Advice Request What are some lightweight configurations for zero-day threats?

Please provide comments and solutions that are helpful to the author of this topic.

Takashi94

Level 1
Verified
Mar 11, 2018
29
Install latest Windows 10, rectifies supersedes lot of third party softwares, other softwares stable up-to-date, MBAE, don't run, disable vulnerable softwares, services main ones that all targets is print spooler, task host, WMI, enforce group policies, uninstall softwares that you don't use, install only well reputated mainstream software, for any basic softwares without digital signatured, if there's a portable version, use that instead. don't let background update processes of third party softwares run, as well as uninstall useless bloatware like Bonjour, mobile device support, bundled with iTunes it's useless if you don't have an apple device, ipod, still runs vulnerable anyway all time, they run even when there's no update, either delete if possible in task scheduler or if not possible delete/move updater executable altogether to prevent starting. Keep less, only needed non-windows process running in background.
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I have no knowledge for zero-day threats, but here's my guess.

Windows 10 Standard Account
Add Deny-Default software
Add Anti-Exploit software
Block vulnerable processes from being exploited
Securely backup critical data off-line
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
With Windows 10 FCU+ you do not need additional security software except built-in Windows features: SmartScreen, SRP (default-deny) + some additional Windows policies (hardening), Defender ASR, Exploit Guard for desktop applications, and App Container isolation for applications dealing with vulnerable content (Office and PDF documents downloaded from the Internet, etc.).
Using Exploit Guard for applications is not a rocket science, and in most cases, it takes about 20 minutes per application to configure the right settings (trial and error method).
The final configuration is lighter, safer and much more stable than using third-party AV + Anti-Exploit.
On the cons side, you have to learn and get like default-deny security.:)
 

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Every configuration on Windows mentioned above is excellent to reduce infection and attacks. Really couldn't say it best.

As for extra protection, I would suggest:

  • Any light, resource-easy antivirus (ESET, Windows Defender)
  • OSArmor by NVT
  • VoodooShield (optional)

Couldn't go lighter :) And of course, every configuration mentioned by our mates above!
 
I

illumination

Couldn't go lighter :) And of course, every configuration mentioned by our mates above!

When is the last time you tried Appguard. It and built in windows security is very light, AG uses very little system resources, not felt at all. You almost forget it's there until it blocks something. Not only is it a tiny application, and very light, but is also stable, meaning i have yet to come across a usability bug, that limits the products functionality.
 
Last edited by a moderator:
D

Deleted member 178

1- no AVs, they suck on 0-days, their sigs always comes too late
2- block elevation of unsigned executable (90% of malware are unsigned and requires elevation)
3- use a default-deny application : SRP, anti-exe, HIPS or Behavior Blocker.
4- Use a sandbox to isolate all internet-facing activities.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Comodo firewall with CS's settings for me is the lightest

Do do notice some slowdown with any AV installed, especially with WD causing high disk usage
Kaspersky free also causes the exact same problem as WD but only once when you open the folder for the first time after boot. The second time, it is cached -> reboot -> cache is cleared
KFA also causes significant lag when I opened an MKV movie. Massive slowdown. Otherwise, it's light and effective

Avast seems to be lighter than KFA in general but it does slowdown boot time and download speed if it's not properly configured

I did noticed some system slowdown with Voodooshield

some slight slowdown with NVT OSA especially with large files but in general, it's light

never tried apguard because it's a paid product

I almost don't notice any slowdown with CF + immunet so far
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Shadow Defender and Sandboxie for sandbox.
Normally, Sandboxie is not required when using Shadow Defender.
But, with Sandboxie paid version, the user may isolate vulnerable applications in the separate custom sandboxes. Such sandboxes can be extremely restricted to kill any other programs (malware, keyloggers, exploits, script sponsors, Internet access etc.).
Another case is installing and updating applications in the Sandbox, located on the partition that is not in the Shadow Mode. That can be useful when Shadow Defender works in Shadow Mode on boot.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
With Windows 10 FCU+ you do not need additional security software except built-in Windows features: SmartScreen, SRP (default-deny) + some additional Windows policies (hardening), Defender ASR, Exploit Guard for desktop applications, and App Container isolation for applications dealing with vulnerable content (Office and PDF documents downloaded from the Internet, etc.).
Using Exploit Guard for applications is not a rocket science, and in most cases, it takes about 20 minutes per application to configure the right settings (trial and error method).
The final configuration is lighter, safer and much more stable than using third-party AV + Anti-Exploit.
On the cons side, you have to learn and get like default-deny security.:)

NVT SysHardener is a good compliment to Andy Ful Hard_Configurator and ConfigureDefender, in order to accomplish this.
The result will be lighter than running third-party apps such as OSArmor. That is my experience, anyways.

Among the third-party apps, I find AppGuard and Comodo Firewall to be very light, but I feel impact on the system from OSA and ERP. Every system reacts differently.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
NVT SysHardener + NVT OSArmor are very useful in the default-allow type security configuration applied by standard AntiVirus. But, the default-deny configuration, based on SRP, is much more restrictive, so most SysHardener & OSArmor features will be not triggered at all.
Anyway, Hard_Configurator + NVT SysHardener + NVT OSArmor can be used together (after adding some exclusions) when the user likes using default-allow configuration for a daily work and default-deny for some unsafe tasks.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top