Tornado's Security Configuration 2016

[AtlBo]

Cats-4_Owners-2

That's very helpful, thanks.

The only issue I have run into with ToolWiz TimeFreeze (and for me it's serious since I tend to test software a fairly decent amount) is that the restore capability doesn't survive a boot. I could be wrong about this, as I am basing this on use of the program probably over a year ago. At that time, any installation (like Comodo Firewall for example) that required a boot would have to be undone before the boot. I really like the program, though.

I am using the 360 TS sandbox, and the only protection for installers associated with the sandbox is that downloads go into the sandbox and cannot be run from there. I did just notice that there is a right click option for running an installer in the sandbox , but installations don't go into the sandbox, unfortunately.

Thanks again for the ideas. I have read a good bit about Sandboxie here. I have been tempted to try it, but I just haven't yet. Maybe the 360 TS sandbox will get better. I do feel vulnerable to attacks from an installer as Private Firewall is the only defense I have got that will block behaviors that could happen during an installation. It will block dangerous ones, but I am concerned I could miss a pop up because there are so many. It monitors 21 behaviors and every installation is at least 4-5 alerts.

 

[Cats-4_Owners-2]

AtlBo, you are correct about an executable not being able to be run in Sandboxie, and Time Freeze is considered as being not quite as protective as Shadow Defender. I have heard a lot of good things about both Appguard & NoVirusThanks which utilize (I believe) an exclusion approach, although I've yet to personally experience either of them yet.
I think of Sandboxie specifically as Browsing Armor! It's free, and once you get used to how to open it, it's very confidence inspiring.
Our own Jack shared an easy to understand review in a post here: Question - Is an AV required to be safe with Windows 7 ? Then you might choose to download the latest version here: Sandboxie - Download Sandboxie

 

[AtlBo]

I did just notice that there is a right click option for running an installer in the sandbox , but installations don't go into the sandbox, unfortunately.

I should clarify on this. By this I mean an installer that is outside the sandbox can technically be started and run within the sandbox using the right click dialog (like run as administrator). This accomplishes nothing, because the installation happens outside the box just like any normal installation. Installers inside the box don't run with any option. Oh well. I didn't think to point the installation to the sandbox folder, however. I'll try that later.

Thanks for all of the information. I will take a look as there is so much to know. I feel like I have catching up to do, so all the info from all the knowledgeable members here helps tremendously...

 

[Deleted Member 333v73x]

AtlBo, you are correct about an executable not being able to be run in Sandboxie, and Time Freeze is considered as being not quite as protective as Shadow Defender. I have heard a lot of good things about both Appguard & NoVirusThanks which utilize (I believe) an exclusion approach, although I've yet to personally experience either of them yet.
I think of Sandboxie specifically as Browsing Armor! It's free, and once you get used to how to open it, it's very confidence inspiring.
Our own Jack shared an easy to understand review in a post here: Question - Is an AV required to be safe with Windows 7 ? Then you might choose to download the latest version here: Sandboxie - Download Sandboxie

What sandbox should I use except sandboxie?

 

[Crystal_Lake_Camper]

You can deactivate avast's firewall and install comodo firewall wich had a sandbox also and is wat superior but why not sandboxie?

 

[Crystal_Lake_Camper]

But better yet buy shadow defender and run your system in shadow mode constantely the program costs 25 bucs for a lifetime License and its worth each and every penny!!!!

 

[Deleted Member 333v73x]

But better yet buy shadow defender and run your system in shadow mode constantely the program costs 25 bucs for a lifetime License and its worth each and every penny!!!!

I already have a lifetime license but how much RAM does it use?

 

[AtlBo]

In case anyone cares to know:

Oh well. I didn't think to point the installation to the sandbox folder, however. I'll try that later.

I tried a few portable apps in the 360 TS sandbox...wouldn't run

However, the TDSSKiller scanner did run successfully and from a zipped folder inside the 360 sandbox folder. I sent a report to Qihoo about the issue, because it seems like a vulnerability to me, even though I am certain TDSSKiller is designed to be able to do miracles when it comes to running from anywhere. Maybe not miracles, but malware writers are all about the craftiness too, so...

Normal programs cannot install into the 360SANDBOX folder, because the folder is a hidden folder. So much for that test...

 

[Cats-4_Owners-2]

I already have a lifetime license but how much RAM does it use?

Good for you, ..and that is a very good question!
I'd found this: Light Virtualization Software Review and Guide: Shadow Defender - Software Usage Part 1 - Mode Setting
Here are some excerpts from the review/guide:

"There is a RAM used as Write Cache feature here as well. If your system has an adequate helping of RAM, you can assign a part of it to be used for the SD write cache. The benefits of this are obvious. When the virtual system runs in RAM the whole process will be faster and your protected volumes won't take any write hits until you choose to manually commit data to them (more on that later). This is especially beneficial to devices like SSDs, memory cards, flash sticks etc.

