SecurityDolphin New Security 2017

[securitydolphin]

My new configuration focused on being lightweight while not compromising on protection. Webroot with whitelisting on stops most malware in its tracks, UAC as well, Anti-Exploit stops payloads from even hitting, and DNSCrypt secures DNS. Acrylic DNS and uBlock gets rid of all advertisements that lead to malware, and a strict popup blocker to prevent popunders. Syncthing syncs with a central server at home running a hardened Arch Linux box. Bitlocker acts as endpoint protection. No system imaging is used.

Note; I used pruned EasyList and EasyPrivacy lists here (without the whitelisting). They are all separated into modules giving me the ability to pick and choose. GitHub - easylist/easylist: EasyList filter subscription

 

[frogboy]

Hello and welcome to MalwareTips. I hope you enjoy your time here in our forums.

 

[King Alpha]

Nice and light config. Thanks for sharing!

 

[Paul Lee]

Nice config! I think we have a time traveller from 2017 guys

 

[LabZero]

Just add a second opinion scanner as Zemana Antimalware Free or paid or Malwarebytes.
Backup and recovery plan is Must to Have for secure your OS and data it contains.

 

[DJ Panda]

Be sure to enable Smartscreen and add on on demand scanner like Zemana.

 

[securitydolphin]

I leave SmartScreen disabled as Webroot's file reputation system is much better than SmartScreen, and I don't need the redundancy. Especially when SmartScreen is one of the less robust file reputation defenses, since anything that is signed bypasses it quite easily. I don't use on-demand scanners since my preventative measures stop all malware in its tracks before I can click yes/no.

And, I do have a backup system in place with Syncthing, I just sync it on another PC periodically.

 

[Lucent Warrior]

Especially when SmartScreen is one of the less robust file reputation defenses, since anything that is signed bypasses it quite easily.

Please take a look at this post, in the "Dynamic spoiler" sample #3, look not only in the file indicators, but also in the 1st screen shot of execution, I think you will see a signed file flagged by Smartscreen. It is very seldom I see samples bypass Smartscreen and or UAC.

24-08-2016 #9

 

[Exterminator]

It cannot hurt to enable Smartscreen as pointed out by @J Gamez065 & @Lucent Warrior
Nice light config! Thanks for sharing it with us

 

[Deleted member 178]

Any reason to disabling Smartscreen?

 

[JM Safe]

Please enable SmartScreen, and install a good on-demand scanner, such as ZAM Free and MBAM.

Thanks for sharing.