Latest changes
Dec 28, 2018
Windows Edition
Pro
OS build or version
Windows 10 1809
System type
64-bit operating system; x64-based processor
Update and Security
Allow all automatic updates
User Access Control
Always notify
Firewall and Network protection
Microsoft Defender Firewall is active
User permissions
Administrator account
User account
Malware exposure
No malware samples are downloaded
Real-time Malware protection
Windows Defender with ConfigureDefender
Software Restriction Policy with Hard_Configurator
Periodic scanners
Macrium Reflect does the job just fine...
Browser and Extensions
Chrome
Edge
Privacy tools and VPN
uBlock Origin w/added filters, Netcraft
Password manager
LastPass
Search engine
Google
Maintenance tools
Hard_Configurator, SysHardener, BandiZip, PatchCleaner, autoruns
Photos and Files backup
Dropbox
OneDrive
GoogleDrive
File Backup schedule
Automatically sync to the cloud
Backup and Restore
Macrium Reflect, Timeshift (Ubuntu)
Backup schedule
Once or more per week

shmu26

Level 85
Verified
Trusted
Content Creator
Current config:
Emsisoft
AppGuard at protected level

I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)

Do you agree?
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Current config:
Emsisoft
AppGuard at protected level

I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)
Do you agree?
Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
What's the easiest way to do that?
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
What's the easiest way to do that?
Remove their write permissions or even read for the whole drive. That should solve normal people issues and if you are also running something decent on those machines you are 100% covered.
 

Rebsat

Level 6
Verified
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
I think the safest choice -- the choice most likely to do the job without causing conflicts -- is Binisoft Windows Firewall Control.
 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall
Right now I am trying out Comodo (just the firewall, everything else disabled) + Windows Defender (at high settings, with exploit guard and protected folders) + OSArmor + Appguard.

So far, so good. Comodo firewall is light and effective and free and customizable, so if it works without conflict, it's a good choice.
I noticed that it now automatically disables Windows Firewall. That's a good thing, because you don't need or want 2 firewalls.
 

shmu26

Level 85
Verified
Trusted
Content Creator
I have noticed that Windows Defender at high settings is heavy on the system. And other people have told me the same. Not sure exactly which protections are responsible for the lag on the system, but I set PUA Protection and Cloud Check Time back to default, and it seems to help.
 

shmu26

Level 85
Verified
Trusted
Content Creator
@Windows_Security I guess this is the place for me to ask you about your configuration for OSArmor, rather than hijacking @Umbra's thread...

This is the question I had posted over there:
@Windows_Security, how would you configure OSA so that it will do the same as NVT ERP?
More specifically, how can you make OSA block signed exe files, like ERP does, but still allow system files etc? Sounds to me like you created some smart blacklist rules?
 
Last edited:

ticklemefeet

Level 23
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
 

shmu26

Level 85
Verified
Trusted
Content Creator
I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
Yes, locked down mode with extra tweaks is much more secure.
Tweak number one, in my opinion, is to add c:\*script.exe to user space. It is almost a must.
This is because Appguard at OOTB (out of the box) settings does not protect windows script host, so this is tweak number 1.
Powershell is on the guarded apps list, so it won't be able to do much damage even at OOTB settings.
Granted that Appguard will block the payload that wscript spawns, even at OOTB settings, but it is not wise to let the malware get so far. Nip it in the bud.
 

shmu26

Level 85
Verified
Trusted
Content Creator
It happens sometimes that security softs don't behave as expected, and it happens even more often that the user misconfigures them, or misuses them, or forgets that he turned them off, etc.
So my philosophy is not to put all my faith in one product.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Does the reg hack cover just powershell.exe in sys 32 & 64 folders or does it also cover PowerShell in the syswow 32 & 64 folders too? And does it cover powershell_ise.exe in the sys 32 and syswow folders?
Thanks
First of all, you should disable the old, deprecated version of powershell, you can do this from "turn windows features on or off", in Control Panel/Programs and Features.
If you do that, the reg hack will cover the remaining powershell processes, especially if you use Standard (Limited) user account. So it is a nice safety net.
 
Top