- Aug 2, 2015
- 4,286
SHvFl Configuration V2
- Thread starter SHvFl
- Start date
- Nov 19, 2014
- 2,350
Yeah i know.roflmao, your so awesome my friend
Congrats on the AdGuard too brother
Have a lifetime license for adguard so i try it often. Hopefully the way i setup adguard this time will be fine and will not have to remove it again. As long as i have a license i try things periodically to see if something changed. Without owning a product i usually don't really test it outside of a vm.
- Nov 19, 2014
- 2,350
Fell into @Windows_Security trap and i auto allow signed executables and block all unsigned executables from uac.
How do you look at it from security perspective?
- Nov 19, 2014
- 2,350
It's decent even without any other security software because digital signatures are hard to come by and stolen signatures get removed. But i also have other software that will stop execution long before the uac alert so it doesn't really worry me. It's a convenience compromise with 0 downside for me.
- Nov 19, 2014
- 2,350
Yeah it's 2 changes but i did them through group policy(you can also do one from registry and the other from uac settings).
- Mar 13, 2016
- 1,298
Intrigued which programs you run guarded in AppGuard and which programs are sandboxed by ReHips
- Nov 19, 2014
- 2,350
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).Intrigued which programs you run guarded in AppGuard and which programs are sandboxed by ReHips
- Jul 3, 2015
- 8,153
- Nov 19, 2014
- 2,350
Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank.
Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank.
Using WFC learning mode is the method I use whenever testing WFC.
How do you wish to additionally secure Outlook ? What are the specific objectives ?
- Nov 19, 2014
- 2,350
I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.
- Primary risk - Outlook is the incoming application source of unknown\untrusted files
- Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit
In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.
You'll have to tinker with it.
- Nov 19, 2014
- 2,350
They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.
- Aug 28, 2015
- 801
- Nov 19, 2014
- 2,350
- Aug 28, 2015
- 801
The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
- Nov 19, 2014
- 2,350
Problem is they hack the weak link and they get everyone's email that they use to spam again and again. I make rules to auto delete the usual spam but still some things slip by obviously. I personally get a lot of spam and phishing emails because they are old accounts and when you get in their list i doubt you ever get out.
Similar threads
