- Jul 28, 2017
- 185
I am trying to come up with a few ideas for a lightweight configuration which can protect against zero-day threats and I want to see what you guys can come up with.
What are some lightweight configurations for zero-day threats?
- Thread starter LukeLovesSecurity
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Install latest Windows 10, rectifies supersedes lot of third party softwares, other softwares stable up-to-date, MBAE, don't run, disable vulnerable softwares, services main ones that all targets is print spooler, task host, WMI, enforce group policies, uninstall softwares that you don't use, install only well reputated mainstream software, for any basic softwares without digital signatured, if there's a portable version, use that instead. don't let background update processes of third party softwares run, as well as uninstall useless bloatware like Bonjour, mobile device support, bundled with iTunes it's useless if you don't have an apple device, ipod, still runs vulnerable anyway all time, they run even when there's no update, either delete if possible in task scheduler or if not possible delete/move updater executable altogether to prevent starting. Keep less, only needed non-windows process running in background.
Last edited:
I have no knowledge for zero-day threats, but here's my guess.
Windows 10 Standard Account
Add Deny-Default software
Add Anti-Exploit software
Block vulnerable processes from being exploited
Securely backup critical data off-line
Windows 10 Standard Account
Add Deny-Default software
Add Anti-Exploit software
Block vulnerable processes from being exploited
Securely backup critical data off-line
- May 11, 2011
- 444
- Dec 23, 2014
- 8,970
With Windows 10 FCU+ you do not need additional security software except built-in Windows features: SmartScreen, SRP (default-deny) + some additional Windows policies (hardening), Defender ASR, Exploit Guard for desktop applications, and App Container isolation for applications dealing with vulnerable content (Office and PDF documents downloaded from the Internet, etc.).
Using Exploit Guard for applications is not a rocket science, and in most cases, it takes about 20 minutes per application to configure the right settings (trial and error method).
The final configuration is lighter, safer and much more stable than using third-party AV + Anti-Exploit.
On the cons side, you have to learn and get like default-deny security.
Using Exploit Guard for applications is not a rocket science, and in most cases, it takes about 20 minutes per application to configure the right settings (trial and error method).
The final configuration is lighter, safer and much more stable than using third-party AV + Anti-Exploit.
On the cons side, you have to learn and get like default-deny security.
- Jun 24, 2016
- 2,503
Every configuration on Windows mentioned above is excellent to reduce infection and attacks. Really couldn't say it best.
As for extra protection, I would suggest:
Couldn't go lighter And of course, every configuration mentioned by our mates above!
As for extra protection, I would suggest:
- Any light, resource-easy antivirus (ESET, Windows Defender)
- OSArmor by NVT
- VoodooShield (optional)
Couldn't go lighter
And of course, every configuration mentioned by our mates above!Couldn't go lighter
When is the last time you tried Appguard. It and built in windows security is very light, AG uses very little system resources, not felt at all. You almost forget it's there until it blocks something. Not only is it a tiny application, and very light, but is also stable, meaning i have yet to come across a usability bug, that limits the products functionality.
Last edited by a moderator:
1- no AVs, they suck on 0-days, their sigs always comes too late
2- block elevation of unsigned executable (90% of malware are unsigned and requires elevation)
3- use a default-deny application : SRP, anti-exe, HIPS or Behavior Blocker.
4- Use a sandbox to isolate all internet-facing activities.
2- block elevation of unsigned executable (90% of malware are unsigned and requires elevation)
3- use a default-deny application : SRP, anti-exe, HIPS or Behavior Blocker.
4- Use a sandbox to isolate all internet-facing activities.
- Apr 2, 2018
- 1,792
if you use Shadow Defender , you don't need sandboxie, you need an anti-logger.
Comodo firewall with CS's settings for me is the lightest
Do do notice some slowdown with any AV installed, especially with WD causing high disk usage
Kaspersky free also causes the exact same problem as WD but only once when you open the folder for the first time after boot. The second time, it is cached -> reboot -> cache is cleared
KFA also causes significant lag when I opened an MKV movie. Massive slowdown. Otherwise, it's light and effective
Avast seems to be lighter than KFA in general but it does slowdown boot time and download speed if it's not properly configured
I did noticed some system slowdown with Voodooshield
some slight slowdown with NVT OSA especially with large files but in general, it's light
never tried apguard because it's a paid product
I almost don't notice any slowdown with CF + immunet so far
Do do notice some slowdown with any AV installed, especially with WD causing high disk usage
Kaspersky free also causes the exact same problem as WD but only once when you open the folder for the first time after boot. The second time, it is cached -> reboot -> cache is cleared
KFA also causes significant lag when I opened an MKV movie. Massive slowdown. Otherwise, it's light and effective
Avast seems to be lighter than KFA in general but it does slowdown boot time and download speed if it's not properly configured
I did noticed some system slowdown with Voodooshield
some slight slowdown with NVT OSA especially with large files but in general, it's light
never tried apguard because it's a paid product
I almost don't notice any slowdown with CF + immunet so far
- Dec 23, 2014
- 8,970
Normally, Sandboxie is not required when using Shadow Defender.
But, with Sandboxie paid version, the user may isolate vulnerable applications in the separate custom sandboxes. Such sandboxes can be extremely restricted to kill any other programs (malware, keyloggers, exploits, script sponsors, Internet access etc.).
Another case is installing and updating applications in the Sandbox, located on the partition that is not in the Shadow Mode. That can be useful when Shadow Defender works in Shadow Mode on boot.
- Jul 3, 2015
- 8,153
With Windows 10 FCU+ you do not need additional security software except built-in Windows features: SmartScreen, SRP (default-deny) + some additional Windows policies (hardening), Defender ASR, Exploit Guard for desktop applications, and App Container isolation for applications dealing with vulnerable content (Office and PDF documents downloaded from the Internet, etc.).
Using Exploit Guard for applications is not a rocket science, and in most cases, it takes about 20 minutes per application to configure the right settings (trial and error method).
The final configuration is lighter, safer and much more stable than using third-party AV + Anti-Exploit.
On the cons side, you have to learn and get like default-deny security.
NVT SysHardener is a good compliment to Andy Ful Hard_Configurator and ConfigureDefender, in order to accomplish this.
The result will be lighter than running third-party apps such as OSArmor. That is my experience, anyways.
Among the third-party apps, I find AppGuard and Comodo Firewall to be very light, but I feel impact on the system from OSA and ERP. Every system reacts differently.
- Dec 23, 2014
- 8,970
NVT SysHardener + NVT OSArmor are very useful in the default-allow type security configuration applied by standard AntiVirus. But, the default-deny configuration, based on SRP, is much more restrictive, so most SysHardener & OSArmor features will be not triggered at all.
Anyway, Hard_Configurator + NVT SysHardener + NVT OSArmor can be used together (after adding some exclusions) when the user likes using default-allow configuration for a daily work and default-deny for some unsafe tasks.
Anyway, Hard_Configurator + NVT SysHardener + NVT OSArmor can be used together (after adding some exclusions) when the user likes using default-allow configuration for a daily work and default-deny for some unsafe tasks.
Similar threads
