Latest Changes
Oct 5, 2018
Operating System
Windows 10
Windows Edition
Pro
Build
1809
System Architecture
64-bit OS
Security Updates
Automatic Updates - All security and feature updates
User Access Control
Always Notify
Firewall
3rd-party Firewall - Network security provided by a trusted vendor
Device Security
Windows Defender SmartScreen (Windows 10)
User Account
Administrator - User has complete control over the device
Recent Security Incidents
No malware or privacy issues
Malware Testing
Malware on a secure VM - Full Network and File isolation
Real-time Web & Malware Protection
Appguard, Bitdefender Internet security
Custom Settings For Real-Time Protection
Custom - Minor changes for Increased Security
Virus and Malware Removal Tools
N/A
Browsers and Extensions
Chrome, Firefox, Edge
Web Privacy
Ublock origin
Password Manager
Lastpass
Web Search
Google
System Utilities
N/A
Data Backup
Macrium reflect
Frequency of Data backups
Daily
System Backup
Macrium reflect
Frequency of System backups
Regularly

SHvFl

Level 35
Content Creator
Trusted
Verified
roflmao, your so awesome my friend :p
Congrats on the AdGuard too brother ;)
Yeah i know. :p:cool:

Have a lifetime license for adguard so i try it often. Hopefully the way i setup adguard this time will be fine and will not have to remove it again. As long as i have a license i try things periodically to see if something changed. Without owning a product i usually don't really test it outside of a vm.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
How do you look at it from security perspective?
It's decent even without any other security software because digital signatures are hard to come by and stolen signatures get removed. But i also have other software that will stop execution long before the uac alert so it doesn't really worry me. It's a convenience compromise with 0 downside for me.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
Intrigued which programs you run guarded in AppGuard and which programs are sandboxed by ReHips ;)
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).
 

shmu26

Level 80
Content Creator
Trusted
Verified
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).
Very cool.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank. :p
 
5

509322

Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank. :p
Using WFC learning mode is the method I use whenever testing WFC.

How do you wish to additionally secure Outlook ? What are the specific objectives ?
 

SHvFl

Level 35
Content Creator
Trusted
Verified
Using WFC learning mode is the method I use whenever testing WFC.

How do you wish to additionally secure Outlook ? What are the specific objectives ?
I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.
 
5

509322

I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.
  • Primary risk - Outlook is the incoming application source of unknown\untrusted files
  • Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit

In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.

You'll have to tinker with it.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
  • Primary risk - Outlook is the incoming application source of unknown\untrusted files
  • Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit
In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.

You'll have to tinker with it.
They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.
 
5

509322

They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.
The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
Problem is they hack the weak link and they get everyone's email that they use to spam again and again. I make rules to auto delete the usual spam but still some things slip by obviously. I personally get a lot of spam and phishing emails because they are old accounts and when you get in their list i doubt you ever get out.