- Feb 25, 2017
- 2,585
The reason why HMPA is so light, is because it isn't even a full AV. Out of AVG and F-Secure i personally would pick F-Secure, but its up to you to decide which one runs smoother on your system.
Thales Hardened system for 2021
- Thread starter Thales
- Start date
- Nov 26, 2017
- 730
Yeah, your are right about HMPA.
I've made serious changes and my system is super responsive and even more secure than before, however not everyone will like it
Last edited:
- Nov 26, 2017
- 730
I decided to run my system without any AV solution because I really think my solution is good as a traditional AV could be or even better.
Why it is good for me?
WD has been disabled via Group policy to prevent running "AntiMalware Service Executable". This caused a high system impact. It is still running but consumes 0 CPU.
System Restriction Policy
Set to Disallowed and controlled via Group policy
Why it is good for me?
- I'm tired of finding solutions in every 1 or 2 months because of high system impact, bugs, or any issues related to AV's.
- I've never got infected and it is not because of any Antivirus.
- I don't use cracks, hacks, illegal software and this fact reduces the possible infections by 95% if not more.
- I don't install new programs because I have everything I need to my work, so SRP whitelist rules are permanent and this is also convinient
- I still use "HitmanPro" and "Novirusthanks" Antimalware Remover regularly to make sure my solution works and OS is clean.
- This way my system is super responsive and also very secure.
- My CPU and RAM usage is very low even if Edge is open and Edge is always running
WD has been disabled via Group policy to prevent running "AntiMalware Service Executable". This caused a high system impact. It is still running but consumes 0 CPU.
Main protection is ON
(LOLBins are also blocked)
Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
very important one, I don't use any remote management software, so I block everything here
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
(LOLBins are also blocked)
Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
- Block executionof unsigned processes on root folder
- Block execution of processes on Public Folder
- Block Execution of processes on All User Folder
- Block processes executed from Shared folder
- Block processes executed from Network Drive
- Block processes executed from USB
- Block unknown processes from Windows folder
- Block execution of unsigned processes on Downloads folder
- Block execution of unsigned processes on Windows Temp
- Block execution of unsigned processes on Temp Folder
very important one, I don't use any remote management software, so I block everything here
- Block execution of any processes related to Teamviewer
- Block execution of any processes related to RealVNC
- Block execution of any processes related to UltraVNC
- Block execution of any processes related to NirSoft
- Block execution of any processes related toLogMeIn
- Block execution of any processes related to Security/Xploded
- Block execution of any processes related to Radmin
- Blck execution of PsTools Suite from Systernals
- Block processes named like "keygen" or "crack"
- Block Execution of Internet Explorer
- Block execution of Cortana
- Block Execution of Windows Registry Editor
- Bloc execution of UAC control Settings
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
- Block "ExecutionPolicy Bypass" on command-line (powershell)
- Block execution of .ps1 (Powershell) scripts
- Block ecxecution of .jar scripts
- Block execution of .msc outside System Folder
- Block execution of .cpl pplets outside System Folder
- Block any processes executed from mstsc (Remote Dektop)
- Block any processes executed from runtimebroker.exe
- Block any processes executed from java.exe
- Block any processes executed from javaw.exe
- Block execution of javaw\java.exe
- Block regedit.exe from silently loading .reg scripts
- Block reg.exe fro hijacking Registry startup entries
- Block reg.exe from disabling UAC
- Block known and possible UAC.bypass attempts
- Block "tricks" used to run UAC-bypass system processes
System Restriction Policy
Set to Disallowed and controlled via Group policy
- Feb 25, 2017
- 2,585
I actually think you might be fine with NextDNS + OS Armor and don't even need an AV if you are careful online. NoVirusThanks Malware Remover however is outdated and didn't receive updates for a long time according to the information on their website. Somehow it's still optimized for Windows 10 even tho it didn't get updated since 2011...I decided to run my system without any AV solution because I really think my solution is good as a traditional AV could be or even better.
Why it is good for me?
Performance is set to Best performance. Only smooth fonts and thumbnails are active.
- I'm tired of finding solutions in every 1 or 2 months because of high system impact, bugs, or any issues related to AV's.
- I've never got infected and it is not because of any Antivirus.
- I don't use cracks, hacks, illegal software and this fact reduces the possible infections by 95% if not more.
- I don't install new programs because I have everything I need to my work, so SRP whitelist rules are permanent and this is also convinient
- I still use "HitmanPro" and "Novirusthanks" Antimalware Remover regularly to make sure my solution works and OS is clean.
- This way my system is super responsive and also very secure.
