SECURE Shmu26 Config in 2017

Discussion in 'PC Security Configuration' started by shmu26, Feb 14, 2017.

  1. Captain Awesome

    Captain Awesome Level 19

    May 7, 2016
    901
    7,055
    Student
    India
    Windows 10
    Emsisoft
    Thanks for the info.@XhenEd
     
    AtlBo, SHvFl, XhenEd and 2 others like this.
  2. erreale

    erreale Level 4

    Oct 22, 2016
    191
    791
    Italy
    Windows 10
    Isolation
    Many thanks
     
    AtlBo, SHvFl, XhenEd and 2 others like this.
  3. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    But on a more serious note, you are 100% right that running AppCheck would be silly, if I used my other security apps to their maximum capabilities.

    However, I have Kaspersky at close to default settings, which is not bulletproof.
    And I have ReHips running with isolation disabled for a lot of apps, so it is fighting with its right hand tied behind its back.
     
    Sunshine-boy, AtlBo, Rengar and 2 others like this.
  4. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,406
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    Still appcheck makes no fucking sense. Rehips hips feature will ask you to allow something to run and you also have backups in case you become stupid for a few seconds and click allow. You are just wasting pc recourses with using appcheck.
     
    AtlBo, frogboy, Rengar and 2 others like this.
  5. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    Your logic is right.
    If I could feel AppCheck running on my system, I would get rid of it. But it is pretty light. So I am keeping it on-board as my new toy.
     
    Sunshine-boy, AtlBo, Rengar and 2 others like this.
  6. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,406
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    Note that is uses disk IO when changes happen to your files. Basically doubles the activity of what you are doing because it has to also copy the file to the save location. So depending on usage and the kind of disk you own you might notice it then. I was not talking about cpu or ram usage.
     
    AtlBo, frogboy, BugCode and 1 other person like this.
  7. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    I didn't think of that...
     
    AtlBo and SHvFl like this.
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    Removed: AppCheck
     
    Rengar, AtlBo and SHvFl like this.
  9. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    New config:
    Windows Defender
    VoodooShield pro
    Binisoft Windows Firewall Control pro
    WinPatrol free
     
  10. Trickster

    Trickster Level 14

    Jul 28, 2016
    663
    5,200
    Loving / caring Husband :)
    Europe
    Windows 10
    BullGuard
    nice new setup you have got there mate! :D
     
  11. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    From the recent Comodo bypass, I learned the value of startup protection and good firewall control (besides the obvious lesson of not to trust massive commercial whitelists), so that's why I added WinPatrol and Binisoft.
     
  12. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,165
    29,666
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    IMO, Winpatrol is not needed , registry monitoring is useless with VS; to the startup to be compromised , the dropper have to bypass VS...
     
  13. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    Right, technically not needed, but is helpful in case of user misjudgment.
     
  14. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,517
    Qihoo 360
    Nice setup @shmu26. The more I use NVT ERP, the more I like the lightness, controllability, and simplicity of this app. NVT devs seem to have thought of the little things and then made them easy to work with generally.

    Comodo seems to have done work on this with the latest update. Not sure if it was at the price of lower protection though. I was getting a pop up when opening Chrome because 360 Shopping Protection module required a script to run. It used a random temp each time, so CFW would save each script, and they piled up in the Tempscript folder. This one has been documented, but since I updated about two weeks ago it seems to be gone now. I suggested on the board that the devs could make wildcarding a thing for the script monitor element. Doubt anything will happen, since the only reply had to do with the feature being new and more shouldn't be expected :(.

    Not sure if Comodo is monitoring scripts to a lesser degree (fewer types) now to escape this behavior or if there is a more clever fix in CFW. Maybe extensions are being exempt, idk. Also, not even sure if this element of Comodo was fully comprehensive protection in the first place.

    CFW does seem vulnerable during startups. Any chance you have at hand a pointer to information about the bypass? 360 TS is supposed to monitor startups, but lately I am having my doubts about the extensiveness of the coverage. Not sure it covers all types.

    I kind of agree with @Umbra about the TVL. It's too big. I think Comodo should come up with a setting that allows for use of a short list. I mean, I sort of under$tand why they want to pay off devs who pay for certificates or whatever, but a short list of Microsoft and then create your own TVL works best for me so far.
     
  15. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    Yes, ERP continues to be a great app. Knowing me, I will probably come back to it after a while.

    Look in Comodo advanced protection, and you will see that protection was lowered for cmd.exe and a bunch of other problematic processes.

    Video Review - Malware bypass Comodo Firewall @ CS settings

    Comodo firewall bypassed by signed malware - News / Announcements / Feedback - CIS

    The second thread starts out telling you what you already know (if you read the first thread), but then it gets more interesting.

    Hey, @AtlBo, haven't seen you around in a while...
     
    Sunshine-boy, AtlBo, SHvFl and 3 others like this.
  16. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,517
    Qihoo 360
    #76 AtlBo, May 2, 2017
    Last edited: May 2, 2017
    For me, it's like a UAC booster with easy configuration or maybe a nice app firewall, once configured. It's so light I feel like I don't have to perma-block/allow apps that I want to study.

    Thanks. I thought about enabling all the embedded code protections of this to see what would happen. Think I will try it now that you have given me some intiative. :)

    I will look at the links. Bad news to see news of a bypass, but I am not 100% surprised sadly.

    Been following the conversations. I got a little bit busy too I guess, but mostly I think I found myself in a somewhat of a confused o_O frenzy over the last 6 months to try to catch up with security developments. Started getting the impression that I was losing touch, so I was asking many questions I know. You and the rest of the MT guys helped thankfully :), and things have slowed down some. Like where you are going with your setup, and appreciate the great commentary it started here.
     
  17. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,165
    29,666
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    just for info, ERP is an Anti-executable , which has nothing to do with UAC being an elevation-blocker.
     
    AtlBo, SHvFl and Winter Soldier like this.
  18. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    Current config:
    Kaspersky Internet Security 2018 RC
    VoodooShield

    both are close to default settings
     
    Sunshine-boy, BugCode, AtlBo and 3 others like this.
  19. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    My current config, after Windows 10 reinstall:
    ReHIPS
    HitmanPro.Alert 7 (beta)
    Avast free w/o behavior shield
     
  20. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,278
    13,605
    Utopia
    Removed: HMPA (interfered with Windows updates)
    Added: Avast behavior shield and Avast firewall
     
    Sunshine-boy, Evjl's Rain and SHvFl like this.
Loading...
Similar Threads Forum Date
Shmu26's new security config SCW Archive May 31, 2016
shmu26 security config SCW Archive Nov 24, 2015
CAUTION VukAnd12's PC config (1) PC Security Configuration Today at 8:41 AM