Advanced Plus Security Thales' AVG based system for 2020

[Thales]

So, I had to reinstall my system because I had 40GB of unknown used space. Also my System was kinda slow.
This is my config for 2020. Feel free to give me suggestions.

Browser
Chrome was slow and got hiccups because of the extension I think. I used to use only 2 or 3 extensions. KeepassXC and Adblocker.
Testing Brave for the long run. Without 3rd party extensions the browser is very fast and I have reduced attack surface with using only 1 extension.

Antivirus
I think HMPA is enough for me and using it my system remained fast. Also OSArmor and SimpleWall are a good combo beside HMPA.
I don't think I need SRP or Hardened WD right now.
Emsisoft Emergency Kit is my 2nd opinion scanner

Password Manager
Keepass is my main password manager right now
Redundant backup solution is on and everything is encrypted before uploaded to the cloud.

System
Bloats are removed
OSArmor (I frefer OSArmor over SysHardener because it is easier to be managed and just block things instead of disabling them.)

 

[harlan4096]

In Virus and Malware Removal Tools, You may add EmsiSoft Emergengy Kit or MalwareBytes Free.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing

 

[Thales]

In Virus and Malware Removal Tools, You may add EmsiSoft Emergengy Kit or MalwareBytes Free.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing

Thank you already did. I wanted to use a 2nd opinion scanner but I completely forget. Thanks for the Heads up

 

[Thales]

Just a small but very effective change!

I blocked scripts globally in brave except sites I trust like MT, MS, Google etc.

 

[Zero Knowledge]

I love Emsisoft but sadly Windows Defender offers better protection at the moment and better detection results.

 

[Thales]

I love Emsisoft but sadly Windows Defender offers better protection at the moment and better detection results.

Yeah, but I can't use WD as a 2nd opinion scanner. Or can I? I'm not sure. maybe if I would disable the real time protection...

 

[Zero Knowledge]

Are you using Emsisoft Anti Malware or just the emergency kit?

 

[Thales]

Are you using Emsisoft Anti Malware or just the emergency kit?

Just the Emergency Kit but I think I'm gonna use WD + H_C for real time protection again beside HMPA.

 

[Zero Knowledge]

Just the Emergency Kit but I think I'm gonna use WD + H_C for real time protection again beside HMPA.

Wise choice. To be honest I think WD + H_C is a lot better. I also don't think HMPA does much either, I haven't seen it do much. Emsisoft paved the way with their behavior blocker but they have gone in a strange direction. Things have moved on and sadly I think they have been left behind.

 

[Parsh]

You can add Zemana if you do not have Memory Integrity enabled in WDSC. That and HMP would be sufficient making EEK unnecessary.

Yeah, but I can't use WD as a 2nd opinion scanner. Or can I? I'm not sure. maybe if I would disable the real time protection...

Not as a 2nd opinion scanner, but you can enable periodic scanning in case you aren't using WD.

Spoiler: WDSC

Just the Emergency Kit but I think I'm gonna use WD + H_C for real time protection again beside HMPA.

Totally agree with @Zero Knowledge. HMPA is a strong program but it would not replace a good AV with sigs and BB... it is weaker in some departments. Most of its strengths could actually be a good supplement to a basic AV like WD.
You can also try ConfigureDefender if you want to customize WD protection.

 

[oldschool]

but you can enable periodic scanning in case you aren't using WD.

Which is a waste because its local sigs aren't good at all.

 

[Thales]

Some changes!

Enabled Windows Defender
Added ConfigureDefender (on MAX) and H_C (on Default)
Added WebRTC Control extension
Installed Wireguard (Mullvad VPN)

SRP would be overkill.

I hope the performance is gonna be good but I have been experiencing some hikups since using Mullvad.
Not a big deal right now but If it remains I'm gonna switch to IVPN next month. They have 3 days trial.
Still have other options. IVPN, AzireVPN.

 

[oldschool]

This is your current setup?

HMPA
WD (hardened by H_C)
OSArmor
SimpleWall (Firewall)
ConfigureDefender (on MAX)
H_C (on Default)

 

[Parsh]

Which is a waste because its local sigs aren't good at all.

