Security config change recommendations

What should I do?


  • Total voters
    8

CoherentCrayon

Level 4
Thread author
Verified
Jun 23, 2017
183
Currently on my system I have:
Real-time protection: Norton Security, VoodooShield
On-demand scanners: Norton Security, HitmanPro, Zemana AntiMalware, Malwarebytes, Emsisoft Emergency Kit.

VoodooShield blocks way too much in my opinion (stuff that shouldn't be blocked) and I'm thinking about uninstalling it, and maybe switching Norton SONAR (the behavior blocker in Norton) to Aggressive mode. What do you guys think I should do? (I don't want to pay for anything extra except for Norton)
 

CoherentCrayon

Level 4
Thread author
Verified
Jun 23, 2017
183
Try Voodoshield in AutoPilot mode.
I have it in Autopilot mode but when applications needs to update (which happens automatically in the background), VoodooShield blocks many things (mostly command lines), which I find annoying. If you don't do anything and let VoodooShield block it automatically, the update will fail. Even if the applications are whitelisted, cmd.exe command lines are blocked for example.

/steel9
 

brod56

Level 15
Verified
Top Poster
Well-known
Feb 13, 2017
737
I have it in Autopilot mode but when applications needs to update (which happens automatically in the background), VoodooShield blocks many things (mostly command lines), which I find annoying. If you don't do anything and let VoodooShield block it automatically, the update will fail. Even if the applications are whitelisted, cmd.exe command lines are blocked for example.

/steel9
Youll be able to disable cmd/powershell/etc blocks in Voodooshield Pro in the coming version I think.
 
  • Like
Reactions: CoherentCrayon

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Norton on default settings already offers a efficient protection without VS.
You're also using HitmanPro, Zemana anti-Malware, Malwarebytes, Emsisoft Emergency Kit as on-demand scanners and I think you're fine.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
if you found VS blocking too much, I can recommend you to replace Vs by secureaplus, you may find a legit 2-year license somewhere
it will block less programs

I strongly do not recommend to increase SONAR to aggressive because it would freeze your PC during its analysis, high CPU and disk usage

according to my experience, I never trust norton to be the only product to protect the system because there are some ridiculous bugs that we may or may not know in this app
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
You can try other software if you dont like VS:

SpyShelter: solid HIPS with auto-mode have big white-list, dont asking too much like VS does
ReHIPS: good HIPS with Sandbox mode - can offen ask but not problematic after setup rules
Exe Radar Pro - offen ask but very solid secuirty.
AppGuard - SRP software based on anti-exe policy.... dont asking you need manual setup rules very effective layer of security - One of my fav :D

If you dont like Norton i can offer you Avira or Emsisoft
Avira poor firewall so buy stand alone AV which is rly strong and have nice PUP database.
Emsisoft have solid AV with enchanced behavior if something miss will promot you about decide to allow or block process and good Firewall.

In my opinion i would change both Norton is fat and so much offen unstable with other 3rd software security. For monitoring system i more prefer HIPS layer, ReHIPS or SpyShelter
 
Last edited:

CoherentCrayon

Level 4
Thread author
Verified
Jun 23, 2017
183
if you found VS blocking too much, I can recommend you to replace Vs by secureaplus, you may find a legit 2-year license somewhere
it will block less programs

I strongly do not recommend to increase SONAR to aggressive because it would freeze your PC during its analysis, high CPU and disk usage

according to my experience, I never trust norton to be the only product to protect the system because there are some ridiculous bugs that we may or may not know in this app
Oh okay. I haven't seen a bug since Norton Internet Security 2014 :p. IMO Norton Security is a lot better than the previous Norton versions. And I'll try out SecureAPlus in a VM and see if I like it first.

/steel9
 

CoherentCrayon

Level 4
Thread author
Verified
Jun 23, 2017
183
You can try other software if you dont like VS:

SpyShelter: solid HIPS with auto-mode have big white-list, dont asking too much like VS does
ReHIPS: good HIPS with Sandbox mode - can offen ask but not problematic after setup rules
Exe Radar Pro - offen ask but very solid secuirty.
AppGuard - SRP software based on anti-exe policy.... dont asking you need manual setup rules very effective layer of security - One of my fav :D

If you dont like Norton i can offer you Avira or Emsisoft
Avira poor firewall so buy stand alone AV which is rly strong and have nice PUP database.
Emsisoft have solid AV with enchanced behavior if something miss will promot you about decide to allow or block process and good Firewall.

In my opinion i would change both Norton is fat and so much offen unstable with other 3rd software security. For monitoring system i more prefer HIPS layer, ReHIPS or SpyShelter
I'll look into them.

I like Norton, and switching AV is not an option for me because I get both Norton and F-Secure free from a magazine I subscribe to. Also Norton has improved since recent versions (now they have also moved stuff into the cloud so it's lighter if I understood it right). But thanks for the tips, I'll look into the anti-exe/HIPS products!

/steel9
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
Hello! Try the Norton Security with the free Comodo Firewall (of course with enabled Sandbox, that run all processes that are not signed or not good in the security reputation in a "Sandbox"). It is very light and it will help you with blocking zero-day malware. Change also Norton to default settings.

Fantastic settings for Comodo Firewall (Credits go to @cruelsister ):


Here you can download it. Be sure not to install the included internet browser or any Ad-Ware from Yahoo! For more lightness you can uninstall the Internet Security Toolbox after installing the firewall.
Free Firewall | Get Award Winning Comodo Firewall Today
 
  • Like
Reactions: DeepWeb

CoherentCrayon

Level 4
Thread author
Verified
Jun 23, 2017
183
Hello! Try the Norton Security with the free Comodo Firewall (of course with enabled Sandbox, that run all processes that are not signed or not good in the security reputation in a "Sandbox"). It is very light and it will help you with blocking zero-day malware. Change also Norton to default settings.

Fantastic settings for Comodo Firewall (Credits go to @cruelsister ):


Here you can download it. Be sure not to install the included internet browser or any Ad-Ware from Yahoo! For more lightness you can uninstall the Internet Security Toolbox after installing the firewall.
Free Firewall | Get Award Winning Comodo Firewall Today

But as Norton has it's own firewall, wouldn't Norton and Comodo Firewall conflict with each other?

/steel9
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
That's the good part about VS. If you know about what you're doing, the more user dependant a software is, the more security you'll have, since you'll know what you are doing. If you don't like alerts, then another suite like Kaspersky would suit you better since it's an "install and forget", Application Manager customized to harden security and block and untrusted apps would do in behalf of VoodooShield.
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
That's the good part about VS. If you know about what you're doing, the more user dependant a software is, the more security you'll have, since you'll know what you are doing. If you don't like alerts, then another suite like Kaspersky would suit you better since it's an "install and forget", Application Manager customized to harden security and block and untrusted apps would do in behalf of VoodooShield.

That true in this case at last you can use virtualization with sandbox.
While you can set up speficic system or program to not have acess to rest of system/folder database :D
Its good if you must run something which can bring malware to your system like:
Microsoft Office, web browser ,torrent downloader, pdf reader etc.

VMware Workstation - Full System virtualization
Sandboxie - Sandbox
ReHIPS - Sandbox with Advanced HIPS
 
  • Like
Reactions: frogboy

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
But as Norton has it's own firewall, wouldn't Norton and Comodo Firewall conflict with each other?

/steel9

It can be so but you can deactivate the Norton firewall and leave the signatures on. Of course you install then Comodo that brings a good Firewall + Sandbox (LIGHT!). If you want to use the HIPS from Norton, then follow the @cruelsister settings. If not then deactivate it in Norton and activate it in Comodo ;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top