UI is by far the cleanest from them, but then again this is an Endpoint solution:

Spoiler

Spoiler

Configuration of its modules (done via secure web link):

Spoiler

Processes and RAM usage (Idle):

Spoiler

Firewall alert:

Spoiler

Edit: added Firewall alert screenshot

 

[3link9]

RE: Biozfear's Configuration (2013 Edition)

Looks like the SaaS I have except mine doesnt have the firewall and browser protection.

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

Looks like the SaaS I have except mine doesnt have the firewall and browser protection.

They have one like yours, one like mine and I believe one with Email on top of it.

Not sure. took me awhile to figure it out which one was which one.

 

[illumination]

RE: Biozfear's Configuration (2013 Edition)

How is it running on your system/feeling? I have not used a McAfee product in quite a few years..
BTW love the signature!

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

How is it running on your system/feeling? I have not used a McAfee product in quite a few years..
BTW love the signature!

Being an endpoint solution, can't complain.

CPU usage whilst full system scan is low.

Boot time was actually faster than avast.

Every configuration and policies are done via web based console.

Only issue I have is the slightly higher amount of processes to my liking but I believe its also due to adding a trial module to my endpoint subscription, which I have not yet configured properly (Web Protection module).

Edit: Web Protection module is tied up to the account so it ain't that.
What I noticed however is 2 siteadvisor's entries on add/remove programs. 1 x86, 1 x64.

Still, it is light as a feather, as well as no performance issues nor drops in FPS whilst gaming.

 

[raxa707]

RE: Biozfear's Configuration (2013 Edition)

nice combo btw are there any alternatives to bufferzone coz its not supported on win 8

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

nice combo btw are there any alternatives to bufferzone coz its not supported on win 8

I do not use BufferZone Pro or any virtualization software.

An alternative to BufferZone Pro is Sandboxie.

 

[Overkill]

RE: Biozfear's Configuration (2013 Edition)

Why Mcafee? Have you tested it in the VM?

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

Why Mcafee? Have you tested it in the VM?

I've tested for 2 months in a junk pc during a course of 8 months timeframe to be exact, before activating my license.

Reason for McAfee: check review and guide I published.

For me, as an advanced user, it works just fine. The same if I had ClamWin.

Detection rate ain't bad at all either. Not the best for sure but good enough for me

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

Since I have replaced my other laptop with SaaS, spent nearly 48 hours AVless before deciding to go back on the stable build of avast that I had.

The custom Installation and settings of avast! can be found here.

I miss the 2 processes running, over 8 from SaaS. However, other laptop is fine with 8 since it has way less stuff running that are crucial.

 

[Plexx]

RE: Biozfear's Configuration (2013 Edition)

Removed AV due to barely being online at the moment. Probably revert back to CAV or ESET when I get online more often.