• Unlock forum

    Guest, you need to be a "Verified" member to post a new thread or reply in this forum.

pablozi

Level 25
Verified
Trusted
Hopefully the pissing match is over as I like both of these guys and both of their softs.
I second that mate!
VS + Configure Defender and Firewall Hardening is what I am rocking since some time and they play really well together (y)
So @Andy Ful and @danb please shake hands guys as we all play in the same team and share the same principles.
Stay safe and have a nice weekend! :emoji_beer:
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
I second that mate!
VS + Configure Defender and Firewall Hardening is what I am rocking since some time and they play really well together (y)
So @Andy Ful and @danb please shake hands guys as we all play in the same team and share the same principles.
Stay safe and have a nice weekend! :emoji_beer:
It is a very good setup.
This config would be good even without ConfigureDefender settings, especially for MT members. You can learn much from VS alerts and VS Pro will probably cover most of WD advanced settings except maybe Network Protection. Also, the number of false positives will be slightly smaller.
The ConfigureDefender settings are useful, when you use VS protection only for "out of the blue" events or unsafe applications, and usually bypass the VS alerts (via Allow button) while running your trusted applications.
 
Last edited:

oldschool

Level 54
Verified
@Dan VS is still blocking svchost.exe and WD updates prior to scan in my latest test:

Code:
[07-11-2020 10:21:54] [INFO ] - Process blocked by initial AntiExploit stage: c:\windows\system32\svchost.exe
[07-11-2020 10:21:55] [INFO ] - VoodooShield Blocked: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
[07-11-2020 10:22:34] [INFO ] - User Allowed: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
Edit: Tested with same result on W10 1909 & 2004.
 
Last edited:

danb

From VoodooShield
Verified
Developer
It is a very good setup.
This config would be good even without ConfigureDefender settings, especially for MT members. You can learn much from VS alerts and VS Pro will probably cover most of WD advanced settings except maybe Network Protection. Also, the number of false positives will be slightly smaller.
The ConfigureDefender settings are useful, when you use VS protection only for "out of the blue" events or unsafe applications, and usually bypass the VS alerts (via Allow button) while running your trusted applications.
So that is what you mean when you say you can bypass VS... the Allow button. Luckily VS already has a setting that mitigates that bypass...

Bypass.PNG


Andy, EVERYONE (except maybe a small handful of people), including me, would be highly appreciative if you refrain from keeping the conversation going. Please show everyone that you are a good hedgehog and that you do not "keep negative emotions too long".

Andy.PNG


@JT, you might be right that "Microsoft has no intention of getting rid of AppLocker, which completely incorporates the older SRP", but I do not believe you are... I have not checked because that does not change the fact that SRP runs in user-mode, and honestly I could care less. Then again, if one somehow believes they are immune to enterprise attacks then it is a non-issue either way.

JT.PNG


Maybe the answer is in the following link, but I am not going to waste time figuring it out.

 
Last edited:

danb

From VoodooShield
Verified
Developer
@Dan VS is still blocking svchost.exe and WD updates prior to scan in my latest test:

Code:
[07-11-2020 10:21:54] [INFO ] - Process blocked by initial AntiExploit stage: c:\windows\system32\svchost.exe
[07-11-2020 10:21:55] [INFO ] - VoodooShield Blocked: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
[07-11-2020 10:22:34] [INFO ] - User Allowed: c:\windows\system32\svchost.exe | "c:\windows\system32\\svchost.exe" |
Hey OS, sorry, I have been busy working on some other stuff and have not had a chance to see what I need to do to fix this issue. As we discussed, the block is caused by the link you provided below, and hopefully I will have a chance to look at it this weekend.


For the other users, as long as you do not use the link above, VS should not block Windows Defender updates.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
So that is what you mean when you say you can bypass VS... the Allow button. Luckily VS already has a setting that mitigates that bypass...

View attachment 244100

Andy, EVERYONE (except maybe a small handful of people), including me, would be highly appreciative if you refrain from keeping the conversation going. Please show everyone that you are a good hedgehog and that you do not "keep negative emotions too long".

