What is the best 0 day protection?

Maxwell Sien · Jul 30, 2017

A zero-day virus (also known as zero-day malware or next-generation malware) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available.

So, the best Zero Day Protection, you shouldn't solely Rely on your AntiVirus Detection, Add any Default-Deny Protection to compliment your AntiVirus. Example: Comodo (Not Include AV), VoodooShield, ReHIPS, AppGuard, etc..

509322 · Jul 30, 2017

mekelek said:
0 day protection against what exactly?

OP wants to protect against:

1. exploits; and
2. "zero-day malware"

= 0 day protections

He is getting clobbered with (some not very good) combo advice and will be more confused in the end.

The guy only needs 2 softs for this protection.

Andy Ful · Jul 30, 2017

There are many good 'true 0-day' protections (Sandboxing, HIPS, Whitelisting, SRP, Anti-exe), but they are not easy for the average user. Advanced security programs like: Kaspersky, Bitdefender, Emsisoft, Eset, Comodo, can use the above solutions, but that depends on the chosen settings.
The simplest, very strong, and well balanced on usability/security, is Windows SmartScreen Application Reputation (Windows 8+) + frequent system/software updates. SmartScreen does not cover scripts (except: *.bat, *.cmd, *.jse, and *.vbe), so home users should block script execution (Windows Script Host, PowerShell, and others). SmartScreen can check only files downloaded from the Internet, but there are solutions that can bypass this limitation.
Also, using Standard User Account can highly reduce 'true 0-day' infections.
I think that Avast in hardened (aggressive) mode (+blocked scripts) is also a good solution.
HitmanPro Alert and Zemana Anti-Keylogger are directed to fight only very specific 0-day malware files.
Malwarebytes 3.0 (free), is good against new malware/adware samples, but it is not a true 0-day protection.

Sunshine-boy · Jul 30, 2017

Run your tweaked browser into the sandbox and don't download and install every software that you are not sure they are safe(an expert told me the less software you have installed, the more secure you are)
update your software and windows and also use this little tool Hard_Configurator - Windows Hardening Configurator
Prevention IS better than the detection

bribon77 · Jul 30, 2017

Well it may seem like a joke, but in the times we run, the best thing for a 0 days, is to do backup, that does not fail.

HarborFront · Jul 30, 2017

Solarlynx said:
It's difficult to say what is the best, these might be useful:
Comodo's HIPS or Auto-Containment
quihoo 360 HIPS
Kaspersky System Watcher and Application Control
Avast BB (IDK how it's good)
Some staff of Bitdefender, must be pretty robust

Antiexploit: EMET or MBAE (standalone or as Malwarebytes Anti-Malware component)

Antiexec: SRP, AppLocker, VS, ERP, AppSamvid

Their combos can be pretty robust like Comodo FW + MBAE, or VS + MBAE

Why no HMPA? It's much much better than MBAE, VS and EMET in its exploit protection.

HarborFront · Jul 30, 2017

bribon77 said:
Well it may seem like a joke, but in the times we run, the best thing for a 0 days, is to do backup, that does not fail.

Backup is not proactive protection technology. It's a recovery solution after an infection has taken place.

HarborFront · Jul 30, 2017

Andy Ful said:
There are many good 'true 0-day' protections (Sandboxing, HIPS, Whitelisting, SRP, Anti-exe), but they are not easy for the average user. Advanced security programs like: Kaspersky, Bitdefender, Emsisoft, Eset, Comodo, can use the above solutions, but that depends on the chosen settings.
The simplest, very strong, and well balanced on usability/security, is Windows SmartScreen Application Reputation (Windows 8+) + frequent system/software updates. SmartScreen does not cover scripts (except: *.bat, *.cmd, *.jse, and *.vbe), so home users should block script execution (Windows Script Host, PowerShell, and others). SmartScreen can check only files downloaded from the Internet, but there are solutions that can bypass this limitation.
Also, using Standard User Account can highly reduce 'true 0-day' infections.
I think that Avast in hardened (aggressive) mode (+blocked scripts) is also a good solution.
HitmanPro Alert and Zemana Anti-Keylogger are directed to fight only very specific 0-day malware files.
Malwarebytes 3.0 (free), is good against new malware/adware samples, but it is not a true 0-day protection.

I rather use solutions that make decision for me. Whitelisting and anti-exe require user's input decision which can be a weakness in malware infection

Evandro · Jul 30, 2017

public enemy said:
Run your tweaked browser into the sandbox and don't download and install every software that you are not sure they are safe(an expert told me the less software you have installed, the more secure you are)
update your software and windows and also use this little tool Hard_Configurator - Windows Hardening Configurator
Prevention IS better than the detection

Do Not install Hard_Configurator! Because it has a Vírus!!!

Evandro · Jul 30, 2017

SpyShelter Premium!

Sunshine-boy · Jul 30, 2017

Evandro said:
Do Not install Hard_Configurator! Because it has a Vírus!!!

I know that also Yandex detected it when I wanted to download it! but it's a false positive!he is doing this for free it's safe!!when you scan the FARBAR RECOVERY SCAN TOOL or some others tools via virus total you will see they have detection rate! but it means they are dangerous?!nop

Deleted member 178 · Jul 31, 2017

LukeLovesSecurity said:
I'll try out ReHIPS & AppGuard, but why get rid of CF and VS?

not CF and VS, read carefully, i said remove CF or VS because they do the same thing, in fact CF does more than VS.

