Latest Changes
Dec 31, 1969
Operating System
  • Windows Edition
    Pro
    Version or Build no.
    stable
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    3rd-party Firewall app by a trusted vendor
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Sign-in Accounts
    Malware Testing
    I participate by downloading malware samples into an isolated VM environment
    Real-time Web & Malware Protection
    VoodooShield Pro
    Kaspersky Internet Security 2017
    HitmanPro.Alert
    standard user account
    Startup Sentinel
    RTP - Custom security settings
  • Virus and Malware Removal Tools
    HitmanPro, Zemana
    Browsers and Extensions
    Chrome x64 w/appcontainer lockdown

    extensions: uBlock Origin, uBlock Origin extra, HTTPS Everywhere, VTchromizer, Bitdefender TrafficLight, Animation Policy
    Privacy-focused Apps and Extensions
    uBlock Origin
    Password Managers
  • lastpass
  • Web Search
  • F-Secure (google powered)
  • System Utilities
    CCleaner, Zipware
    Data Backup
    Macrium Reflect
    Frequency of Data backups
    Daily
    System Backup
    Macrium Reflect Home
    Frequency of System backups
    Regularly

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Great setup. Thanks for sharing.:)

    I would also restrict the cmd in Kaspersky application control. I have powershell, wscript, csript blocked & cmd in prompt. That is my setup, & it is totally up to you.:);)
    thanks.
    I used to block cmd as well, until I uninstalled adobe acrobat, and the uninstaller ran cmd, so part of the uninstall process was blocked. I think it just left some registry entries, which a registry cleaner got rid of at a later point in time...
     

    shukla44

    Level 11
    thanks.
    I used to block cmd as well, until I uninstalled adobe acrobat, and the uninstaller ran cmd, so part of the uninstall process was blocked. I think it just left some registry entries, which a registry cleaner got rid of at a later point in time...
    I know that so well (also suffered, cmd is needed quite often), so i have set it to prompt, that way i can chose if it wants to run legitimately.

    Do you use interactive or automatic protection mode in Kaspersky?
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    I know that so well (also suffered, cmd is needed quite often), so i have set it to prompt, that way i can chose if it wants to run legitimately.

    Do you use interactive or automatic protection mode in Kaspersky?
    I use automatic.
    how do you set up cmd to prompt and not block?

    on a different note, I am presently experimenting with SecureAPlus instead of Zemana AntiMalware.
    what is your opinion?
    I find SAP actually runs pretty light (after long initial scan is finished)
    and it provides customizable anti-exe protection, as well as a certain degree of sensitive processes protection (such as powershell and cmd.exe), without blocking too many important things along on the way.
     

    shukla44

    Level 11
    I use automatic.
    how do you set up cmd to prompt and not block?

    on a different note, I am presently experimenting with SecureAPlus instead of Zemana AntiMalware.
    what is your opinion?
    I find SAP actually runs pretty light (after long initial scan is finished)
    and it provides customizable anti-exe protection, as well as a certain degree of sensitive processes protection (such as powershell and cmd.exe), without blocking too many important things along on the way.
    To use prompt, One has to enable Interactive Protection otherwise prompt is considered allowed in Automatic protection. And Automatic Protection is the default protection, suffice to say that interactive protection is for advanced users. To enable interactive protection Go to Settings > General > Uncheck 'Perform recommended actions automatically'. Now when you double-click an application rule in Application Control, you will see many tabs, one of them is 'Rights'. Click on the 'Rights' tab then scroll down to the bottom of it, there you will find 'Start'. Click on the green arrow, there you will see many options like allow, prompt for action, block, etc. Now select prompt for action, save the rule & now when you launch that particular application you will be prompted for it's start. All this is meaningless if you have automatic protection.

    On the second thing. I have used SAP for a very little time & then replaced it with Zemana & Malwarebytes, both free. In my opinion, SAP is moderate in every area, at least it was when i tested it. But you should do your own experimenting.
    It all comes down to your browsing habit & your system.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    To use prompt, One has to enable Interactive Protection otherwise prompt is considered allowed in Automatic protection. And Automatic Protection is the default protection, suffice to say that interactive protection is for advanced users. To enable interactive protection Go to Settings > General > Uncheck 'Perform recommended actions automatically'. Now when you double-click an application rule in Application Control, you will see many tabs, one of them is 'Rights'. Click on the 'Rights' tab then scroll down to the bottom of it, there you will find 'Start'. Click on the green arrow, there you will see many options like allow, prompt for action, block, etc. Now select prompt for action, save the rule & now when you launch that particular application you will be prompted for it's start. All this is meaningless if you have automatic protection.

