SECURE: BASIC Shmu26 Config in 2018

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
Most recent changes
Apr 26, 2018
Operating System
Windows 10
Windows Edition
Pro
Build
latest stable build
System type
64-bit OS
Security Updates
Automatic Updates - All security and feature updates
User Access Control
Always Notify - For App installs, Modify system & User settings
Device Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Windows Defender SmartScreen
User Account
Standard - User has some control over the settings
Recent Security Issues
Not in a long time
Security Testing with Malware
No - Malware is avoided where possible
Real-time Web & Malware Protection
Windows Defender w/Andy Ful ConfigureDefender
Software Restriction Policy (Andy Ful Hard_Configurator)
NoVirusThanks OSArmor
Excubits MemProtect (demo)
Excubits Pumpernickel (demo)
Security Protection settings
Custom - Major changes for Increased Security
Virus and Malware Removal Tools
Zemana
Browsers and Extensions
Chrome
HTTPS Everywhere
Web Privacy
uBlock Origin w/added filters, uBlock Origin Extra, Windows Defender Browser Protection, Malwarebytes
Password Management
LastPass
Default Web Search
Google
System Utilities collection
Windows Disk Cleanup
CCleaner
DriverStoreExplorer
PatchCleaner
Personal data Backup
Dropbox
OneDrive
Intervals between Personal data backups
Always-on Sync
Disk Imaging Backup
Macrium Reflect Home
Intervals between System Image backups
Regularly

shmu26

Level 58
Jul 3, 2015
4,730
Operating System
Windows 10
Installed Antivirus
Microsoft
#63
Why dot you even have appcheck, jeez....
But on a more serious note, you are 100% right that running AppCheck would be silly, if I used my other security apps to their maximum capabilities.

However, I have Kaspersky at close to default settings, which is not bulletproof.
And I have ReHips running with isolation disabled for a lot of apps, so it is fighting with its right hand tied behind its back.
 

SHvFl

Level 32
Content Creator
Verified
Nov 19, 2014
2,161
Operating System
Windows 10
Installed Antivirus
Emsisoft
#64
But on a more serious note, you are 100% right that running AppCheck would be silly, if I used my other security apps to their maximum capabilities.

However, I have Kaspersky at close to default settings, which is not bulletproof.
And I have ReHips running with isolation disabled for a lot of apps, so it is fighting with its right hand tied behind its back.
Still appcheck makes no fucking sense. Rehips hips feature will ask you to allow something to run and you also have backups in case you become stupid for a few seconds and click allow. You are just wasting pc recourses with using appcheck.
 

shmu26

Level 58
Jul 3, 2015
4,730
Operating System
Windows 10
Installed Antivirus
Microsoft
#65
Still appcheck makes no fucking sense. Rehips hips feature will ask you to allow something to run and you also have backups in case you become stupid for a few seconds and click allow. You are just wasting pc recourses with using appcheck.
Your logic is right.
If I could feel AppCheck running on my system, I would get rid of it. But it is pretty light. So I am keeping it on-board as my new toy.
 

SHvFl

Level 32
Content Creator
Verified
Nov 19, 2014
2,161
Operating System
Windows 10
Installed Antivirus
Emsisoft
#66
Your logic is right.
If I could feel AppCheck running on my system, I would get rid of it. But it is pretty light. So I am keeping it on-board as my new toy.
Note that is uses disk IO when changes happen to your files. Basically doubles the activity of what you are doing because it has to also copy the file to the save location. So depending on usage and the kind of disk you own you might notice it then. I was not talking about cpu or ram usage.
 

shmu26

Level 58
Jul 3, 2015
4,730
Operating System
Windows 10
Installed Antivirus
Microsoft
#67
Note that is uses disk IO when changes happen to your files. Basically doubles the activity of what you are doing because it has to also copy the file to the save location. So depending on usage and the kind of disk you own you might notice it then. I was not talking about cpu or ram usage.
I didn't think of that...
 

