HarborFront

Level 52
Verified
Content Creator
Still contemplating

HitmanPro Alert
Malwarebytes
MBAE
BlackFog Privacy
Adguard

Using FF with enhanced security/privacy flag settings and privacy extensions. And using O&O ShutUp 10 for better Windows privacy. Also, using VPN always-on

The reason being KIS 2020 already a very solid product.

Ads/trackers, scam/fraudulent/malicious sites, PUPs, crypto, ransomware, virus/malware, exploits, whitelisting, financial, firewall and HIPS etc basically handled by it and my FF browser.

Also, thinking of either using Hard Configurator or SysHardener with software to debloat Windows 10 and remove unused default Win apps

I need something to counter other software phoning home

VB and TOR are next on the line

Any suggestions?
 
Last edited:

HarborFront

Level 52
Verified
Content Creator
Depends on your threat mode honestly, are you most worried about financial malware? Nervous about nation state attackers? Privacy concerns? All of the above? First do you have group policy? Have you just done a clean install?
Mine is a new laptop which I just bought. I'm using Windows 10 Home so not possible to access gpedit.

For privacy so far I have turned off those privacy settings and added O&O ShutUp 10. The next stage will likely to debloat those useless software and remove those default unused ones that come with Windows 10 eg Cortana, OneDrive etc. I think enough is enough on Windows 10 privacy.
 
Last edited:

HarborFront

Level 52
Verified
Content Creator
Does the use of MBAE alone complements Windows Exploit Guard or not useful at all? I know KIS also has anti-exploit protection but not sure whether it duplicates and/or complements the Exploit Guard. BTW, installation of KIS did not disable the Exploit Guard in Windows 10 unlike disabling of Windows Defender and Windows Firewall.

So what is the best combo of the 3 exploit protection below to avoid conflicts?

KIS + MBAE (disable Exploit Guard)
Exploit Guard + MBAE (disable KIS exploit protection)
KIS + Exploit Guard (not using MBAE)
KIS + Exploit Guard + MBAE

I don't want to buy HMPA just for its superior exploit protection
 
Last edited:

oldschool

Level 52
Verified
You cannot use Exploit Guard with custom settings, i.e. adding browsers, office programs, etc. and MBAE together because they will conflict. I can say this because I asked @Umbra about a similar setup I was considering. The same goes for EG + HMPA. Using multiple anti-exploit apps will mean each app is injecting into the processes of "protected" programs and who knows what problems might occur then (which you wouldn't necessarily be aware of).

You can use M$'s default EG settings with any of those programs, including KIS. Most of the options you are considering are definite overkill. Mayber others more knowledgeable than I will offer different opinions. IDK @harlan is the Kaspersy expert so you would be wise to ask him.
 

HarborFront

Level 52
Verified
Content Creator
You cannot use Exploit Guard with custom settings, i.e. adding browsers, office programs, etc. and MBAE together because they will conflict. I can say this because I asked @Umbra about a similar setup I was considering. The same goes for EG + HMPA. Using multiple anti-exploit apps will mean each app is injecting into the processes of "protected" programs and who knows what problems might occur then (which you wouldn't necessarily be aware of).

You can use M$'s default EG settings with any of those programs, including KIS. Most of the options you are considering are definite overkill. Mayber others more knowledgeable than I will offer different opinions. IDK @harlan is the Kaspersy expert so you would be wise to ask him.
Ok good advise. So that leaves

Malwarebytes
BlackFog Privacy
Adguard

to consider. By eliminating duplicate features what can they give extensively to complement KIS?
 
Last edited:
Mine is a new laptop which I just bought. I'm using Windows 10 Home so not possible to access gpedit.

For privacy so far I have turned off those privacy settings and added O&O ShutUp 10. The next stage will likely to debloat those useless software and remove those default unused ones that come with Windows 10 eg Cortana, OneDrive etc. I think enough is enough on Windows 10 privacy.
Debotnet, WPD, & WindowsSpyBlocker to block privacy invasive features of Windows and block telemetry servers, Hard Configurator you should use too. Block LOLbins through the firewall module in HC using paranoid settings (sorry KIS does not import WF settings/rules), also block extensions using paranoid mode. I would add a 3rd party firewall that has pop up notifications. Sphinx, Windows Firewall Control, TinyWall but your using KIS so you don't need one. There is more but I'm towards the extreme end of the spectrum, I should probably write a guide for the ultra paranoid.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Personally in my main system currently using KIS/KTS 2021 strong tweaks + AdGuard Dekstop (Kaspersky Anti-Banner + Private Browsing disabled) on real-time, plus some on demand Second Opinion Scanners (MalWareBytes Free + AdwCleaner, WiseVector StopX with resident protections off).

If You don't want to tweak KIS/KTS, then You may go to NVT SysHardener (Defaults or adding some strong tweaks)...
 

shmu26

Level 85
Verified
Trusted
Content Creator
Agreeing with @harlan4096, your best complement to KIS is system hardening. You could also leverage Hard_Configurator for that. You don't need to put it at the high, default-deny settings. The lenient configs provide important system hardening without the headache of default-deny SRP.
 

HarborFront

Level 52
Verified
Content Creator
Hmmmm........just found out that Group Policy Editor can be installed on Windows 10 Home from below. Anyone tried? Which is the best method to ensure it works 100%?



 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
Hmmmm........just found out that Group Policy Editor can be installed on Windows 10 Home from below. Anyone tried? Which is the best method to ensure it works 100%?



From what I remember, it does not behave quite the same as real GPO, and you might be fooled into thinking that the policies you configured are being applied, when in truth they are not.
 

SeriousHoax

Level 27
Verified
Malware Tester
About phoning home, "C:\windows\immersivecontrolpanel\systemsettings.exe" and "C:\windows\system32\speech_onecore\common\speechruntime.exe" do this every time the Settings app is opened so I disabled internet access for this two in my Firewall.
Btw, if you add WindowsSpyBlocker Hosts or any hosts to your system Host file then it would be detected by Kaspersky as "Trojan.Win32.Hosts2.Gen". I absolutely hate this and the only way to counter this is to add the Host file in exception list.
 
Top