    On the second thing. I have used SAP for a very little time & then replaced it with Zemana & Malwarebytes, both free. In my opinion, SAP is moderate in every area, at least it was when i tested it. But you should do your own experimenting.
    It all comes down to your browsing habit & your system.
    thanks for explanations!
    I did put kaspersky in interactive, and I set cmd for prompt, and indeed it worked.
    but this has the side effect that when I start up chrome, I get prompts. Even if I "trust" app, and I select to remember my choice, it will prompt me again, when I start up chrome again.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    I uninstalled SAP
    now running just KIS+HMPA
    now that I have disabled also cmd.exe in Kaspersky Application Control (in addition to powershell and script interpreters), and I also have UAC at the highest setting, I think I am pretty well protected. It's going to be pretty hard for malware to do its thing.
     

    shukla44

    Level 11
    thanks for explanations!
    I did put kaspersky in interactive, and I set cmd for prompt, and indeed it worked.
    but this has the side effect that when I start up chrome, I get prompts. Even if I "trust" app, and I select to remember my choice, it will prompt me again, when I start up chrome again.
    Good to hear. And for the prompts with chrome, it must be one of the extensions which is causing it. You have to setup exclusion in the trusted applications. This (attached image) is my exclusion list.
    Do you use sticky password? Cause i do & after setting cmd to prompt, i got prompts with chrome too, which was sticky password related so i excluded it & voila, no prompts.
     

    Attachments

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Good to hear. And for the prompts with chrome, it must be one of the extensions which is causing it. You have to setup exclusion in the trusted applications. This (attached image) is my exclusion list.
    Do you use sticky password? Cause i do & after setting cmd to prompt, i got prompts with chrome too, which was sticky password related so i excluded it & voila, no prompts.
    hey, thanks
    the prompt I am getting, turns out it is from a kaspersky plugin, see screenshot.
    what can I do about this plugin?
     

    Attachments

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Understood. It is an Kaspersky 2017 plugin setup. Unfortunately i have kaspersky 2016.

    Are you still getting continuous prompts from chrome?
    If yes, then try adding the exclusion, In the 'Exclusions' tab, just tick 'Do not monitor application activity'. See the attached screenshot for example.
    View attachment 115529
    I ticked that, and also do not monitor child applications, and now things are quiet...
    thanks a million
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

    COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.
     
    H

    hjlbx

    I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

    COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.
    You may like it, but it can be sandbox-(virtualization)-aware and the malicious components will lie-in-wait until you run it outside the sandbox. Rare, but it does happen.

    There is no solution that will protect against such things except manual inspection.

    This is not difficult...
     

    askmark

    Level 12
    Verified
    I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

    COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.
    Although I'm using CCAV and not Firewall I agree, the auto sandox is an awesome feature and works really well.
     

    shmu26

    Level 82
    Verified
    Trusted
    Content Creator
    Although I'm using CCAV and not Firewall I agree, the auto sandox is an awesome feature and works really well.
    there is a significant difference between the sandbox of CCAV and the sandbox of CF/CIS.
    credits to @yigido:
    CIS sandbox is stronger than CCAV sandbox
    Here is the information from CCAV homepage
    "CCAV sandbox is a light weighted sandbox, it does not rely on service or filter drivers. It is implemented purely from user mode hooks. CCAV sandbox does not have COM/Service virtualization which CIS has. Besides, unlike CIS which has one global sandbox instance, different CCAV applications have their own sandbox instance while child process inherits sandbox instance from parent process"
     

    askmark

    Level 12
    Verified
    there is a significant difference between the sandbox of CCAV and the sandbox of CF/CIS.
    credits to @yigido:
    CIS sandbox is stronger than CCAV sandbox
    Here is the information from CCAV homepage
    "CCAV sandbox is a light weighted sandbox, it does not rely on service or filter drivers. It is implemented purely from user mode hooks. CCAV sandbox does not have COM/Service virtualization which CIS has. Besides, unlike CIS which has one global sandbox instance, different CCAV applications have their own sandbox instance while child process inherits sandbox instance from parent process"
    Thanks for pointing this out as I didn't realise there was a difference in the protection each of these sandboxes provides.
    I will now be more cautious when using CCAV sandbox.