- My CPU and RAM usage is very low even if Edge is open and Edge is always running
WD has been disabled via Group policy to prevent running "AntiMalware Service Executable". This caused a high system impact. It is still running but consumes 0 CPU.
Main protection is ON
(LOLBins are also blocked)
Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
Potentially unwanted processes
- Block executionof unsigned processes on root folder
- Block execution of processes on Public Folder
- Block Execution of processes on All User Folder
- Block processes executed from Shared folder
- Block processes executed from Network Drive
- Block processes executed from USB
- Block unknown processes from Windows folder
- Block execution of unsigned processes on Downloads folder
- Block execution of unsigned processes on Windows Temp
- Block execution of unsigned processes on Temp Folder
very important one, I don't use any remote management software, so I block everything here
Restrict Windows Programs
- Block execution of any processes related to Teamviewer
- Block execution of any processes related to RealVNC
- Block execution of any processes related to UltraVNC
- Block execution of any processes related to NirSoft
- Block execution of any processes related toLogMeIn
- Block execution of any processes related to Security/Xploded
- Block execution of any processes related to Radmin
- Blck execution of PsTools Suite from Systernals
- Block processes named like "keygen" or "crack"
Smart Powershell & CMD Rules
- Block Execution of Internet Explorer
- Block execution of Cortana
- Block Execution of Windows Registry Editor
- Bloc execution of UAC control Settings
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
Block Script Execution
- Block "ExecutionPolicy Bypass" on command-line (powershell)
Other Useful Block Rules
- Block execution of .ps1 (Powershell) scripts
- Block ecxecution of .jar scripts
- Block execution of .msc outside System Folder
- Block execution of .cpl pplets outside System Folder
UAC bypass Mitigation Rules
- Block any processes executed from mstsc (Remote Dektop)
- Block any processes executed from runtimebroker.exe
- Block any processes executed from java.exe
- Block any processes executed from javaw.exe
- Block execution of javaw\java.exe
- Block regedit.exe from silently loading .reg scripts
- Block reg.exe fro hijacking Registry startup entries
- Block reg.exe from disabling UAC
- Block known and possible UAC.bypass attempts
- Block "tricks" used to run UAC-bypass system processes
System Restriction Policy
Set to Disallowed and controlled via Group policy
. Maybe consider using at least WiseVector, people say it's really light and even cruelsister was losing some good words about it, and that means something.Here the info I found about NVT Malware Remover:
- Nov 26, 2017
- 730
Thank you @SecureKongo
How could I missed this My version was from 2012. What the hack
Indeed WiseVector is very light. I tried it 1 year ago.
I think I'm gonna find something else instead of NVT Antialware Remover.
How could I missed this
My version was from 2012. What the hackIndeed WiseVector is very light. I tried it 1 year ago.
I think I'm gonna find something else instead of NVT Antialware Remover.
- Feb 25, 2017
- 2,585
You might want to try AdwCleaner and Eset Online Scanner.Thank you @SecureKongo
How could I missed this
Indeed WiseVector is very light. I tried it 1 year ago.
I think I'm gonna find something else instead of NVT Antialware Remover.
- Nov 26, 2017
- 730
Eset online scanner is very slow. AdwCleaner is unknown for me. I will give it a try. I can even use 3 different 2nd opinion scanner, so why not.You might want to try AdwCleaner and Eset Online Scanner.
- Feb 25, 2017
- 2,585
You will be alright with Hitman Pro for pretty much every possible infection. AdwCleaner is just for adware and pup's. Those 2 should be enough.Eset online scanner is very slow. AdwCleaner is unknown for me. I will give it a try. I can even use 3 different 2nd opinion scanner, so why not.
- Nov 26, 2017
- 730
Boredom is here, so I decided to give some antivirus a chance and I won't use SRP.
My first pick is
Performance:
Every module is active and I'm impressed how light it is. The GUI is nice and the software is responsive.
Protection:
I don't know how strong the protection is but I don't really care because OSA is still active
Another changes:
Back to syncbackpro because it is the best. Period
I'm thinking about using a password manager again but can't make up my mind. My current solution is good but not convenient.
Maybe firefox lockwise but changing to firefox from edge is not the first thing I would chose. Also Windows hello PIN is important because I don't wanna type my password again and again.
My first pick is
HEIMDAL™ PREMIUM SECURITY HOME
I totally forget this software but an email reminded me that my licence has expired.Performance:
Every module is active and I'm impressed how light it is. The GUI is nice and the software is responsive.
Protection:
I don't know how strong the protection is but I don't really care because OSA is still active
Another changes:
Back to syncbackpro because it is the best. Period
I'm thinking about using a password manager again but can't make up my mind. My current solution is good but not convenient.
