Shmu26's new security config

Last updated
Dec 31, 1969
Windows Edition
Pro
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
VoodooShield Pro
Kaspersky Internet Security 2017
HitmanPro.Alert
standard user account
Startup Sentinel
Firewall security
Periodic malware scanners
HitmanPro, Zemana
Malware sample testing
Browser(s) and extensions
Chrome x64 w/appcontainer lockdown

extensions: uBlock Origin, uBlock Origin extra, HTTPS Everywhere, VTchromizer, Bitdefender TrafficLight, Animation Policy
Maintenance tools
CCleaner, Zipware
File and Photo backup
Macrium Reflect
System recovery
Macrium Reflect Home

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Great setup. Thanks for sharing.:)

I would also restrict the cmd in Kaspersky application control. I have powershell, wscript, csript blocked & cmd in prompt. That is my setup, & it is totally up to you.:);)
thanks.
I used to block cmd as well, until I uninstalled adobe acrobat, and the uninstaller ran cmd, so part of the uninstall process was blocked. I think it just left some registry entries, which a registry cleaner got rid of at a later point in time...
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
thanks.
I used to block cmd as well, until I uninstalled adobe acrobat, and the uninstaller ran cmd, so part of the uninstall process was blocked. I think it just left some registry entries, which a registry cleaner got rid of at a later point in time...

I know that so well (also suffered, cmd is needed quite often), so i have set it to prompt, that way i can chose if it wants to run legitimately.

Do you use interactive or automatic protection mode in Kaspersky?
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I know that so well (also suffered, cmd is needed quite often), so i have set it to prompt, that way i can chose if it wants to run legitimately.

Do you use interactive or automatic protection mode in Kaspersky?
I use automatic.
how do you set up cmd to prompt and not block?

on a different note, I am presently experimenting with SecureAPlus instead of Zemana AntiMalware.
what is your opinion?
I find SAP actually runs pretty light (after long initial scan is finished)
and it provides customizable anti-exe protection, as well as a certain degree of sensitive processes protection (such as powershell and cmd.exe), without blocking too many important things along on the way.
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
I use automatic.
how do you set up cmd to prompt and not block?

on a different note, I am presently experimenting with SecureAPlus instead of Zemana AntiMalware.
what is your opinion?
I find SAP actually runs pretty light (after long initial scan is finished)
and it provides customizable anti-exe protection, as well as a certain degree of sensitive processes protection (such as powershell and cmd.exe), without blocking too many important things along on the way.

To use prompt, One has to enable Interactive Protection otherwise prompt is considered allowed in Automatic protection. And Automatic Protection is the default protection, suffice to say that interactive protection is for advanced users. To enable interactive protection Go to Settings > General > Uncheck 'Perform recommended actions automatically'. Now when you double-click an application rule in Application Control, you will see many tabs, one of them is 'Rights'. Click on the 'Rights' tab then scroll down to the bottom of it, there you will find 'Start'. Click on the green arrow, there you will see many options like allow, prompt for action, block, etc. Now select prompt for action, save the rule & now when you launch that particular application you will be prompted for it's start. All this is meaningless if you have automatic protection.

On the second thing. I have used SAP for a very little time & then replaced it with Zemana & Malwarebytes, both free. In my opinion, SAP is moderate in every area, at least it was when i tested it. But you should do your own experimenting.
It all comes down to your browsing habit & your system.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
To use prompt, One has to enable Interactive Protection otherwise prompt is considered allowed in Automatic protection. And Automatic Protection is the default protection, suffice to say that interactive protection is for advanced users. To enable interactive protection Go to Settings > General > Uncheck 'Perform recommended actions automatically'. Now when you double-click an application rule in Application Control, you will see many tabs, one of them is 'Rights'. Click on the 'Rights' tab then scroll down to the bottom of it, there you will find 'Start'. Click on the green arrow, there you will see many options like allow, prompt for action, block, etc. Now select prompt for action, save the rule & now when you launch that particular application you will be prompted for it's start. All this is meaningless if you have automatic protection.

On the second thing. I have used SAP for a very little time & then replaced it with Zemana & Malwarebytes, both free. In my opinion, SAP is moderate in every area, at least it was when i tested it. But you should do your own experimenting.
It all comes down to your browsing habit & your system.
thanks for explanations!
I did put kaspersky in interactive, and I set cmd for prompt, and indeed it worked.
but this has the side effect that when I start up chrome, I get prompts. Even if I "trust" app, and I select to remember my choice, it will prompt me again, when I start up chrome again.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I uninstalled SAP
now running just KIS+HMPA
now that I have disabled also cmd.exe in Kaspersky Application Control (in addition to powershell and script interpreters), and I also have UAC at the highest setting, I think I am pretty well protected. It's going to be pretty hard for malware to do its thing.
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
thanks for explanations!
I did put kaspersky in interactive, and I set cmd for prompt, and indeed it worked.
but this has the side effect that when I start up chrome, I get prompts. Even if I "trust" app, and I select to remember my choice, it will prompt me again, when I start up chrome again.