If the periodic scanning is having an undesirable impact on performance when it occurs or if the PC is low end, it might be better to disable it. However I have reasons to believe that it could be quite useful (a matter of probabilities), not in proactive defense of course, but detection of some unidentified malware.
If you remember the CCleaner supply chain attack. Besides Morphisec, Cisco was a player in reporting the suspected attack on one of the systems using their AMP protection. AMP comes under EDR (Endpoint Detection and Response) solutions.
Then, some people on forums figured that they could add Immunet AV as a 2nd opinion or companion AV. Because it's associated with Cisco, Immunet would quickly get signatures of such advanced new detection done by Cisco suites, that might go undetected by their resident AV until the culprit is out.
EDRs can help analyse endpoint system and network events a step further and there are better chances of detection of advanced malware via suspicious indicators.. while most AVs would miss what happened in Ccleaner event at that point of time - because the malicious exe/action/connection would get whitelisted because of trusted parents.

On similar lines - WD ATP is used by many corporates. If some near 0-day malware could get identified through one of the WD ATP installations, their detection would get pushed to WD protection quickly. Sooner than AVs if the AV initially missed the threat. Its another thing that the AV will eventually add that sig sooner or later due to the culprit being out and shared. Also not all AVs will add those detection quickly.
I am not sure about the frequency of periodic scanning, but if the delay is not long, it can prove to be useful in the above context.
If that sounds like a least probability event, the fact that WD has the highest share in the Windows 10 market can be used to infer that they have access to the largest set of data worldwide among competitors (audience may vary). And even though WD's overall sig detection might be weak (they're actually improving fast), they would sometimes be much quicker to identify some malware strains.
A matter of desired security posture and personal choice.

EDIT: Just checked - on enabling periodic scanning in WDSC, the user can run quick/ full/ custom/ offline scans as and when they wish

Spoiler: WD on-demand scan

 

[oldschool]

If some near 0-day malware could get identified through one of the WD ATP installations, their detection would get pushed to WD protection quickly.

Performance is not the issue with periodic scans. I believe 0-day and new detections impact cloud detection, and local sigs only much later. @Andy Ful @Evjl's Rain @SeriousHoax would know better than I. We never see testers use WD as a 2nd opinion scanner.

 

[Parsh]

Performance is not the issue with periodic scans. I believe 0-day and new detections impact cloud detection, and local sigs only much later. @Andy Ful @Evjl's Rain @SeriousHoax would know better than I. We never see testers use WD as a 2nd opinion scanner.

Can't say about the time difference between cloud detection and sig update. However, MS would surely add to their sigs faster than other AVs adding to theirs - in the discussed case that WD ATP / WD's cloud is the one to detect the threat before the 3rd party AVs.
There's malicious software removal tool of Microsoft, but it's not sig-strong overall. Coming to WD, it's not a dedicated cleaner like HMP/NPE/Zemana so it wouldn't be used as a 2nd opinion. And it anyways cannot be used as on-demand scanner if WD is not used.

 

[Thales]

This is your current setup?

HMPA
WD (hardened by H_C)
OSArmor
SimpleWall (Firewall)
ConfigureDefender (on MAX)
H_C (on Default)

Yes This is!

 

[oldschool]

Yes This is!

Serious overkill, my friend!

 

[Thales]

Serious overkill, my friend!

Yes I was afraid of that that's why I had no WD enabled but some MT members suggested to use WD at least. But seriously I don't know.
I still have 221 days from HMPA.
What should I ditch?

 

[Parsh]

Yes I was afraid of that that's why I had no WD enabled but some MT members suggested to use WD at least. But seriously I don't know.
I still have 221 days from HMPA.
What should I ditch?

If you want to keep HMPA

1. WD + HMPA + SimpleWall
2. WD + H_C + HMPA + SimpleWall
3. hardened WD + HMPA + SimpleWall

W/O HMPA

1. hardened WD + OSArmor + SimpleWall
2. hardened WD + H_C (with SRP) + SimpleWall (quite a few users here are using a similar setup)

would be simpler options. You can harden WD using either H_C or portable ConfigureDefender.
EDIT: as @oldschool suggested, if you do not use the advanced configuration and reports of SimpleWall, you can very well use FirewallDefender from H_C in its place. Tinywall also has great features and works on Windows FW. And if you need interactive firewall, you can see WFC or Sphinx FWC.
I would recommend at least 1 AV with sig, unless you have total lockdown.