Sig-Free And Where To Start

[AtlBo]

But the problem for user like me is that I won't be able to differentiate between good and malicious process. Might end up allowing everything.

ERP is good for command-line script monitoring (whitelisting) and for the ability to easily out and out block a process. Your dilemma is understandable, especially if you install a large amount of software.

 

[shmu26]

But the problem for user like me is that I won't be able to differentiate between good and malicious process. Might end up allowing everything.

When in doubt, just check it on Virus Total.
If it has a valid digital sig from the vendor you expected, IMO you don't even need to check any further.

By the way, as a general comment, NVT ERP is amazingly conflict-free.
HMPA, by contrast, has a history of software and hardware conflicts.

 

[_CyberGhosT_]

By the way, as a general comment, NVT ERP is amazingly conflict-free.
HMPA, by contrast, has a history of software and hardware conflicts.

It's posted up there, post your settings for NVT for those that decide they like that better ?
Thanks shmu26

 

[shmu26]

It's posted up there, post your settings for NVT for those that decide they like that better ?
Thanks shmu26

Thanks to you for the great thread.
NVT ERP is an oldie but goodie, I am not actually using it in my present config, but when I do, I like the default settings. I am talking here about the default settings of the 2015 free beta version.
But sometimes rundll32 produces too many prompts, so I delete it from the vulnerable processes list, to gain some peace of mind, if I have other security apps to cover me.
@Umbra will surely hold me in utter disdain for such a boorish approach...

 

[frogboy]

This is a great thread you got going @_CyberGhosT_ good work Buddy.

 

[_CyberGhosT_]

This is a great thread you got going @_CyberGhosT_ good work Buddy.

No problem my Aussie brother.