Latest changes
Oct 5, 2018
Windows Edition
Pro
OS version
1809
System type
64-bit operating system; x64-based processor
Security updates
Automatically allow security and feature updates
Windows UAC
Always notify
Firewall protection
Custom - Provided by a third-party security vendor
Account privileges
Administrator account
Account type
Exposure to malware
Malware samples are downloaded on a Virtual machine
Real-time Malware protection
Appguard, Bitdefender Internet security
Periodic scanners
N/A
Browser and Add-ons
Chrome, Firefox, Edge
Privacy tools and VPN
Ublock origin
Password manager
Lastpass
Search engine
Google
Maintenance tools
N/A
Photos and Files backup
Macrium reflect
File Backup schedule
Once or multiple times per day
Backup and Restore
Macrium reflect
Backup schedule
Once or more per week

SHvFl

Level 35
Verified
Trusted
Content Creator
roflmao, your so awesome my friend :p
Congrats on the AdGuard too brother ;)
Yeah i know. :p:cool:

Have a lifetime license for adguard so i try it often. Hopefully the way i setup adguard this time will be fine and will not have to remove it again. As long as i have a license i try things periodically to see if something changed. Without owning a product i usually don't really test it outside of a vm.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
How do you look at it from security perspective?
It's decent even without any other security software because digital signatures are hard to come by and stolen signatures get removed. But i also have other software that will stop execution long before the uac alert so it doesn't really worry me. It's a convenience compromise with 0 downside for me.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
the reg tweak?
Yeah it's 2 changes but i did them through group policy(you can also do one from registry and the other from uac settings).


 

SHvFl

Level 35
Verified
Trusted
Content Creator
Intrigued which programs you run guarded in AppGuard and which programs are sandboxed by ReHips ;)
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).
 

shmu26

Level 85
Verified
Trusted
Content Creator
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).
Very cool.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank. :p
 
5

509322

Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank. :p

Using WFC learning mode is the method I use whenever testing WFC.

How do you wish to additionally secure Outlook ? What are the specific objectives ?
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Using WFC learning mode is the method I use whenever testing WFC.

How do you wish to additionally secure Outlook ? What are the specific objectives ?
I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.
 
5

509322

I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.

  • Primary risk - Outlook is the incoming application source of unknown\untrusted files
  • Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit

In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.

You'll have to tinker with it.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
  • Primary risk - Outlook is the incoming application source of unknown\untrusted files
  • Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit
In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.

You'll have to tinker with it.
They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.
 
5

509322

They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.

The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
Problem is they hack the weak link and they get everyone's email that they use to spam again and again. I make rules to auto delete the usual spam but still some things slip by obviously. I personally get a lot of spam and phishing emails because they are old accounts and when you get in their list i doubt you ever get out.
 
Top