Andy Ful · Jul 31, 2017

Evandro said:
Do Not install Hard_Configurator! Because it has a Vírus!!!

Hard_Configurator (older version) was once flagged as a virus by Windows Defender. And, this fact was noticed and explained on Hard_Configurator thread:
Hard_Configurator - Windows Hardening Configurator
So, from that time, every new version is submitted first to Microsoft before publishing.
The Yandex and Norton Safe Web flagged the Hard_Configurator GitHub webpage as not safe, because of the above Microsoft false positive.

Edit.
It seems that Yandex does not flagged Hard_Configurator webpage as unsafe, but only program installers (riskware.HideExec!). This false positive is not related to Hard_Configurator executables, but to NirSoft utility: nircmd.exe . It is included in Hard_Configurator installer as an external utility.

Evjl's Rain · Jul 31, 2017

Andy Ful said:
SmartScreen can check only files downloaded from the Internet, but there are solutions that can bypass this limitation.

hi, could you please tell me how to bypass this limitation? I know there is a way that I can use your tool to do "Run as smartscreen" using right-click context menu, if I'm not mistaken
is there any other way to enforce SS lookup for multiple files or without having to right click and manually scan every single file?
thank you

I would like to add that SS doesn't scan files downloaded from download accelerators, too (IDM, eagleget). Also zip/rar files downloaded but the extracted files won't be scanned

Andy Ful · Jul 31, 2017

Evjl's Rain said:
hi, could you please tell me how to bypass this limitation? I know there is a way that I can use your tool to do "Run as smartscreen" using right-click context menu, if I'm not mistaken
is there any other way to enforce SS lookup for multiple files or without having to right click and manually scan every single file?
thank you

I would like to add that SS doesn't scan files downloaded from download accelerators, too (IDM, eagleget). Also zip/rar files downloaded but the extracted files won't be scanned

There are many ways which cause SS to ignore executables:
A) You have got the executable file (supported by SmartScreen : BAT, CMD, COM, CPL, DLL, EXE, JSE, MSI, OCX, PIF, SCR and VBE) using:

the downloader or torrent application (EagleGet, utorrent etc.);
container format file (zip, 7z, arj, rar, etc.);
CD/DVD/Blue-ray disc;
CD/DVD/Blue-ray disc image (iso, bin, etc.);
non NTFS USB storage device (FAT32 pendrive, FAT32 usb disk);
Memory Card;

B) You have run the executable file with runas.exe (Microsoft), AdvancedRun (Nirsoft), RunAsSystem.exe (AprelTech.com), etc.

I do not know a software, that could use SS to check all supported files in the folder. I could recode RunAs SmartScreen or RunBySmartScreen to do this, but I do not want to get nervous Microsoft guys. Such option could highly increase the traffic to Microsoft servers.
I used Windows Defender + RunBySmartScreen to check malware samples. Usually most samples are removed from the folder by Windows Defender. Only a few samples are left to be checked by SmartScreen.
In the new Hard_Configurator beta version, one can use a special profile (TestingSmartscreen.hdc) to check files with SS, without executing the samples.

The simplest way to force SS check of all supported files, is uploading them to OneDrive (but not compressed). When, one will download them to the hard disk again, SmartScreen will treat them as downloaded from the Internet.

Evjl's Rain · Aug 3, 2017

Andy Ful said:
EagleGet

yes, I know this is in theory but in fact, when I tried to download something .exe and other extensions using eagleget, I also changed the user agent, default and chrome/firefox, but after the downloads finished, files didn't have "Unblock" button => wouldn't be scanned by smartscreen
I may try with another download manager then

EDIT: free download manager also didn't show unblock for downloaded files

Andy Ful · Aug 5, 2017

Evandro said:
Do Not install Hard_Configurator! Because it has a Vírus!!!

Thanks. I sent an email to Emsisoft, and now all Hard_Configurator files are Trusted:
What is this exe file? Is this file safe? Check here

212eta · Aug 5, 2017

From the ones you listed,

I vote for Hitmanpro Alert.

Then, Zemana.

legendcampos · Aug 5, 2017

In my opinion is the ability of the software to alert the user and block in multiple layers. (Antívirus + Hips/UAC + SmartScreen + Firewall)
A free Avast example in the maximum settings:
1-When downloading a file, it alerts you that it is an old or very new file
2-Download so even when you clicking 2x the hardened mode that will block
3-still insist on opening the file, will enter the cybercapture that still verifies if file is reliable because when passing as reliable may end up infecting or not, nowadays many viruses/pups have been passed by "reliable"

Finally, there are many configurations with combos like VoodooShield + Avast + cf.... this really depends on your paranoia against viruses... The is antivirus own user's, use good sense in navigation.

Behold Eck · Aug 5, 2017

Comodo firewall (tweeked) or Voodoo Shield but there`s lots of other good suggestions mentioned here as well.

Or just wait 24 hrs before trying to infect your system then no more zero day problems.

Regards Eck

What is the best 0 day protection?

What is the best 0 day protection?

Hitmanpro Alert

Malwarebytes 3.0

Zemana Anti-Keylogger

Other (Specify)

Level 2

509322

From Hard_Configurator Tools

Level 28

Level 35

Level 71

Level 71

Level 71

Level 3

Level 3

Level 28

Deleted member 178

From Hard_Configurator Tools

Level 47

From Hard_Configurator Tools

Level 47

From Hard_Configurator Tools

Level 9

Level 6

Level 15

Similar threads