HMPA can't stop bugging people's computers
Shmu26 Config in 2018
- Thread starter shmu26
- Start date
- Jul 3, 2015
- 8,153
Current config:
Emsisoft
AppGuard at protected level
I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)
Do you agree?
Emsisoft
AppGuard at protected level
I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)
Do you agree?
- Nov 19, 2014
- 2,350
Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
Your config is similar to my productivity machine, i just have ReHIPS on top because:
1- i love it.
2- i'm so used to sandboxes, i can't live without them.
3- for beta testing sake.
- Jul 3, 2015
- 8,153
Your config is similar to my productivity machine, i just have ReHIPS on top because:
1- i love it.
2- i'm so used to sandboxes, i can't live without them.
3- for beta testing sake.
I have ReHIPS on a different system, which I can keep the noobs away from.
- Jul 3, 2015
- 8,153
Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
What's the easiest way to do that?
- Nov 19, 2014
- 2,350
Remove their write permissions or even read for the whole drive. That should solve normal people issues and if you are also running something decent on those machines you are 100% covered.
Yes set the permissions, put UAC at max and your are good.
- Apr 13, 2014
- 254
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"
I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.
Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall
2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?
Any advice is welcome, Thank you for your good assistance bro
Best regards,
Rebsat.
"Avast Free Antivirus + OSArmor"
I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.
Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall
2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?
Any advice is welcome, Thank you for your good assistance bro
Best regards,
Rebsat.
Last edited:
- Jul 3, 2015
- 8,153
I think the safest choice -- the choice most likely to do the job without causing conflicts -- is Binisoft Windows Firewall Control.How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"
I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.
Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall
2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?
Any advice is welcome, Thank you for your good assistance bro
Best regards,
Rebsat.
Last edited:
- Jul 3, 2015
- 8,153
Right now I am trying out Comodo (just the firewall, everything else disabled) + Windows Defender (at high settings, with exploit guard and protected folders) + OSArmor + Appguard.
So far, so good. Comodo firewall is light and effective and free and customizable, so if it works without conflict, it's a good choice.
I noticed that it now automatically disables Windows Firewall. That's a good thing, because you don't need or want 2 firewalls.
- Jul 3, 2015
- 8,153
I have noticed that Windows Defender at high settings is heavy on the system. And other people have told me the same. Not sure exactly which protections are responsible for the lag on the system, but I set PUA Protection and Cloud Check Time back to default, and it seems to help.
- Jul 3, 2015
- 8,153
@Windows_Security I guess this is the place for me to ask you about your configuration for OSArmor, rather than hijacking @Umbra's thread...
This is the question I had posted over there:
@Windows_Security, how would you configure OSA so that it will do the same as NVT ERP?
More specifically, how can you make OSA block signed exe files, like ERP does, but still allow system files etc? Sounds to me like you created some smart blacklist rules?
This is the question I had posted over there:
@Windows_Security, how would you configure OSA so that it will do the same as NVT ERP?
More specifically, how can you make OSA block signed exe files, like ERP does, but still allow system files etc? Sounds to me like you created some smart blacklist rules?
Last edited:
- Jan 6, 2017
- 835
- Jul 3, 2015
- 8,153
Yes, OSA is designed to accompany your AV. It is not an AV and is not a replacement for an AV.
I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
- Jul 3, 2015
- 8,153
Yes, locked down mode with extra tweaks is much more secure.
Tweak number one, in my opinion, is to add c:\*script.exe to user space. It is almost a must.
This is because Appguard at OOTB (out of the box) settings does not protect windows script host, so this is tweak number 1.
Powershell is on the guarded apps list, so it won't be able to do much damage even at OOTB settings.
Granted that Appguard will block the payload that wscript spawns, even at OOTB settings, but it is not wise to let the malware get so far. Nip it in the bud.
- Jul 3, 2015
- 8,153
It happens sometimes that security softs don't behave as expected, and it happens even more often that the user misconfigures them, or misuses them, or forgets that he turned them off, etc.
So my philosophy is not to put all my faith in one product.
So my philosophy is not to put all my faith in one product.
Does the reg hack cover just powershell.exe in sys 32 & 64 folders or does it also cover PowerShell in the syswow 32 & 64 folders too? And does it cover powershell_ise.exe in the sys 32 and syswow folders?
Thanks
- Jul 3, 2015
- 8,153
First of all, you should disable the old, deprecated version of powershell, you can do this from "turn windows features on or off", in Control Panel/Programs and Features.
If you do that, the reg hack will cover the remaining powershell processes, especially if you use Standard (Limited) user account. So it is a nice safety net.
Similar threads