Maybe firefox lockwise but changing to firefox from edge is not the first thing I would chose. Also Windows hello PIN is important because I don't wanna type my password again and again.
Last edited:
- Feb 25, 2017
- 2,585
Tried it too for a while but it was quite unstable and crashed from time to time back then. Is it stable for you and is it finally recognized by Windows as an AV?Boredom is here, so I decided to give some antivirus a chance and I won't use SRP.
My first pick is
HEIMDAL™ PREMIUM SECURITY HOME
I totally forget this software but an email reminded me that my licence has expired.
Performance:
Every module is active and I'm impressed how light it is. The GUI is nice and the software is responsive.
Protection:
I don't know how strong the protection is but I don't really care because OSA is still active
Another changes:
Back to syncbackpro because it is the best. Period
I'm thinking about using a password manager again but can't make up my mind. My current solution is good but not convenient.
Maybe firefox lockwise but changing to firefox from edge is not the first thing I would chose. Also Windows hello PIN is important because I don't wanna type my password again and again.
Also, why you state using a third party firewall while using FirewallHardening?
Last edited:
- Nov 26, 2017
- 730
It is stable now. I don't remember why I didn't use it but I had a license.
Forget to delete the firewall hardening line. Thanks
- Apr 28, 2015
- 8,915
Check Malware Hub Stats thread, I tested this product last year...
- Nov 26, 2017
- 730
Now I remember. The poor result was the reason. Thanks for the test.
I hope it's gonna be better in the future. I'm gonna keep it for a while because it is light.
- Nov 26, 2017
- 730
I deleted Heimdal Premium Security Home because I download some suspicious files intentionally and it failed to detect while HitmanPro recognized them. Also checked them on virustotal. The product is very light but the protection also light
My 2nd pick is
The GUI isn't bad, and it is responsive. Instantly stops the scan when I press the cancel button and it is rare in antivirus products.
I was impressed and I'm thinking about buying this product but still have 6 months of trial but Trend Micro Internet security is cheap. It has everything I need however I still have 2 years from AVG Ultimate but I don't use it except the VPN on my mobile phone.
Also back to Enpass. Convenient and it is a very good Password manager with Windows Hello.
My 2nd pick is
TREND MICRO MAXIMUM SECURITY
My first impression is good. It is also very light but compared to Heimdal the protection is better. It recognized the files I downloaded and the test results of this product I found are good. I'm not a malware tester, so my opinion relies on other tests.The GUI isn't bad, and it is responsive. Instantly stops the scan when I press the cancel button and it is rare in antivirus products.
I was impressed and I'm thinking about buying this product but still have 6 months of trial but Trend Micro Internet security is cheap. It has everything I need however I still have 2 years from AVG Ultimate but I don't use it except the VPN on my mobile phone.
Also back to Enpass. Convenient and it is a very good Password manager with Windows Hello.
Last edited:
- Nov 26, 2017
- 730
So, I tried McAfee again in the last week and it is still good. I had no any problem with it.
Since Norton my browser makes unknown disconnection sometimes. I'm pretty sure it is because of Norton firewall.
Since Norton my browser makes unknown disconnection sometimes. I'm pretty sure it is because of Norton firewall.
- I bought Norton 360 Standard and I've been made few changes to maximum protection without sacrificing performance..
- Removed OSA (I had no problem with it)
- Removed Next DNS app because Norton and other AV'S say it is unsafe and malicious (probably false positive), but I set it up in the browser, so it works.
Last edited:
- May 10, 2019
- 2,289
This is really weird. The VT result is not good and does not reflect a FP. What do you think? The answer of NextDNS is not convincing (we pushed a new version blah blah blah).
- Nov 26, 2017
- 730
Exactly. That's why I removed it 2 weeks ago. and I use it only in browser settings.
- May 10, 2019
- 2,289
I used NextDNS with YogaDNs client for a while, but Adguard for Windows blocked more ads and I could browser full-of-intrusive-ads websites without a single ad. I am using Quad9 using Adguard client.
- Nov 26, 2017
- 730
Thanks for the tip
- Nov 26, 2017
- 730
Couldn't solved the delay when loading webpages, so I'm temporally back to Firefox.
I tried to disable every protection Norton has but nothing helped. Maybe it is Edge itself but don1T care because the next system restore is coming and will see.
Firefox seems fine and works as Edge before.
I tried to disable every protection Norton has but nothing helped. Maybe it is Edge itself but don1T care because the next system restore is coming and will see.
Firefox seems fine and works as Edge before.
Last edited:
Similar threads
