What is the best 0 day protection?

[LukeLovesSecurity]

My current setup is made to handel 0 day threats. However, I made this setup in 2016 and it seems a lot has changed then. Watching youtube videos, it seems HMPA and Malwarebytes are not as good as they used to be. So what is the best 0 day protection? Not just for ransomware, but for all forms of malware.

Note I am not interested in signatures.

 

[AlanOstaszewski]

You ask for the best zero-day protection... hmmm... I would go with an Anti-Virus that contains more than 10 engines or work with VirusTotal.

I would pick:
VoodooShield or SecureAPlus (I heared about SAP that this AV is really slow; They work with signatures, sorry :C)
Comodo Firewall (use the settings, you provided in your setup topic)

On-demand:
Zemana AntiMalware Portable

Use your browser extensions that you provided in the setup topic

 

[bribon77]

For my virtualization and antiexe.

 

[LahiruRajinda]

Comodo Firewall

 

[Hector1]

Comodo firewall is very good, but in general virtualization and anti exe are very good against 0 day malware.

 

[Durden]

If you want something that some say is impenetrable .. I cannot think of anything other than Comodo firewall using cruelsister's settings ..you won't need anything else really . and it's extremely light.
Video Review - Comodo Firewall 8 2 0 4508 Setup and Test Part 2

Just remember to turn off windows firewall, as comodo won't do that automatically .

 

[enaph]

CIS/CF or VS and some on demand scanner of choice.

 

[AtlBo]

Comodo Firewall and AppCheck Anti-Ransomware. AppCheck for me is in case I mistakenly run malware out of Comodo containment that I should not run or in case someone comes up with a bypass of Comodo. It's extremely light and being updated regularly.

 

[TairikuOkami]

All anti-exploit software is no different from AVs, they are sort of like signature based, they are focused on a specific area, instead of the whole system. Black-listing has proven, it does not work, white-listing is the way to go. Sandbox with HIPS will stop anything, Comodo Firewall has got both for free.

 

[HarborFront]

Comodo Firewall and AppCheck Anti-Ransomware. AppCheck for me is in case I mistakenly run malware out of Comodo containment that I should not run or in case someone comes up with a bypass of Comodo. It's extremely light and being updated regularly.

But AppCheck is more for ransomware rather than normal malware. If your concern is the latter than you need an AV/AM + AppCheck.

 

[509322]

There is zero-day exploits and then there is "zero-day malware." "Zero-day malware" is a misnomer, but I am not going to get into it here. Two completely different security issues requiring two completely different protection models\strategies.

The OP uses the phrase "best 0-day protection." It appears that he means both mitigation of exploits and the stopping of "zero-day" malware.

Educate the OP properly. Some of the recommendations given in this thread are just plain bad advice.

 

[HarborFront]

There is zero-day exploits and then there is "zero-day malware." "Zero-day malware" is a misnomer, but I am not going to get into it here. Two completely different security issues requiring two completely different protection models\strategies.

The OP uses the phrase "best 0-day protection." It appears that he means both mitigation of exploits and the stopping of "zero-day" malware.

Educate the OP properly. Some of the recommendations given in this thread are just plain bad advice.

Then CF + HMPA + VS should do the job for zero-day protection or should

ReHIPS + AppGuard be the recommendation?

 

[Deleted member 178]

A sandbox and an anti-exe is the way to go.

Then CF + HMPA + VS should do the job for zero-day protection or should

remove CF or VS

ReHIPS + AppGuard be the recommendation?

My actual base combo, i found nothing more solid at the moment.

 

[509322]

Then CF + HMPA + VS should do the job for zero-day protection or should

ReHIPS + AppGuard be the recommendation?

Based upon what the OP asked and how they asked it, they would be best served by an anti-exploit combined with something that blocks everything newly introduced to the system by default. They can achieve this by any of a number of soft combos with the correct settings.

 

[LukeLovesSecurity]

There is zero-day exploits and then there is "zero-day malware." "Zero-day malware" is a misnomer, but I am not going to get into it here. Two completely different security issues requiring two completely different protection models\strategies.

The OP uses the phrase "best 0-day protection." It appears that he means both mitigation of exploits and the stopping of "zero-day" malware.

Educate the OP properly. Some of the recommendations given in this thread are just plain bad advice.

I am talking about both malware and exploits.

 

[LukeLovesSecurity]

A sandbox and an anti-exe is the way to go.


remove CF or VS


My actual base combo, i found nothing more solid at the moment.

I'll try out ReHIPS & AppGuard, but why get rid of CF and VS?

 

[509322]

I am talking about both malware and exploits.

If you want to protect against application exploits using a security soft, then you need to employ an anti-exploit soft. For the "zero-day malware" end you can use any of a number of solutions.

You can just as easily get very effective anti-exploit protection by not using commonly exploited programs; use alternatives and keep all softs and OS up to date.

You do not need to overdo the combination of security softs to get solid protection. To block exploits themselves you need to use an anti-exploit soft that uses mitigations whereas for the "zero-day malware" you can use something that blocks by default, virtualization, antivirus, HIPS, or any wise combo.

You have to figure out what works best for you.

 

[TairikuOkami]

Exploits do not really work without malware being involved afterwards, even though stopping the malware would be considered a second layer of defense.

 

[Solarlynx]

It's difficult to say what is the best, these might be useful:
Comodo's HIPS or Auto-Containment
quihoo 360 HIPS
Kaspersky System Watcher and Application Control
Avast BB (IDK how it's good)
Some staff of Bitdefender, must be pretty robust

Antiexploit: EMET or MBAE (standalone or as MBAM component)

Antiexec: SRP, AppLocker, VS, ERP, AppSamvid

Their combos can be pretty robust like Comodo FW + MBAE, or VS + MBAE

 

[mekelek]

0 day protection against what exactly? you need to be more specific.
also Malwarebytes shouldn't be in any of these polls tbh.