No disk hits also means no disk traces of deleted data left behind. It all stays in RAM and gets flushed at the next reboot, which is perfect for the more paranoid among us. Where is my tinfoil hat...?

When adding a RAM value, remember to always leave enough RAM available for the system. For example: If your system has 4GB of RAM (which translates to 4096MB), you can assign 1024MB for the SD write cache and leave the rest for Windows. If you only have 2GB of RAM installed you should not use this option. In this case leave the RAM cache at zero (default).

When the assigned RAM cache fills-up the program will automatically switch back to disk buffering mode. Personally I keep a close eye on Shadow Defender's RAM cache usage (through the System Status screen), making sure to reboot the system before the RAM cache fills-up completely. This way the program never switches into disk buffering mode and my SSDs don't get any write hits while in Shadow Mode."

 

[Deleted Member 333v73x]

Good for you, ..and that is a very good question!
I'd found this: Light Virtualization Software Review and Guide: Shadow Defender - Software Usage Part 1 - Mode Setting
Here are some excerpts from the review/guide:

"There is a RAM used as Write Cache feature here as well. If your system has an adequate helping of RAM, you can assign a part of it to be used for the SD write cache. The benefits of this are obvious. When the virtual system runs in RAM the whole process will be faster and your protected volumes won't take any write hits until you choose to manually commit data to them (more on that later). This is especially beneficial to devices like SSDs, memory cards, flash sticks etc.

No disk hits also means no disk traces of deleted data left behind. It all stays in RAM and gets flushed at the next reboot, which is perfect for the more paranoid among us. Where is my tinfoil hat...?

When adding a RAM value, remember to always leave enough RAM available for the system. For example: If your system has 4GB of RAM (which translates to 4096MB), you can assign 1024MB for the SD write cache and leave the rest for Windows. If you only have 2GB of RAM installed you should not use this option. In this case leave the RAM cache at zero (default).

When the assigned RAM cache fills-up the program will automatically switch back to disk buffering mode. Personally I keep a close eye on Shadow Defender's RAM cache usage (through the System Status screen), making sure to reboot the system before the RAM cache fills-up completely. This way the program never switches into disk buffering mode and my SSDs don't get any write hits while in Shadow Mode."

McShield.exe is detected on VirusTotal, look at this, is it a FP?

 

[Malware1]

McShield.exe is detected on VirusTotal, look at this, is it a FP?View attachment 78707

Of course it is.

 

[Cats-4_Owners-2]

McShield.exe is detected on VirusTotal, look at this, is it a FP?View attachment 78707

I agree with Malware1, although it's a good habit to be vigilant. In fact, false positives are among the many lessons I've learned not to ignore. This is how white listing comes into play on your own systems protections. One example is that MC Shield detects Privazer ini files (your custom settings for scanning) until you mark them in MC Shield's white list to be ignored as false positives. I didn't learn this until after MC Shield mistakenly got rid of those files after which I then set it to 'quarantine' rather than delete!

 

[Deleted Member 333v73x]

Is there anything I should add?

 

[jamescv7]

@Anti-Malware Reviewer: Use McShield if you are dealing very much on insert your thumbdrive regularly other than of that no need at all.

Unchecky is fine but when you are aware much on bundled program to just click custom from installation then no need also.

 

[Deleted Member 333v73x]

Updated config:

Added: MCShield Anti-Malware
Removed: Unnecessary second-opinion scanners

 

[conceptualclarity]

McShield.exe is detected on VirusTotal, look at this, is it a FP?View attachment 78707

ClamAV is the world champion of false positives. I put little stock in Jiangmin, and I've never heard of K7GW. If it's 3/55 on Virus Total, I'll take a look, but usually that doesn't worry me. Sometimes 5 or 6 detections on VT is just a warning that you've got a download that will make you jump through some hoops of bundled programs you must avoid with "Custom" installation and making sure the boxes are unchecked. I understand software developers need to make some money for the time and effort they invest in their programs, so I don't get bothered over it. That is, as long as there's no Babylon Toolbar or Delta Search--in which case out with File Shredder for that download!

 

[conceptualclarity]

+1 for scanning all questionable files & programs. They can be up to 125 mb in size which I've just gone over at times. I find I visit www.virustotal.com more often than I use the installed uploader (I'd prefer it opened in Firefox) but it opens in Explorer, so if anyone knows how to tweak this in order to use Firefox instead...Thanks!)

I'm sorry that's happening to you. Internet Explorer is seldom seen on my computer. Virus Total Uploader always opens in my default browser. If it has any tech support, I'd contact them.

 

[Deleted Member 333v73x]

Updated Configuration

Added: Flashcontrol and CanvasFingerprintBlock for Chrome

 

[Deleted Member 333v73x]

Updated Configuration

Removed: Flashcontrol and CanvasFingerprintBlock for Chrome

 

[Deleted member 178]

MC Shield and SAS are not needed when you have Avast and ZAM.

also i think you forgot to delete my virtual OSes list from the VM section