Advanced Plus Security Shmu26 Config in 2018

Last updated
Dec 28, 2018
Windows Edition
Pro
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Windows Defender with ConfigureDefender
Software Restriction Policy with Hard_Configurator
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
Macrium Reflect does the job just fine...
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome
Edge
Maintenance tools
Hard_Configurator, SysHardener, BandiZip, PatchCleaner, autoruns
File and Photo backup
Dropbox
OneDrive
GoogleDrive
System recovery
Macrium Reflect, Timeshift (Ubuntu)

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Current config:
Emsisoft
AppGuard at protected level

I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)

Do you agree?
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Current config:
Emsisoft
AppGuard at protected level

I used to run additional softs because I was worried about what noobs might do on the other user accounts on this PC (they are on standard user accounts). But then I realized that I personally have nothing to worry about, because they can only hurt themselves.
Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.
2 Processes running in one user account cannot interact with processes running in another user account. (This is the principle on which ReHIPS is based, if I am not mistaken.)
Do you agree?
Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Assuming others are not admins. they don't have your admin password and their account asks for one for elevation and you don't share storage devices then yeah you are pretty much right. Their actions can't really affect you.
Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
What's the easiest way to do that?
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Thanks. Good points. So I need to prevent certain user accounts from accessing my second hard disk, which has storage.
What's the easiest way to do that?
Remove their write permissions or even read for the whole drive. That should solve normal people issues and if you are also running something decent on those machines you are 100% covered.
 

Rebsat

Level 6
Verified
Well-known
Apr 13, 2014
254
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
How are you doing bro? I need your advice on my combo's configuration, please....
"Avast Free Antivirus + OSArmor"

I am using this combo but I actually don't have a Firewall module in my combo and I want to add a 3rd party Firewall into that combo
which does not overwrite or conflict with any of both softwares of the combo.

Questions
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall


2. Avast Free Antivirus includes a BB which is Behavior Shield. I wonder if that aspect of Avast would be redundant with some aspects of OSArmor or not?


Any advice is welcome, Thank you for your good assistance bro :)
Best regards,
Rebsat.
I think the safest choice -- the choice most likely to do the job without causing conflicts -- is Binisoft Windows Firewall Control.
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
1. Which of the following Firewalls do you recommend to be added into my combo and why?
- Comodo Firewall
- Xvirus Personal Firewall
- SpyShelter Firewall
- ZoneAlarm Firewall
- FortKnox Firewall
Right now I am trying out Comodo (just the firewall, everything else disabled) + Windows Defender (at high settings, with exploit guard and protected folders) + OSArmor + Appguard.

So far, so good. Comodo firewall is light and effective and free and customizable, so if it works without conflict, it's a good choice.
I noticed that it now automatically disables Windows Firewall. That's a good thing, because you don't need or want 2 firewalls.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I have noticed that Windows Defender at high settings is heavy on the system. And other people have told me the same. Not sure exactly which protections are responsible for the lag on the system, but I set PUA Protection and Cloud Check Time back to default, and it seems to help.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@Windows_Security I guess this is the place for me to ask you about your configuration for OSArmor, rather than hijacking @Umbra's thread...

This is the question I had posted over there:
@Windows_Security, how would you configure OSA so that it will do the same as NVT ERP?
More specifically, how can you make OSA block signed exe files, like ERP does, but still allow system files etc? Sounds to me like you created some smart blacklist rules?
 
Last edited:
F

ForgottenSeer 69673

Appguard, even out-of-the-box settings, should prevent any malware activity that could affect a different user account, because:
1 Even if malware is signed, it won't be able to write to system space, because it first executes in user space.

I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I once heard of a person using one of Appguards whitelisted trusted sig for malware to test. That is why I run it locked down mode with extra tweaks to PowerShell ect.
Yes, locked down mode with extra tweaks is much more secure.
Tweak number one, in my opinion, is to add c:\*script.exe to user space. It is almost a must.
This is because Appguard at OOTB (out of the box) settings does not protect windows script host, so this is tweak number 1.
Powershell is on the guarded apps list, so it won't be able to do much damage even at OOTB settings.
Granted that Appguard will block the payload that wscript spawns, even at OOTB settings, but it is not wise to let the malware get so far. Nip it in the bud.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It happens sometimes that security softs don't behave as expected, and it happens even more often that the user misconfigures them, or misuses them, or forgets that he turned them off, etc.
So my philosophy is not to put all my faith in one product.
 
  • Like
Reactions: frogboy and AtlBo
F

ForgottenSeer 69673

I also did the registry hack to set powershell to constrained language.

Does the reg hack cover just powershell.exe in sys 32 & 64 folders or does it also cover PowerShell in the syswow 32 & 64 folders too? And does it cover powershell_ise.exe in the sys 32 and syswow folders?
Thanks
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Does the reg hack cover just powershell.exe in sys 32 & 64 folders or does it also cover PowerShell in the syswow 32 & 64 folders too? And does it cover powershell_ise.exe in the sys 32 and syswow folders?
Thanks
First of all, you should disable the old, deprecated version of powershell, you can do this from "turn windows features on or off", in Control Panel/Programs and Features.
If you do that, the reg hack will cover the remaining powershell processes, especially if you use Standard (Limited) user account. So it is a nice safety net.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top