Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Using OS_Armor and Hard_Configurator together
Message
<blockquote data-quote="Lenny_Fox" data-source="post: 849239" data-attributes="member: 82776"><p>Idea background</p><p></p><p>1. OS_Armor.</p><p>Use OS_Armor in default settings to block known malware execution patterns of legitimate (Windows) programs. I only excluded some script execution block rules, because the Software Protection Rules enforced by Hard_Configurato already block them in user folders (which offers similar protection with less compatibility risk). OS_Armor block rules are very granular.. Basically OS-Armor blocks legitimate programs to execute when they are used in way often seen by malware and ransomware.</p><p></p><p>2. Hard_Configurator</p><p>Use Hard-Configurator to block dangerous file extensions in user folders, but allow execution of programs for compatibility by loading the profile: Windows_10_MT_Windows_Security_hardening.hdc. I disabled UAC Validate Admin Code Signature, because I hope/guess Windows_Defender in MAX will block unsigned programs with poor reputation to execute.</p><p></p><p>3.Configure_Defender</p><p>Use Configure Defender to use Windows Defender in MAXimum protection. One of the benefits is that it blocks unknown programs with poor reputation in this MAXimum setting. In stead of all blocking programs with SRP, this allow/block decision is now transfered to the Windows Defender cloud mechanism. My guess is that most average PC users don't install a lot of software, so this false positive risk (blocking to much) is minimal.</p><p></p><p>4. Firewall Hardening</p><p>Enabled to block LOLbins also, just as an extra layer,in case the execution of a LOLbin slips through OS_Armor.</p><p></p><p></p><p>Running it for a few days now on my Windows10 partition. What do seasoned members think of this freebie combo? I tweaked as little as possible to the default settings, because Andreas and Andy know a lot more about security than me. Keeping this combo close to the defaults , is my best bet to achieve maximum protection with maximum compatibility and maximum usability.</p><p></p><p></p><p>___________________ disabling some default OS_Armor rules to block execution of scripts (anywhere) ____________________</p><p></p><p>[ATTACH=full]231025[/ATTACH]</p></blockquote><p></p>
[QUOTE="Lenny_Fox, post: 849239, member: 82776"] Idea background 1. OS_Armor. Use OS_Armor in default settings to block known malware execution patterns of legitimate (Windows) programs. I only excluded some script execution block rules, because the Software Protection Rules enforced by Hard_Configurato already block them in user folders (which offers similar protection with less compatibility risk). OS_Armor block rules are very granular.. Basically OS-Armor blocks legitimate programs to execute when they are used in way often seen by malware and ransomware. 2. Hard_Configurator Use Hard-Configurator to block dangerous file extensions in user folders, but allow execution of programs for compatibility by loading the profile: Windows_10_MT_Windows_Security_hardening.hdc. I disabled UAC Validate Admin Code Signature, because I hope/guess Windows_Defender in MAX will block unsigned programs with poor reputation to execute. 3.Configure_Defender Use Configure Defender to use Windows Defender in MAXimum protection. One of the benefits is that it blocks unknown programs with poor reputation in this MAXimum setting. In stead of all blocking programs with SRP, this allow/block decision is now transfered to the Windows Defender cloud mechanism. My guess is that most average PC users don't install a lot of software, so this false positive risk (blocking to much) is minimal. 4. Firewall Hardening Enabled to block LOLbins also, just as an extra layer,in case the execution of a LOLbin slips through OS_Armor. Running it for a few days now on my Windows10 partition. What do seasoned members think of this freebie combo? I tweaked as little as possible to the default settings, because Andreas and Andy know a lot more about security than me. Keeping this combo close to the defaults , is my best bet to achieve maximum protection with maximum compatibility and maximum usability. ___________________ disabling some default OS_Armor rules to block execution of scripts (anywhere) ____________________ [ATTACH type="full" alt="1576404843268.png"]231025[/ATTACH] [/QUOTE]
Insert quotes…
Verification
Post reply
Top