Danger SomeRandomCat Security Configuration 2021

Last updated
Jan 31, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Check for updates and Notify
User Access Control
Never notify (disabled)
Smart App Control
Network firewall
N/A
Real-time security
Comodo - Firewall/Auto-Containment/HIPS - Most options enabled + Safe mode for Firewall/HIPS
-Application Vendor Rating disabled

Kaspersky Total Security - Security Network Cloud / AV (Or Cloud Security Free has same options that I use)

WiseVector (Coded to work along-side Kaspersky AV)

HitmanPro.Alert (Anti-Malware real-time protection disabled) All exploit protection enabled
Firewall security
About custom security
Many Microsoft services disabled using:
- Win 10 Tweaker (All options besides Windows update service, and Security center service)
-Device Security: Core Isolation Memory integrity on, and Exploit protection on.

Temp files ran in RAM via ImDisk.

Manual MS Updates as deemed worthy (Using WuMgr). There have been instances in the past where MS updates actually brought on telemetry leaks, so I like to educate myself on each update before applying it.

VeraCrypt - System Encryption. Open source and technically audited/patched twice (Fork of TrueCrypt). I trust this much more than Bitlocker.

Notes:
-This is a personal statement, but I personally have a good amount of faith in Jetico, and am a fan of their Volume Encryption, especially since it works with TPM, but I am waiting for their release that includes the ability to double up on utilizing SSD hardware encryption + software encryption overlay before I purchase a license. SSD encryption has a history of having backdoors/security leaks, but since new versions have been 'patched' and it adds 0% bottleneck, using it underneath the software encryption just makes sense. Worse case the software encryption would still be effective, and best case it provides a second layer of encryption at no cost.

-When Comodo gets around to patching the disappearing rules bug, I will go back to explicitly configuring HIPS/Firewall rules to allow all safe/trusted applications to only be allowed to access exactly what they need to. My perceived benefit of fine-tuning every process so tightly would be that if any type of exploit were to somehow leak though, it would theoretically have a much harder time doing anything afterwards.
Right now I have it basically allow or deny using 'low alert' and 'safe mode'.
Periodic malware scanners
Kaspersky Total Security (Or Cloud Security Free)
WiseVector
HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Brave + uBlock Origin Extension. Brave 'Shields' set to aggressive/strict blocking with no issues on any sites I frequent.
Secure DNS
Pushed DNS from Torguard
Desktop VPN
TorGuard - Killswitch/Forced VPN
Password manager
Manual.
Maintenance tools
BCWIpe:
- Free Space management (Wipe Free Space in Less Time with BCWipe 6.0 from Jetico | Jetico)
-Transparent Wiping (Transparent Wiping overview) Outstanding features by Jetico. I'm a big fan.

Total Uninstall Pro - On every new application install. I manually browse through the installation report and remove (and exclude from future scans) any entries related to security software. Once I got in the habit of this, it became second nature. Big fan of this software as well.

Macrium Reflect:- After fresh Windows install I imaged the system partition. I repeated this process after installing all drivers, again after running Blackbird/Win 10 Twaker, again after installing all utility software (Such as 7Zip, iCue, Notepad++, etc), and again after installing security software. This allows me to easily revert back or between any of these images rapidly as I please.

Notes:
In the past I have used Shadow Defender, I am a big fan of that software as well and have a license for it, but choose not to use it for the time being, because I am too lazy to enter all the registry exceptions required to allow Kaspersky and Comodo to update without my intervention. Instead I use Reflect in the manner I described above and find it suits my tastes a bit better.
File and Photo backup
External HD for backups or important documents.
System recovery
Macrium Reflect (See maintenance section for more details).
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Browsing to unknown / untrusted / shady sites
    • Sharing and receiving files and torrents
    • Working from home
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
Z170-Deluxe, 32 GB RAM, 1TB SSD EVO x 2, GTX 1070 ROG, i7-6700 4.0GHz +15% OC + Externals and Flash drives.
Notable changes
1.Added note: "Or Cloud Security Free"
2.Added details on Sandboxie, Brave, Windows Update GUI, Reflect, and 3.Comodo configuration that I left out the first time around.
4.Device Security: Core Isolation Memory integrity on, and Exploit protection on.
5. Disabled Comodo application vendor rating.
6. Stopped using Sandboxie, started using HitmanPro.Alert, and stopped using Blackbird (Blackbird is great, but I have a few small issues with it and the developer seems a bit MIA).
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
"Staff notes This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products."

Everything works great together. Why is my setup listed as 'Security Danger'?
 

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
"Staff notes This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products."

Everything works great together. Why is my setup listed as 'Security Danger'?
Comodo - Firewall/Auto-Containment/HIPS all on max settings
Kaspersky Total Security - Security Network Cloud / AV
WiseVector
Every possible Microsoft service disabled


Probably due to this, it will problaby cause conflicts and disabling too many services can cause your system to become unstable, other than that, good config.
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
WiseVector works very well along-side Kaspersky AV, as discussed in the WV thread.
Comodo Firewall/HIPS/Containment works well along-side any AV I have come across.
The only components I'm using out of KTS are the ones listed.
When I say 'every possible', I mean every one that my day-to-day activities don't require. Even running all Blackbird/W10T options results in a stable system.
Sandboxie works on a different system level than Comodo sandbox.
All Sandboxie/KTS/WiseVector components are trusted in Comodo HIPS.
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
Neither Comodo containment nor Sandboxie rely on WIndows Sandbox, though. The third party software I listed is certainly much stronger than UAC, and much more configurable too. Enabling UAC would only result in twice the alerts, with no security benefit.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,730
@SomeRandomCat:

Enable UAC, at least, at default settings.

