SECURE [STAFF] Umbra Lockdown Security 2017 (3 systems)

Discussion in 'PC Security Configuration' started by Umbra, Feb 14, 2017.

Tags:
  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Paid version , and i have nothing much to setup unlike i have to with Sandboxie, all is extremely tight by default.This is why i love ReHIPS and his my favorite sandbox apps.
    I just add folders and modify permissions to them for convenience, and restrict internet access to some of the IE (Isolated Environments, the "sandboxes") .
    However classic users may find it complicated to use at beginning.
     
  2. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,294
    5,745
    Far East
    #142 HarborFront, Nov 27, 2017
    Last edited: Nov 27, 2017
    @Umbra

    Will the HIPS in ReHIPS clash with other HIPS say with FortKnox Personal Firewall's HIPS, SpyShelter's HIPS, ESET IS's HIPS, Comodo FW's HIPS etc

    Thanks
     
  3. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,246
    13,483
    Utopia
    I tried ReHIPS with Spyshelter (against my own better judgement) and I did not see any conflicts. But there was an impact to system responsiveness
     
  4. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,294
    5,745
    Far East
    So can I turn off SpyShelter's HIPS if I use ReHIPS? Can SpyShelter's HIPS module be turned off in the first place? If yes, will this impact SpyShelter's performance?

    SpyShelter Anti-Keylogger System Defense module (HIPS module) prevents malicious applications, such as viruses or keyloggers from altering your system files. It stops all threats, before they can execute a single action. Some of the monitored actions include:

    •Global Hook Installation
    •Rootkit Installations
    •Thread Context Changing
    •Direct Physical Memory Access
    •Remote Thread Creation
    •DLL Code Injection
    •Kernel Driver Loading
    •Program State and Memory Modification
    •System Critical parts Registry Modification

    This proactive method of protection also stops malicious applications from putting any module of SpyShelter out of operation.

    Real Time System Protection | SpyShelter Anti-Keylogger
     
    Sunshine-boy likes this.
  5. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,246
    13,483
    Utopia
    I don't know. Basically what you are suggesting is to configure SpyShelter regular product so it will function like their new product, which is only anti-keylogger. All I can say is try and see.
     
  6. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,294
    5,745
    Far East
    The SpyShelter Silent comes with too few protection features against keyloggers

    :rolleyes:
     
    Deletedmessiah and shmu26 like this.
  7. steel9

    steel9 Level 3

    Jun 23, 2017
    142
    398
    Sweden
    Windows 10
    F-Secure
    Nice. But do you run Firefox in a separate desktop as an isolated app?
     
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    on the actual beta i isolate it on main desktop.
     
    shmu26, steel9 and Solarlynx like this.
  9. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    my new (Leisure) machine security setup :

    Added:

    - Appguard
    - Sandboxie (paid)
    - Adguard

    I will add NVT ERP when it will reach public beta.
     
    lowdetection, ZeroDay, XhenEd and 3 others like this.
  10. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,166
    5,164
    IRAN
    Windows 10
    ESET
    Rehips HIPS don't alert about these operations!and cant handle them!
    You cant!
    Rehips=Anti Exe+some heuristic alerts+ App CTRL+powerfull sandbox.I like Rehips but I should be honest with my self! spyshlter is the better product! but Rehips has its own advantages(free, simple and a powerful sandbox)
     
    HarborFront and ZeroDay like this.
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Because ReHIPS isn't an "HIPS" (in the commonly known geek definition) so obviously it can't do what HIPS like comodo or spyshelter do.
     
    ZeroDay, harlan4096 and Sunshine-boy like this.
  12. overdivine

    overdivine Level 1

    Aug 21, 2013
    35
    117
    does chrome keep appcontainer integrity level under rehips?
     
    steel9 and ZeroDay like this.
  13. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    no, 3rd party sandboxes takes over, they can't reach appcontainer IL; note that Chrome Appcontainer isn't the same as the one in Edge.
    And to me using a sandbox like ReHIPS is better than a browser native sandbox.
     
    Sunshine-boy likes this.
  14. overdivine

    overdivine Level 1

    Aug 21, 2013
    35
    117
    can you tell me some difference? i have both of them running appcontainer integrity level and beside different aslr setting i didn't find anything
     
    Sunshine-boy likes this.
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Appcontainer in Edge (and metro apps) are in fact a modified "Low-Box token" (which any sandboxes uses) , then "Capabilities" (aka area authorizations) are implemented , so the Metro Apps can only access areas of system they need to works with (for example Edge will access the network area, etc...), it is set by the app developer. Those two parameters are what make Appcontainer.

    In Chrome, they simulate the Metro Apps features (for the token) but since chrome isn't a metro apps it doesn't fully implement the APpcontainer mechanism (especially the set capabilities).

    Now 3rd party sandboxes isolate the full browser, so even files downloaded are isolated unlike browser sandboxes which focus only to sandbox code/scripts.

    What is Microsoft Edge Sandboxing?
     
  16. overdivine

    overdivine Level 1

    Aug 21, 2013
    35
    117
    yes but i was talking only about the integrity level Trusted Installer>System>High>Medium>Low>Untrusted>Appcontainer
    isn't appcontainer better to use than low or untrusted ? more safe ? even if it's not fully implemented ?
    from my understanding a process running an integrity level can modify only lower or equal integrity levels
     
  17. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    To be simple, Appcontainer is low-box token = untrusted with safer infrastructure.
     
    Vasudev likes this.
  18. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,615
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Added: (all machines)

    - Brave Browser, the anti-chrome, basically chrome made towards privacy and security.
     
Loading...
Similar Threads Forum Date
Umbra's Lockdown Security 2016 SCW Archive Dec 23, 2013
System Specs Umbra's Lenovo Yoga 520i Showcase Hardware Dec 6, 2017
Poll Umbra's Poll Series : Anti-Exploit General Security Discussions Jul 15, 2017