SHvFl Configuration

Last updated
Dec 31, 1969
Windows Edition
Pro
Security updates
Allow security updates
User Access Control
Always notify
Real-time security
Rehips, Emsisoft AM, WFC
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
None
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome, Firefox(as backup)
Maintenance tools
CCleaner, Openvpn
File and Photo backup
Macrium Reflect
System recovery
Macrium Reflect

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Very good config. ReHIPS + Voodoo is interesting. I've tried ReHIPS + Appguard, but they're very similar setups.
Tried appguard but i don't like some of the issues it has and also the slow and unresponsive developers. Rehips gives me a peace of mind with almost 0 maintenance. Appguard has a solid protection but it's not for me.
Only stable thing in my setup it's Rehips. I usually change the companion of Rehips. Atm it's VS but i try other application all the time to see if i like something more. I seem like a stupid Rehips fanboy and i probably am but meh it's been ages since i got excited with an application.
 
H

hjlbx

ReHIPS - properly configured - it will be difficult to persistently infect system - unless the user makes a mistake.

Only downside to ReHIPS is that there is no network protection, but that can be added on-demand - when needed - to a lap top used to connect to public wifi hot spots.

When the lap top is at home - it doesn't need the network protections - unless the user is targeted by a hacker. What's is the chance of that for the vast majority of users ?
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
ReHIPS - properly configured - it will be difficult to persistently infect system - unless the user makes a mistake.

Only downside to ReHIPS is that there is no network protection, but that can be added on-demand - when needed - to a lap top used to connect to public wifi hot spots.

When the lap top is at home - it doesn't need the network protections - unless the user is targeted by a hacker. What's is the chance of that for the vast majority of users ?
Lol if you are targeted by a hacker you might want to go buy a lottery or you are popular and have no clue. In reality most malware are generic and a decent anti-exe/hips will stop them. Being paranoid just makes your life harder. I used to run a millions programs a few years ago but luckily i learned.
Btw why Tinywall instead of WFC. You also got annoyed by the constant updates like i am about to be?
 
H

hjlbx

Lol if you are targeted by a hacker you might want to go buy a lottery or you are popular and have no clue. In reality most malware are generic and a decent anti-exe/hips will stop them. Being paranoid just makes your life harder. I used to run a millions programs a few years ago but luckily i learned.
Btw why Tinywall instead of WFC. You also got annoyed by the constant updates like i am about to be?

WFC annoyed me because of the constant updates. Once I learned how it worked, new features would be added and\or current features would change - so it aggravated me to no end...

For someone who needs a more sophisticated set of firewall rules - for example home LAN, network share, etc - then WFC is probably one of their best options.

I asked alexandru to publish a "Lite" version of WFC - since a lot of the functionality isn't need - but he said "No."

TinyWall is default-deny - so it is perfect for my home lap tops behind a NAT router. Plus, TinyWall adds to protections to Windows Firewall that are badly needed - but not included in the base WFwAS install by M$.

AppGuard, TinyWall, Reboot Restore Rx, Shadow Defender = massive overkill. My setup is for malware testing, but maybe I will have to transition to VMWare for that... it depends on some things.
 
Last edited by a moderator:
D

Deleted member 178

I isolate everything that opens/downloads stuff from the internet. I added a few trusted vendors that i use applications from them so that i have automatic updates. I always use Lockdown mode without the gui. So basically nothing runs that i would not want to run.

we all do like this , that is the best way to use it.

Only downside to ReHIPS is that there is no network protection, but that can be added on-demand - when needed - to a lap top used to connect to public wifi hot spots.

it is not supposed to have one, after all it is not a firewall.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Good questions. So basically i use VS as an "antivirus" taking advantage of the VT engine and also VAi. I set VS in autopilot so i get the less alert possible so i usually don't see VS and get a decent level of extra protection. Keep in mind atm i use no antivirus.
About WFC i basically use it for easy of use to turn the firewall on and off. I have a network lock for my vpn so when the vpn drops nothing works. So sometimes when i want to connect without vpn i have to close the firewall. I could do it with a script but meh WFC it's fine.

Also just edited first post to reflect actual stuff i use atm.
thanks. I like your ideas.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Agreed, the ReHIPS and VooDoo combo is one of the most solid configs available today.
I am playing with dif combos with VooDoo just waiting for ReHIPS to go public.
I have the beta installer for ReHIPS and have used it off and on learning it's settings
and behaviors, can't wait for it's release :)
 
Last edited:
D

Deleted member 178

Agreed, the ReHIPS and VooDoo combo is one of the most solid configs available today.
I am playing with dif combos with VooDoo just waiting for ReHIPS to go public.
I have the beta installer or ReHIPS and have used it off and on learning it's settings
and behaviors, can't wait for it's release :)

i totally agree (because my signature said so ^^) , Appguard is a good substitution to any of them (only on Lockdown Mode however)
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Agreed, the ReHIPS and VooDoo combo is one of the most solid configs available today.
I am playing with dif combos with VooDoo just waiting for ReHIPS to go public.
I have the beta installer for ReHIPS and have used it off and on learning it's settings
and behaviors, can't wait for it's release :)
It is. The only other program i am trying now it's Crystal security. It seems to have potential and the free part of it helps with the VT api. Will test it some more as soon as @Kardo Kristal replies to the question i asked about how a certain part of the program works.
 
