Advanced Plus Security SHvFl Configuration V2

Last updated
Oct 5, 2018
Windows Edition
Pro
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Appguard, Bitdefender Internet security
Firewall security
Periodic malware scanners
N/A
Malware sample testing
Browser(s) and extensions
Chrome, Firefox, Edge
Maintenance tools
N/A
File and Photo backup
Macrium reflect
System recovery
Macrium reflect

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
roflmao, your so awesome my friend :p
Congrats on the AdGuard too brother ;)
Yeah i know. :p:cool:

Have a lifetime license for adguard so i try it often. Hopefully the way i setup adguard this time will be fine and will not have to remove it again. As long as i have a license i try things periodically to see if something changed. Without owning a product i usually don't really test it outside of a vm.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
How do you look at it from security perspective?
It's decent even without any other security software because digital signatures are hard to come by and stolen signatures get removed. But i also have other software that will stop execution long before the uac alert so it doesn't really worry me. It's a convenience compromise with 0 downside for me.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
the reg tweak?
Yeah it's 2 changes but i did them through group policy(you can also do one from registry and the other from uac settings).

wPqOkCq.png

weiICbB.png
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Intrigued which programs you run guarded in AppGuard and which programs are sandboxed by ReHips ;)
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Everything that breaks something while isolated like Outlook,skype,potplayer,spotify are guarded(search, spellcheck, hotkeys etc). Everything in default appguard list is also guarded but those already isolated by rehips will not run guarded. Everything else needed to be protected is run isolated(pdf,office,image viewers etc).
Very cool.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank. :p
 
5

509322

Following the pattern of less alerts i changed WFC to learning mode that automatically allows signed software to make rules and displays alerts for unsigned software.
Next step that i am trying to figure out is securing outlook a bit more so i can reduce some more alerting programs with a goal to go near 0 alerts but solid protection for a system that doesn't install new unsigned stuff. Need to lower the budget for all the relatives pc's that i secure before i need to rob a bank. :p

Using WFC learning mode is the method I use whenever testing WFC.

How do you wish to additionally secure Outlook ? What are the specific objectives ?
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Using WFC learning mode is the method I use whenever testing WFC.

How do you wish to additionally secure Outlook ? What are the specific objectives ?
I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.
 
5

509322

I can't isolate outlook with rehips because search all breaks(stupid windows bug) and relatives can't follow simple instructions so i am a bit worried on the systems without appguard that only have WD+rehips+wfc. Honestly i am not paranoid but because i don't know the risk of using outlook not isolated i am looking into options to maybe improve security.

  • Primary risk - Outlook is the incoming application source of unknown\untrusted files
  • Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit

In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.

You'll have to tinker with it.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
  • Primary risk - Outlook is the incoming application source of unknown\untrusted files
  • Secondary risk (like don't even worry about it unless using unpatched Office on unpatched OS) - Outlook exploit
In ReHIPS, configure a non-execution policy for the Outlook download and other folders located in c:\users\<user>; auto-block as opposed to user getting a HIPS alert. Don't forget all the interpreters and stuff like .hta, etc.

You'll have to tinker with it.
They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.
 
5

509322

They can't run anything from anywhere if not digitally signed (few vendors i let them have) or already on the system so i am covered and the interpreters can't run anything either because they are on lockdown mode without gui so they can't even disable anything. System and office is on auto updates so they should be fine from exploits.
Thanks for your help because i was purely guessing.

The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
The easiest solution is for a user to create a complex or unusual local-part of the address (local-part@domain.*) and be stingy about sharing their email address with online sources and accounts. It prevents a huge amount of the spam. I get hit once in a great while by a single pharmacy sales spam bot that sends emails to, apparently, all alphabet character combinations.
Problem is they hack the weak link and they get everyone's email that they use to spam again and again. I make rules to auto delete the usual spam but still some things slip by obviously. I personally get a lot of spam and phishing emails because they are old accounts and when you get in their list i doubt you ever get out.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top