About Real-Time protection, this is overkill... You may keep WVSX for on demand scans, and probably Comodo is not necessary...

In Browsers, are You using some ads filtering add-on or just integrated Brave one?

Thanks for sharing :)
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
I don't see the point in enabling UAC. What could it provide that Comodo HIPS doesn't do better?
I don't use Comodo AV, only Firewall/HIPS/Auto-Containment

The integrated filtering in Brave is actually seemingly effective, but I also use uBlock - looks like I forgot to list that.
 
F

ForgottenSeer 85179

Why is my setup listed as 'Security Danger'?
Many reasons:
Security updates: Manual - check for updates, but do not install
Windows UAC: Disabled - never notify
Network firewall :None
Every possible Microsoft service: disabled
Manual MS Updates as deemed worthy

Also, as you use Windows Pro you can use Bitlocker instead of faulty VeraCrypt.
And Windows Hello login is more secure as your "Password (Aa-Zz, 0-9, Symbols)" because of connected data with your PC.
 

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
What is wrong with manual updates? I am notified when one is available and based on the update I install if it provides a security patch.
Why would I enable UAC when I use Comodo HIPS? Why double up on prompts?
The way Network firewall is used in the template it refers to hardware firewalls such as routers, which I don't need since I tether my internet.
If anything, disabling Microsoft 'features' adds security.

Why is VeraCrypt faulty? It was audited and issues were patched. It is open source and more trust worthy than mystery code which most likely has a backdoor. If you have evidence that VC is actually faulty, then I would like to read it. To think that Bitlocker doesn't have a backdoor is a bit naive to me.

"because of connected data with your PC" What do you mean by this? How would it provide more security than a very long password?
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,414
WiseVector works very well along-side Kaspersky AV, as discussed in the WV thread.
Comodo Firewall/HIPS/Containment works well along-side any AV I have come across.
The only components I'm using out of KTS are the ones listed.
When I say 'every possible', I mean every one that my day-to-day activities don't require. Even running all Blackbird/W10T options results in a stable system.
Sandboxie works on a different system level than Comodo sandbox.
All Sandboxie/KTS/WiseVector components are trusted in Comodo HIPS.

Please tell me why using paid version KTS as you keep to enabled only "Security Network Cloud / AV"
Kaspersky Security Cloud Free offers the same components you enabled to use on your device, or I may misunderstood wrong on your settings?
 

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
709
What is wrong with manual updates? I am notified when one is available and based on the update I install if it provides a security patch.
Why would I enable UAC when I use Comodo HIPS? Why double up on prompts?
The way Network firewall is used in the template it refers to hardware firewalls such as routers, which I don't need since I tether my internet.
If anything, disabling Microsoft 'features' adds security.

Why is VeraCrypt faulty? It was audited and issues were patched. It is open source and more trust worthy than mystery code which most likely has a backdoor. If you have evidence that VC is actually faulty, then I would like to read it. To think that Bitlocker doesn't have a backdoor is a bit naive to me.

"because of connected data with your PC" What do you mean by this? How would it provide more security than a very long password?
Bitlocker: I've never heard anyone using bitlocker's backdoor. I'm pretty sure only one case would be enough for Microsoft to lose it's reputation.
Veracrypt was audited 5 years ago? Maybe I'm wrong but couldn't find fresh audit.

I have no problem with unorthodox solutions but disabling services can cause serious issues.
 
Last edited:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,048
I would suggest

1) Use Comodo with its max settings for the SB/FW/HIPS with Kaspersky Security Cloud AV free

or

2) Use KTS with its AV/FW/HIPS and Sandboxie Plus

WiseVector StopX can be used with either set up or ignored.

As for the Windows settings as long as they don't slow/break the system in any way that should be fine. That's the purpose of Blackbird, Win 10 Tweaker and similar products but have to use with caution
 
Last edited:

SomeRandomCat

Level 3
Thread author
Well-known
Dec 23, 2020
124
@HarborFront , so basically you recommend against running Sandboxie along-side Comodo SB/HIPS? I was concerned at first, but if setup properly they actually play nicely together. I like Sandboxie for my browser, because I can configure the sandbox to run off my Ramdisk, where as I can't do that with Comodo.

Edit: As far as I can tell, there isn't really any difference between KSC and KTS, and even the free versions both install all the modules, so it is still a matter of disabling everything besides the AV.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,048
@HarborFront , so basically you recommend against running Sandboxie along-side Comodo SB/HIPS? I was concerned at first, but if setup properly they actually play nicely together. I like Sandboxie for my browser, because I can configure the sandbox to run off my Ramdisk, where as I can't do that with Comodo.

Edit: As far as I can tell, there isn't really any difference between KSC and KTS, and even the free versions both install all the modules, so it is still a matter of disabling everything besides the AV.
Since you have a problem with Comodo's SB might as well use the option 2) which gives you SB/FW/AV/HIPS

Using your setup needs 3 software. My suggestions use 2 software each......one less.

FI, KSC do NOT have internet components like FW/HIPS
 
Last edited:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,048
I don't run anything unless I know what it is and believe it to be clean. If something unknown does manage to run somehow then it is automatically sandboxed by Comodo.
Yup, auto-containment by Comodo is one up over SB Plus in this area

If I'm not wrong you can set UAC to max and KTS to trigger its HIPS an alert when running an unknown app

1612140406509.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top