H

hjlbx

it is not supposed to have one, after all it is not a firewall.

"Downside" is wrong word; limitation is more appropriate.

I just point out that if someone takes lap top to public wifi hot spot with ReHIPS (or AppGuard for that matter), then they should probably add network protection system - if even only temporarily.

Myself, I would just install the trial of Webroot, EIS - or even COMODO FW - for the time I was using the lap top at a public hot spot.

I'm such a cheapo cheater... LOL. :D
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
"Downside" is wrong word; limitation is more appropriate.

I just point out that if someone takes lap top to public wifi hot spot with ReHIPS (or AppGuard for that matter), then they should probably add network protection system - if even only temporarily.

Myself, I would just install the trial of Webroot, EIS - or even COMODO FW - for the time I was using the lap top at a public hot spot.

I'm such a cheapo cheater... LOL. :D
does webroot give network protection even on windows 10?
it doesn't seem to have an independent firewall on windows 10.
 
H

hjlbx

does webroot give network protection even on windows 10?
it doesn't seem to have an independent firewall on windows 10.

Webroot does have its own firewall, but Webroot firewall does not work like traditional firewall - giving user pop-ups when processes connect to internet.

It will generate notification only under specific circumstances - when untrusted process connects to C&C server. I suspect the C&C server address is in Webroot cloud (WIN) database -- otherwise, Webroot firewall lets everything thru and defers to Windows Firewall.

Webroot is supposedly working on integrating more traditional firewall functionality in W8+. No ETA...
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Removed:Voodooshield
Added:Contemplating what to add
Removed Voodoosheld for now until a few bugs are fixed. I experience blocks even when i disable it so atm it's not reliable for me. Will replace it with something else but didn't figure what that will be. Maybe zemana AM until VS issues are fixed even though i hate the unreliable memory usage and also not aware if pandora is any good .
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Removed:Voodooshield
Added:Contemplating what to add
Removed Voodoosheld for now until a few bugs are fixed. I experience blocks even when i disable it so atm it's not reliable for me. Will replace it with something else but didn't figure what that will be. Maybe zemana AM until VS issues are fixed even though i hate the unreliable memory usage and also not aware if pandora is any good .
take a look at secureaplus. It looks at first like a toy, but it has more under the hood than you would think. You can tweak it out to a pretty high level of protection, for instance by untrusting digital signatures and adding to the command line settings. They have some interesting tricks, not all of which I understand, but it looks like some innovative ideas were implemented.

I am now giving their new version a try, and so far I am pretty happy with it.
It takes a real long time to initially whitelist your system and scan it with multiple cloud engines, and this is good. Because it learns what you have on your PC and doesn't drive you crazy with stupid pop-ups about windows process X, Y and Z.

don't download the offline AV -- it is clam. You don't want it. Use your own AV. Anything but webroot should work with SAP.

EDIT: You can turn off the cloud scanners, if you don't like that kind of a thing, and just use the whitelisting function.
 
Last edited:

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
take a look at secureaplus. It looks at first like a toy, but it has more under the hood than you would think. You can tweak it out to a pretty high level of protection, for instance by untrusting digital signatures and adding to the command line settings. They have some interesting tricks, not all of which I understand, but it looks like some innovative ideas were implemented.

I am now giving their new version a try, and so far I am pretty happy with it.
It takes a real long time to initially whitelist your system and scan it with multiple cloud engines, and this is good. Because it learns what you have on your PC and doesn't drive you crazy with stupid pop-ups about windows process X, Y and Z.

don't download the offline AV -- it is clam. You don't want it. Use your own AV. Anything but webroot should work with SAP.
Thanks. Haven't tested it in a while but i really didn't like it last time i did. Something might have changed though so i will test it. What i want from my companion security software is to offer some protection without many alerts. I want it to decide for me and not annoy me. VS autopilot does a good work with that.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Thanks. Haven't tested it in a while but i really didn't like it last time i did. Something might have changed though so i will test it. What i want from my companion security software is to offer some protection without many alerts. I want it to decide for me and not annoy me. VS autopilot does a good work with that.
I would give SAP a try, and just turn off the cloud scanners, if you don't need them. I find SAP to be pretty quiet and non-annoying.
If you do have the cloud scanners on, it will do a quick background scan when you reboot, and then display a happy dog, if PC is clean. You can disable the happy dog, if it doesn't make you happy.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
I would give SAP a try, and just turn off the cloud scanners, if you don't need them. I find SAP to be pretty quiet and non-annoying.
If you do have the cloud scanners on, it will do a quick background scan when you reboot, and then display a happy dog, if PC is clean. You can disable the happy dog, if it doesn't make you happy.
Cool, will try it and see how that goes. Thanks.
 

SHvFl

Level 35
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
if you do, please share your comments and opinions on the software, I am interested to hear.
So i tested it again today. I really don't like it and here is why
  1. Initial whitelisting takes a year and a half. We are in 2016 and have decent specs this is unacceptable and no reason for it to happen.
  2. They have a vulnerable program list which then doesn't let parent execute a child process. So i have to go there and add the application. A button to not automatically whitelist child from parent would be better
  3. Gui is terrible and confusing. No clear indication of what is happening without clicking 1000 buttons.
  4. You can't see the whitelist. You can just clear things that are no longer on the pc. I really don't understand this and i hope i just missed a button.
Protection was solid as you expect for all whitelisting software but not my kind of application.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top