Good to hear. And for the prompts with chrome, it must be one of the extensions which is causing it. You have to setup exclusion in the trusted applications. This (attached image) is my exclusion list.
Do you use sticky password? Cause i do & after setting cmd to prompt, i got prompts with chrome too, which was sticky password related so i excluded it & voila, no prompts.
 

Attachments

  • ScreenShot00491.jpg
    ScreenShot00491.jpg
    215.7 KB · Views: 319

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Good to hear. And for the prompts with chrome, it must be one of the extensions which is causing it. You have to setup exclusion in the trusted applications. This (attached image) is my exclusion list.
Do you use sticky password? Cause i do & after setting cmd to prompt, i got prompts with chrome too, which was sticky password related so i excluded it & voila, no prompts.
hey, thanks
the prompt I am getting, turns out it is from a kaspersky plugin, see screenshot.
what can I do about this plugin?
 

Attachments

  • Capture.PNG
    Capture.PNG
    6.3 KB · Views: 331

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
hey, thanks
the prompt I am getting, turns out it is from a kaspersky plugin, see screenshot.
what can I do about this plugin?
I have chrome & kaspersky but i don't have this extension.

I can't tell anything from this. Please double-click it and then post the application info dialogue screenshot.
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Understood. It is an Kaspersky 2017 plugin setup. Unfortunately i have kaspersky 2016.

Are you still getting continuous prompts from chrome?
If yes, then try adding the exclusion, In the 'Exclusions' tab, just tick 'Do not monitor application activity'. See the attached screenshot for example.
ScreenShot00492.jpg
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Understood. It is an Kaspersky 2017 plugin setup. Unfortunately i have kaspersky 2016.

Are you still getting continuous prompts from chrome?
If yes, then try adding the exclusion, In the 'Exclusions' tab, just tick 'Do not monitor application activity'. See the attached screenshot for example.
View attachment 115529
I ticked that, and also do not monitor child applications, and now things are quiet...
thanks a million
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.
 
H

hjlbx

I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.

You may like it, but it can be sandbox-(virtualization)-aware and the malicious components will lie-in-wait until you run it outside the sandbox. Rare, but it does happen.

There is no solution that will protect against such things except manual inspection.

This is not difficult...
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
I switched to COMODO Firewall, with auto-sandbox enabled globally (proactive configuration), and browsers running sandboxed.

COMODO has its quirks, but the auto-sandbox function is great. It saves you all those agonizing decisions about whether you trust the file or not. You just run your file, and it gets sandboxed. If you like it, you can take it out of sandbox later.

Although I'm using CCAV and not Firewall I agree, the auto sandox is an awesome feature and works really well.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
it can be sandbox-(virtualization)-aware and the malicious components will lie-in-wait until you run it outside the sandbox.
right, but once you already ran your file in sandbox, and you are not under the impulse of the moment anymore, you can evaluate the file at your leisure.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Although I'm using CCAV and not Firewall I agree, the auto sandox is an awesome feature and works really well.
there is a significant difference between the sandbox of CCAV and the sandbox of CF/CIS.
credits to @yigido:
CIS sandbox is stronger than CCAV sandbox
Here is the information from CCAV homepage
"CCAV sandbox is a light weighted sandbox, it does not rely on service or filter drivers. It is implemented purely from user mode hooks. CCAV sandbox does not have COM/Service virtualization which CIS has. Besides, unlike CIS which has one global sandbox instance, different CCAV applications have their own sandbox instance while child process inherits sandbox instance from parent process"
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
there is a significant difference between the sandbox of CCAV and the sandbox of CF/CIS.
credits to @yigido:
CIS sandbox is stronger than CCAV sandbox
Here is the information from CCAV homepage
"CCAV sandbox is a light weighted sandbox, it does not rely on service or filter drivers. It is implemented purely from user mode hooks. CCAV sandbox does not have COM/Service virtualization which CIS has. Besides, unlike CIS which has one global sandbox instance, different CCAV applications have their own sandbox instance while child process inherits sandbox instance from parent process"
Thanks for pointing this out as I didn't realise there was a difference in the protection each of these sandboxes provides.
I will now be more cautious when using CCAV sandbox.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top