Shmu26's new security config

Last updated
Dec 31, 1969
Windows Edition
Pro
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
VoodooShield Pro
Kaspersky Internet Security 2017
HitmanPro.Alert
standard user account
Startup Sentinel
Firewall security
Periodic malware scanners
HitmanPro, Zemana
Malware sample testing
Browser(s) and extensions
Chrome x64 w/appcontainer lockdown

extensions: uBlock Origin, uBlock Origin extra, HTTPS Everywhere, VTchromizer, Bitdefender TrafficLight, Animation Policy
Maintenance tools
CCleaner, Zipware
File and Photo backup
Macrium Reflect
System recovery
Macrium Reflect Home

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I got my setup narrowed down to 1 app.
first of all, I renamed powershell.exe and powershell_ise.exe, by adding ".old" to the name, so they can't execute.
and I disabled windows script host, so java script can't run. (hope I don't discover I have a program or process that needs it)
The above should protect the most abusable Windows processes.

Then I installed Kaspersky 2016, disabled "trust digitally signed applications", and set apps that start before Kaspersky to high restricted.
Then I enabled Trusted Applications Mode.
I think that should do it.
Your suggestions are welcome.
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Then I installed Kaspersky 2016, disabled "trust digitally signed applications", and set apps that start before Kaspersky to high restricted.
Then I enabled Trusted Applications Mode.
I think that should do it.
Your suggestions are welcome.
Have you considered upgrading to Kaspersky 2017? 2016 is excellent but I have found 2017 to be even better
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Kaspersky TAM started to bother me, because the trust levels for certain processes keep shifting around as if they have a mind of their own.
So I went back to SecureAPlus.
(VoodooShield would be nice but it is still too buggy for me).
there is a SAP thread at Wilderssecurity
SecureAPlus Freemium
where a tech rep from the company, named Hendy, provides support. He is good.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I feel pretty secure with NVT ERP and HMP.A. It is hard for malware to get past them.
I have Avast free in passive mode (it updates but does not provide active protection), when I want to run unknown executables, I can turn it on for extra protection.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I swapped out NVT ERP, and went for ReHIPS. It handles command lines better, so you get less popups and headaches.
But before I uninstalled ERP, I copied my vulnerable processes list, and applied it to ReHIPS. So I have the best of both.
I took my productivity apps out of ReHIPS isolation, so I can work unhindered.
so now it's WD + ReHIPS w/o isolation + HMP.A.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
I swapped out NVT ERP, and went for ReHIPS. It handles command lines better, so you get less popups and headaches.
But before I uninstalled ERP, I copied my vulnerable processes list, and applied it to ReHIPS. So I have the best of both.
I took my productivity apps out of ReHIPS isolation, so I can work unhindered.
so now it's WD + ReHIPS w/o isolation + HMP.A.
Make sure you didn't just delete your productivity apps from rehips isolation because when rehips detects changes in installed program and registry it will install the rules again. You need to change the rules from allow isolated to allow and then rehips will not overwrite them.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Make sure you didn't just delete your productivity apps from rehips isolation because when rehips detects changes in installed program and registry it will install the rules again. You need to change the rules from allow isolated to allow and then rehips will not overwrite them.
I did it the wrong way the first time, now I did it your way.
 

harman

Level 1
Verified
Aug 31, 2016
17
did it, just to calm me down in those paranoid moments.

Webroot is indeed very light on system and offers very protection too... but i had to uninstall it because sometimes its right click/context menu scan wouldn't work... I mean you right click on the folder and hit scan ... and nothing happens. Tried searching for a solution but didn't find one. Did you ever encounter such problem?
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Webroot is indeed very light on system and offers very protection too... but i had to uninstall it because sometimes its right click/context menu scan wouldn't work... I mean you right click on the folder and hit scan ... and nothing happens. Tried searching for a solution but didn't find one. Did you ever encounter such problem?
when I was using it, I didn't run manual scans very often at all. It did plenty of scans on its own...
you could ask on their forum, if they know a fix, they won't hide it from you
 

harman

Level 1
Verified
Aug 31, 2016
17
when I was using it, I didn't run manual scans very often at all. It did plenty of scans on its own...
you could ask on their forum, if they know a fix, they won't hide it from you

I actually wanted to scan some known infected files stored in a folder on different partition to check whether Webroot detects those malwares. That's when I came to know about the right click scan not working problem. when I googled about it there were lots of similar complaints about this problem in webroot. Didn't ask in their forum though, because it seems like a bug and they only suggested a clean reinstall with deletion of a certain folder in program data. I did that and it solved the problem but only temporarily. Didn't want to experiment any further so installed AVG. Anyways happy with the latest AVG now (never thought such a time would come when i'd say good things about AVG) :D
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I actually wanted to scan some known infected files stored in a folder on different partition to check whether Webroot detects those malwares. That's when I came to know about the right click scan not working problem. when I googled about it there were lots of similar complaints about this problem in webroot. Didn't ask in their forum though, because it seems like a bug and they only suggested a clean reinstall with deletion of a certain folder in program data. I did that and it solved the problem but only temporarily. Didn't want to experiment any further so installed AVG. Anyways happy with the latest AVG now (never thought such a time would come when i'd say good things about AVG) :D
no program without a bug. you just have to find the bugs that bug you the least...
I personally don't use webroot right now, I went more in the direction of anti-executables.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I have tried them all, again and again: NVT ERP, Voodoo, ReHIPS.
They always end up blocking something I want to run, like a chrome update or a windows process or a print job.
Makes me nervous to have to keep an eye all the time on what is being blocked, and give it the right rules.
So I went back to traditional solutions.
Kaspersky+ZAM+HMPA.
I also have blocked the various processes of powershell and wscript and cscript , by means of Kaspersky Application Control.
My system runs smooth, feels pretty light. I am willing to pay that extra couple seconds at bootup.
I think it's a good balance for me between security and sanity.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top