reyes 2016 security config

[Deleted member 178]

I know i try my maximum to avoid hard shut down.... Hope my UPS will hold good always have my image backups ...

my case:

1- using RX, sudden powercut, reboot , bootloader says it fix changes.
2- second powercut , same senario as above
3- 1h later, 3rd powercut, reboot, Rx bootloader stuck , reboot, try to load a image, impossible, mbr corrupted, tried dozen of ways to load/restore/fix it ; nothing works.
4- after 3h on it, only choice was to format the whole drive
-5 banned RX from my computers until they implement an auto-fix "restore system before RX" prior to the loader. a kind of cold restore

 

[reyes]

my case:

1- using RX, sudden powercut, reboot , bootloader says it fix changes.
2- second powercut , same senario as above
3- 1h later, 3rd powercut, reboot, Rx bootloader stuck , reboot, try to load a image, impossible, mbr corrupted, tried dozen of ways to load/restore/fix it ; nothing works.
4- after 3h on it, only choice was to format the whole drive
-5 banned RX from my computers until they implement an auto-fix "restore system before RX" prior to the loader. a kind of cold restore

Thats why i always keep Terabyte WinPE , Terabyte Image for linux, Bootit Baremetal, Shadow protect Recovery Environment within a same bootable usb made using Easy2boot

 

[Deleted member 178]

i had Acronis on USB , a backup in another drive but it failed too

 

[reyes]

i had Acronis on USB , a backup in another drive but it failed too

to be honest i dont trust Acronis.......... If you want reliable Image software its Terabyte image for window..... It might be a little bit of learning curve with lots of options but once you know you wont regret the time spent on it

 

[reyes]

Palemoon Vs Cyberfox : i would like to know your experiences.........

 

[Welldone]

Same security config as Reyes but on Windows 7

 

[Deleted member 178]

Cyberfox for me , quite fast and 2 versions optimized for the amd or intel cpu (maybe a marketting trick but it works on me ^^)

I tried palemoon before, it is also solid but never appealed me

 

[XhenEd]

I currently use Pale Moon (Intel Atom-optimized). It's fast.

 

[Moose]

Anyone tried seamonkey browser lately?
http://www.seamonkey-project.org/
http://www.softpedia.com/dyn-search.php?search_term=seamonkey&x=0&y=0

 

[Overkill]

Nice config, may I ask what your tweaks are for ERP and sbie?

 

[reyes]

For NVTERP
On a clean system
After installing ERP i will uncheck the options in settings
Allow Microsoft system protected processes
Allow all software from program files folder
Do not allow signed processes(in signed processes settings)
then i will whitelist
C:\Program Files
C:\Program Files (x86)
C:\Windows
this works great as it will block any modification to the system without our consent

For SBIE
i will create separate sandbox for each browser
main settings tweaks
Automatically delete contents of sandboxie
Drop rights
Read only access to C:\windows
Blocked access to private folders
Also i will check dont show sandboxie indicator in windows title
i am not using start/run access restriction but you can do it if you want
for HMPA to work i have to give full access to \Device\NamedPipe\hmpalert in each browser sandbox

 

[reyes]

Nice config, may I ask what your tweaks are for ERP and sbie?

earlier you had to add OpenPipePath=*\mailslot\NVTInj\* this to each sandboxie but its not needed now as NVTERP is fully compatible with sandboxie also now NVTERP can detect processes started inside sandboxie and if you are using Appguard you can remove C:\Sandbox from Appguard userspace if you had added before.....

 

[Overkill]

So no tweaks needed anymore?

 

[reyes]

So no tweaks needed anymore?

Nope everything works fine if you whitelist as i mentioned

 

[reyes]

Update
Removed : Rollback Rx (got my share of BSOD's )
Added : Revo uninstaller Pro (not going to use it much but still i can extent the time period between image restores)

 

[Deleted member 178]

Update
Removed : Rollback Rx (got my share of BSOD's )

finally you woke up too ^^

 

[reyes]

Update
Removed : Binisoft WFC
Added : Outpost Firewall Pro ( Anti Leak set to Advanced and firewall to block most after creating all the basic rules...)
Outpost Firewall seems to be a solid product with some great features
Changed my primary backup solution to TB image for Linux..... which gives a better speed than TB Image for Windows

 

[reyes]

Another Update
Removed : Outpost Firewall
Added : WFC, Shadow Defender (on Demand)

Shadow Defender is working perfectly but i have some errors in the event viewer while using it. Can anyone who is using SD confirm this

Spoiler

Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 02-10-2014 13:10:13
Event ID: 1101
Task Category: Event processing
Level: Error
Keywords: Audit Success
User: N/A
Description:
Audit events have been dropped by the transport. 0


Log Name: System
Source: Microsoft-Windows-Kernel-Boot
Date: 02-10-2014 13:09:59
Event ID: 16
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Description:
Windows failed to resume from hibernate with error status 0xC000007B

Also when i enter shadow mode i get this in event viewer

Description:
The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset. The data contains the error code.

 

[Sasa]

what is WFC?

 

[reyes]

Binisoft Windows Firewall Control