Latest Changes
Dec 28, 2018
Operating System
  • Windows 10
  • Windows Edition
    Pro
    Version or Build no.
    Windows 10 1809
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Administrator
    Sign-in Accounts
    Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    Windows Defender with ConfigureDefender
    Software Restriction Policy with Hard_Configurator
    RTP - Custom security settings
  • Major changes for Increased security
  • Virus and Malware Removal Tools
    Macrium Reflect does the job just fine...
    Browsers and Extensions
    Chrome
    Edge
    Privacy-focused Apps and Extensions
    uBlock Origin w/added filters, Netcraft
    Password Managers
  • LastPass
  • Web Search
  • Google
  • System Utilities
    Hard_Configurator, SysHardener, BandiZip, PatchCleaner, autoruns
    Data Backup
    Dropbox
    OneDrive
    GoogleDrive
    Frequency of Data backups
    Always-on Sync
    System Backup
    Macrium Reflect, Timeshift (Ubuntu)
    Frequency of System backups
    Regularly

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Current config:
    Emsisoft
    AppGuard at protected level

    I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
    Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
    1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
    2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)

    Do you agree?
     

    SHvFl

    Level 35
    Verified
    Trusted
    Content Creator
    Current config:
    Emsisoft
    AppGuard at protected level

    I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
    Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
    1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
    2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)
    Do you agree?
    Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
    Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
    What's the easiest way to do that?
     

    SHvFl

    Level 35
    Verified
    Trusted
    Content Creator
    Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
    What's the easiest way to do that?
    Remove their write permissions or even read for the whole drive. That should solve normal people issues and if you are also running something decent on those machines you are 100% covered.
     

    Rebsat

    Level 6
    Verified
    How are you doing bro? I need your advice on my combo's configuration, please....
    "Avast Free Antivirus + OSArmor"

    I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
    which does not overwrite or conflict with any of both softwares of the combo.

    Questions
    1. Which of the following Firewalls do you recommend to be added into my combo and why?
    - Comodo Firewall
    - Xvirus Personal Firewall
    - SpyShelter Firewall
    - ZoneAlarm Firewall
    - FortKnox Firewall


    2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


    Any advice is welcome, Thank you for your good assistance bro :)
    Best regards,
    Rebsat.
     
    Last edited:

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    How are you doing bro? I need your advice on my combo's configuration, please....
    "Avast Free Antivirus + OSArmor"

    I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
    which does not overwrite or conflict with any of both softwares of the combo.

    Questions
    1. Which of the following Firewalls do you recommend to be added into my combo and why?
    - Comodo Firewall
    - Xvirus Personal Firewall
    - SpyShelter Firewall
    - ZoneAlarm Firewall
    - FortKnox Firewall


    2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


    Any advice is welcome, Thank you for your good assistance bro :)
    Best regards,
    Rebsat.
    I think the safest choice -- the choice most likely to do the job without causing conflicts -- is Binisoft Windows Firewall Control.
     
    Last edited:

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    1. Which of the following Firewalls do you recommend to be added into my combo and why?
    - Comodo Firewall
    - Xvirus Personal Firewall
    - SpyShelter Firewall
    - ZoneAlarm Firewall
    - FortKnox Firewall
    Right now I am trying out Comodo (just the firewall, everything else disabled) + Windows Defender (at high settings, with exploit guard and protected folders) + OSArmor + Appguard.

    So far, so good. Comodo firewall is light and effective and free and customizable, so if it works without conflict, it's a good choice.
    I noticed that it now automatically disables Windows Firewall. That's a good thing, because you don't need or want 2 firewalls.
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    I have noticed that Windows Defender at high settings is heavy on the system. And other people have told me the same. Not sure exactly which protections are responsible for the lag on the system, but I set PUA Protection and Cloud Check Time back to default, and it seems to help.
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    @Windows_Security I guess this is the place for me to ask you about your configuration for OSArmor, rather than hijacking @Umbra's thread...

    This is the question I had posted over there:
    @Windows_Security, how would you configure OSA so that it will do the same as NVT ERP?
    More specifically, how can you make OSA block signed exe files, like ERP does, but still allow system files etc? Sounds to me like you created some smart blacklist rules?
     
    Last edited:

    ticklemefeet

    Level 22
    Verified
    Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
    1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
    I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
    Yes, locked down mode with extra tweaks is much more secure.
    Tweak number one, in my opinion, is to add c:\*script.exe to user space. It is almost a must.
    This is because Appguard at OOTB (out of the box) settings does not protect windows script host, so this is tweak number 1.
    Powershell is on the guarded apps list, so it won't be able to do much damage even at OOTB settings.
    Granted that Appguard will block the payload that wscript spawns, even at OOTB settings, but it is not wise to let the malware get so far. Nip it in the bud.
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    It happens sometimes that security softs don't behave as expected, and it happens even more often that the user misconfigures them, or misuses them, or forgets that he turned them off, etc.
    So my philosophy is not to put all my faith in one product.
     
    • Like
    Reactions: frogboy and AtlBo

    ticklemefeet

    Level 22
    Verified
    I also did the registry hack to set powershell to constrained language.
    Does the reg hack cover just powershell.exe in sys 32 & 64 folders or does it also cover PowerShell in the syswow 32 & 64 folders too? And does it cover powershell_ise.exe in the sys 32 and syswow folders?
    Thanks
     
    • Like
    Reactions: AtlBo and shmu26

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Does the reg hack cover just powershell.exe in sys 32 & 64 folders or does it also cover PowerShell in the syswow 32 & 64 folders too? And does it cover powershell_ise.exe in the sys 32 and syswow folders?
    Thanks
    First of all, you should disable the old, deprecated version of powershell, you can do this from "turn windows features on or off", in Control Panel/Programs and Features.
    If you do that, the reg hack will cover the remaining powershell processes, especially if you use Standard (Limited) user account. So it is a nice safety net.