- Apr 18, 2022
- 230
sypqys configuration 2024
- Thread starter sypqys
- Start date
- Apr 1, 2019
- 2,868
Yea, and I wouldn’t use an old version of OSArmor to keep it free.
You can always try out Malwarebytes Premium and see how it behaves. High resource usage isn’t always indicative of poor performance unless you are limited on something like RAM or your CPU can’t handle it.
- Apr 18, 2022
- 230
Yes I have already a licence key payed for MBAM. But I don't use I have few ressource RAM. Because FF and Chrome takes some of RAM.
- Dec 23, 2014
- 8,604
Do you use H_C in the current settings? If you allow macros, then you need to apply custom settings. What version of MS Office do you use?
You can also use MS Office as a non-default application to open only your documents (documents will be opened from MS Word, Excel, etc.). As a default application that can open office documents, you can configure Excel, Word, and PowerPoint mobile versions from Microsoft Store. The mobile versions do not allow macros and active content, but you can copy the content and print documents.
- Apr 18, 2022
- 230
- Dec 23, 2014
- 8,604
What security do you use to mitigate MS Office vulnerabilities, exploits, and fileless malware related to MS Office?
- Apr 18, 2022
- 230
Nothing I guess...
If I configure H_C it broke delete all my vb codes so I don't protect that anymore except with OSArmor free I see, he don't delete anything
How I have to do ? If you have idea...
The files which I download on Excel-downloads are safe.
- Apr 18, 2022
- 230
- Apr 28, 2015
- 8,955
- Apr 18, 2022
- 230
I will change this, it is why I'm "Danger" on top of topic ?
- Sep 2, 2021
- 2,641
Because surfing without having activated the UAC is very dangerous.
But I just saw that the moderator removed the "Danger"
- Aug 17, 2014
- 11,264
- Apr 28, 2015
- 8,955
Network firewall: None or Don't know -> does Your router include firewall?
- Apr 18, 2022
- 230
Yes but I don't understand very well the english, I have simplewall.... on Win 10, my router have a firewall yes.
I change this, sorry.
- Dec 23, 2014
- 8,604
What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?
Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
- Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application. - You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
- If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
- You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
- Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
- Learn to recognize phishing attempts.
Last edited:
- Sep 2, 2021
- 2,641
- Apr 18, 2022
- 230
I recognize I don't understand all the answer, but thanksWhat do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?
Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
Be safe.
- Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.- You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
- If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
- You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
- Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
- Learn to recognize phishing attempts.
- Apr 18, 2022
- 230
Similar threads