AtlBo

Level 24
Dec 29, 2014
1,380
Installed Antivirus
Qihoo 360
#74
Nice setup @shmu26. The more I use NVT ERP, the more I like the lightness, controllability, and simplicity of this app. NVT devs seem to have thought of the little things and then made them easy to work with generally.

Well, the pesky problem came back after a while, but I seem to have solved ALL my Comodo issues by replacing Norton Family with Safe Lagoon, which doesn't do this intrusive thing with Chrome that drives CFW crazy.
Comodo seems to have done work on this with the latest update. Not sure if it was at the price of lower protection though. I was getting a pop up when opening Chrome because 360 Shopping Protection module required a script to run. It used a random temp each time, so CFW would save each script, and they piled up in the Tempscript folder. This one has been documented, but since I updated about two weeks ago it seems to be gone now. I suggested on the board that the devs could make wildcarding a thing for the script monitor element. Doubt anything will happen, since the only reply had to do with the feature being new and more shouldn't be expected :(.

Not sure if Comodo is monitoring scripts to a lesser degree (fewer types) now to escape this behavior or if there is a more clever fix in CFW. Maybe extensions are being exempt, idk. Also, not even sure if this element of Comodo was fully comprehensive protection in the first place.

From the recent Comodo bypass, I learned the value of startup protection and good firewall control (besides the obvious lesson of not to trust massive commercial whitelists), so that's why I added WinPatrol and Binisoft.
CFW does seem vulnerable during startups. Any chance you have at hand a pointer to information about the bypass? 360 TS is supposed to monitor startups, but lately I am having my doubts about the extensiveness of the coverage. Not sure it covers all types.

I kind of agree with @Umbra about the TVL. It's too big. I think Comodo should come up with a setting that allows for use of a short list. I mean, I sort of under$tand why they want to pay off devs who pay for certificates or whatever, but a short list of Microsoft and then create your own TVL works best for me so far.
 

shmu26

Level 58
Jul 3, 2015
4,730
Operating System
Windows 10
Installed Antivirus
Microsoft
#75
The more I use NVT ERP, the more I like the lightness, controllability, and simplicity of this app. NVT devs seem to have thought of the little things and then made them easy to work with generally.
Yes, ERP continues to be a great app. Knowing me, I will probably come back to it after a while.

Not sure if Comodo is monitoring scripts to a lesser degree
Look in Comodo advanced protection, and you will see that protection was lowered for cmd.exe and a bunch of other problematic processes.

Any chance you have at hand a pointer to information about the bypass?
Video Review - Malware bypass Comodo Firewall @ CS settings

Comodo firewall bypassed by signed malware - News / Announcements / Feedback - CIS

The second thread starts out telling you what you already know (if you read the first thread), but then it gets more interesting.

Hey, @AtlBo, haven't seen you around in a while...
 

AtlBo

Level 24
Dec 29, 2014
1,380
Installed Antivirus
Qihoo 360
#76
Yes, ERP continues to be a great app. Knowing me, I will probably come back to it after a while.
For me, it's like a UAC booster with easy configuration or maybe a nice app firewall, once configured. It's so light I feel like I don't have to perma-block/allow apps that I want to study.

Look in Comodo advanced protection, and you will see that protection was lowered for cmd.exe and a bunch of other problematic processes.
Thanks. I thought about enabling all the embedded code protections of this to see what would happen. Think I will try it now that you have given me some intiative. :)

I will look at the links. Bad news to see news of a bypass, but I am not 100% surprised sadly.

Been following the conversations. I got a little bit busy too I guess, but mostly I think I found myself in a somewhat of a confused o_O frenzy over the last 6 months to try to catch up with security developments. Started getting the impression that I was losing touch, so I was asking many questions I know. You and the rest of the MT guys helped thankfully :), and things have slowed down some. Like where you are going with your setup, and appreciate the great commentary it started here.
 
Last edited:

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,501
Operating System
Windows 10
Installed Antivirus
Default-Deny
#77
For me, it's like a UAC booster with easy configuration or maybe a nice app firewall, once configured. It's so light I feel like I don't have to perma-block/allow apps that I want to study.
just for info, ERP is an Anti-executable , which has nothing to do with UAC being an elevation-blocker.