Advanced Plus Security Thales' AVG based system for 2020

Last updated
Nov 20, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
AVG Internet Security
File Shield
Behaviour shield
Web shield
Remote Access Shield
Fake Website Shield
Enhanced Firewall

OSArmor (Default)
AVG Firewall (Default Deny)
Firewall security
About custom security
Default settings
Privacy is on maximum.
Periodic malware scanners
AVG
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge Chromium
Sticky Password
uBlockOrigin
Cookie AutoDelete
Maintenance tools
System Cleaner
Wise Disk Cleaner
File and Photo backup
Onedrive (pro 1TB)
SyncBackPro
System recovery
AOMEI Backupper
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Working from home
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Acer Aspire 3 A315-41

CPU
: AMD Ryzen 3 2200U
GPU: Radeon Vega Mobile GFX
RAM: 8GB DDR4 2400Mhz
Storage: 128GB SSD

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
So, I had to reinstall my system because I had 40GB of unknown used space. Also my System was kinda slow.
This is my config for 2020. Feel free to give me suggestions.

Browser
Chrome was slow and got hiccups because of the extension I think. I used to use only 2 or 3 extensions. KeepassXC and Adblocker.
Testing Brave for the long run. Without 3rd party extensions the browser is very fast and I have reduced attack surface with using only 1 extension.

Antivirus
I think HMPA is enough for me and using it my system remained fast. Also OSArmor and SimpleWall are a good combo beside HMPA.
I don't think I need SRP or Hardened WD right now.
Emsisoft Emergency Kit is my 2nd opinion scanner

Password Manager
Keepass is my main password manager right now
Redundant backup solution is on and everything is encrypted before uploaded to the cloud.

System
Bloats are removed
OSArmor (I frefer OSArmor over SysHardener because it is easier to be managed and just block things instead of disabling them.)
 
Last edited:

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
Just the Emergency Kit but I think I'm gonna use WD + H_C for real time protection again beside HMPA.

Wise choice. To be honest I think WD + H_C is a lot better. I also don't think HMPA does much either, I haven't seen it do much. Emsisoft paved the way with their behavior blocker but they have gone in a strange direction. Things have moved on and sadly I think they have been left behind.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
You can add Zemana if you do not have Memory Integrity enabled in WDSC. That and HMP would be sufficient making EEK unnecessary.
Yeah, but I can't use WD as a 2nd opinion scanner. Or can I? I'm not sure. maybe if I would disable the real time protection...
Not as a 2nd opinion scanner, but you can enable periodic scanning in case you aren't using WD.
WD periodic scanning.png
Just the Emergency Kit but I think I'm gonna use WD + H_C for real time protection again beside HMPA.
Totally agree with @Zero Knowledge. HMPA is a strong program but it would not replace a good AV with sigs and BB... it is weaker in some departments. Most of its strengths could actually be a good supplement to a basic AV like WD.
You can also try ConfigureDefender if you want to customize WD protection.
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
Some changes!

Enabled Windows Defender
Added ConfigureDefender (on MAX) and H_C (on Default)
Added WebRTC Control extension
Installed Wireguard (Mullvad VPN)

SRP would be overkill.

I hope the performance is gonna be good but I have been experiencing some hikups since using Mullvad.
Not a big deal right now but If it remains I'm gonna switch to IVPN next month. They have 3 days trial.
Still have other options. IVPN, AzireVPN.
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Which is a waste because its local sigs aren't good at all.
If the periodic scanning is having an undesirable impact on performance when it occurs or if the PC is low end, it might be better to disable it. However I have reasons to believe that it could be quite useful (a matter of probabilities), not in proactive defense of course, but detection of some unidentified malware.
If you remember the CCleaner supply chain attack. Besides Morphisec, Cisco was a player in reporting the suspected attack on one of the systems using their AMP protection. AMP comes under EDR (Endpoint Detection and Response) solutions.
Then, some people on forums figured that they could add Immunet AV as a 2nd opinion or companion AV. Because it's associated with Cisco, Immunet would quickly get signatures of such advanced new detection done by Cisco suites, that might go undetected by their resident AV until the culprit is out.
EDRs can help analyse endpoint system and network events a step further and there are better chances of detection of advanced malware via suspicious indicators.. while most AVs would miss what happened in Ccleaner event at that point of time - because the malicious exe/action/connection would get whitelisted because of trusted parents.

On similar lines - WD ATP is used by many corporates. If some near 0-day malware could get identified through one of the WD ATP installations, their detection would get pushed to WD protection quickly. Sooner than AVs if the AV initially missed the threat. Its another thing that the AV will eventually add that sig sooner or later due to the culprit being out and shared. Also not all AVs will add those detection quickly.
I am not sure about the frequency of periodic scanning, but if the delay is not long, it can prove to be useful in the above context.
If that sounds like a least probability event, the fact that WD has the highest share in the Windows 10 market can be used to infer that they have access to the largest set of data worldwide among competitors (audience may vary). And even though WD's overall sig detection might be weak (they're actually improving fast), they would sometimes be much quicker to identify some malware strains.
A matter of desired security posture and personal choice.

EDIT: Just checked - on enabling periodic scanning in WDSC, the user can run quick/ full/ custom/ offline scans as and when they wish
Screenshot (308).png
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
If some near 0-day malware could get identified through one of the WD ATP installations, their detection would get pushed to WD protection quickly.


Performance is not the issue with periodic scans. I believe 0-day and new detections impact cloud detection, and local sigs only much later. @Andy Ful @Evjl's Rain @SeriousHoax would know better than I. We never see testers use WD as a 2nd opinion scanner.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Performance is not the issue with periodic scans. I believe 0-day and new detections impact cloud detection, and local sigs only much later. @Andy Ful @Evjl's Rain @SeriousHoax would know better than I. We never see testers use WD as a 2nd opinion scanner.
Can't say about the time difference between cloud detection and sig update. However, MS would surely add to their sigs faster than other AVs adding to theirs - in the discussed case that WD ATP / WD's cloud is the one to detect the threat before the 3rd party AVs.
There's malicious software removal tool of Microsoft, but it's not sig-strong overall. Coming to WD, it's not a dedicated cleaner like HMP/NPE/Zemana so it wouldn't be used as a 2nd opinion. And it anyways cannot be used as on-demand scanner if WD is not used.
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Yes I was afraid of that that's why I had no WD enabled but some MT members suggested to use WD at least. But seriously I don't know.
I still have 221 days from HMPA.
What should I ditch?
If you want to keep HMPA
  1. WD + HMPA + SimpleWall
  2. WD + H_C + HMPA + SimpleWall
  3. hardened WD + HMPA + SimpleWall
W/O HMPA
  1. hardened WD + OSArmor + SimpleWall
  2. hardened WD + H_C (with SRP) + SimpleWall (quite a few users here are using a similar setup)
would be simpler options. You can harden WD using either H_C or portable ConfigureDefender.
EDIT: as @oldschool suggested, if you do not use the advanced configuration and reports of SimpleWall, you can very well use FirewallDefender from H_C in its place. Tinywall also has great features and works on Windows FW. And if you need interactive firewall, you can see WFC or Sphinx FWC.
I would recommend at least 1 AV with sig, unless you have total lockdown.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top