View attachment 244101

@JT, you might be right that "Microsoft has no intention of getting rid of AppLocker, which completely incorporates the older SRP", but I do not believe you are... I have not checked because that does not change the fact that SRP runs in user-mode, and honestly I could care less. Then again, if one somehow believes they are immune to enterprise attacks then it is a non-issue either way.

View attachment 244102

Maybe the answer is in the following link, but I am not going to waste time figuring it out.

No comment. I appreciate that you read Hard_Configurator thread. :)(y)
 

danb

From VoodooShield
Verified
Developer
No comment. I appreciate that you read Hard_Configurator thread. :)(y)
In all fairness, you did post a link to your thread on the VS thread, but yeah, I try to read as many threads as I can and help out when I have time and there is an issue that I happen to be familiar with.

Either way, thank you, and I genuinely appreciate and admire that you at least acknowledge this is a limitation of SRP instead of blaming the user for not tailoring their product correctly.

Have a great weekend, let’s catch up in 2-4 years, deal?
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
@danb,
I think that you can ask the moderator to delete all posts related to my test and to our discussion. The test results are not important to VS development and other posts only bloat this thread. (y)
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
...
Either way, thank you, and I genuinely appreciate and admire that you at least acknowledge this is a limitation of SRP instead of blaming the user for not tailoring their product correctly.

Have a great weekend, let’s catch up in 2-4 years, deal?
No problem. You should probably read more posts from the H_C thread (old post about legacy SRP):
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-804884
But, it does not hurt to recall this from time to time.

Anyway, it is an interesting question, which software will survive longer in current hard time - 3rd party small business product or legacy SRP? For MT members it will not be a problem - they simply choose another application. I wish we both will catch up on our threads in 2-4 years. :unsure:
 
Last edited:

danb

From VoodooShield
Verified
Developer
Anyway, it is an interesting question, which software will survive longer in current hard time - 3rd party small business product or legacy SRP? For MT members it will not be a problem - they simply choose another application. I wish we both will catch up on our threads in 2-4 years. :unsure:
We certainly will see, I am guessing sooner than later ;).
 

danb

From VoodooShield
Verified
Developer
@danb,
Why are you interested to keep alive the SRP topics in the VS thread? Is it important for the VS development? There are some other threads where you can post, too.:unsure:
This will be my last post on this subject.

The main reason is because I took the time to explain a few elements and components of the inner workings of VS, which I rarely do. There is a lot of great info in the posts, and I do not want to spend the time writing the posts if they are just going to be erased.

That, and a lot of times when threads are edited, it is almost impossible to see what really happened. Have a great weekend!
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
This will be my last post on this subject.

The main reason is because I took the time to explain a few elements and components of the inner workings of VS, which I rarely do. There is a lot of great info in the posts, and I do not want to spend the time writing the posts if they are just going to be erased.

That, and a lot of times when threads are edited, it is almost impossible to see what really happened. Have a great weekend!
Thanks. It will be an interesting weekend in Poland due to the presidential election.(y):)
 

danb

From VoodooShield
Verified
Developer
Thanks. It will be an interesting weekend in Poland due to the presidential election.(y):)
Hopefully Poland has better politicians than the USA, they are terrible here... all of them ;).

BTW, I downloaded SWH and it is super cool! And actually, a SWH + VS would be an amazing super lightweight "bulletproof" combo that would make a heck of a lot of sense to a lot of people. I won't go into details why I think it is a great combo because I think most MT users will understand why it is. For now I just tested SWH on a VM, but I am thinking of combining it with VS on my actual computers. If this combo happens to become popular on MT, just remember I get the credit for thinking of the combo, hehehe ;).

Also, you probably already know this minor bug, but the VM I tested SWH on was Windows 8.1, and it worked but displayed a message that SWH only worked on Windows 10.
 

Andy Ful

Level 62
Verified
Trusted
Content Creator
...
Also, you probably already know this minor bug, but the VM I tested SWH on was Windows 8.1, and it worked but displayed a message that SWH only worked on Windows 10.
SWH should work well with VS. If you will notice any problem, then I can work on compatibility with VS.
SWH should work well on Windows 8+, but I have to rethink if this is a good idea. (y)
 
Top