Windows Defender Shill Config

Status
Not open for further replies.
Good concept.
To round out your native Windows security config, you could use a standard users account (maybe you already do), and use Windows Hard_Configurator to disable Windows script host, Powershell, and anything else that catches your fancy.
 
  • Like
Reactions: Rengar and Deletedmessiah
How do you store your login credentials and do you use 2-Factor Authentication for Web accounts?

We have 2FA for your MalwareTips account.
 
  • Like
Reactions: JM Safe
Great config. Thanks for sharing. What software you use to make system backups?
 
  • Like
Reactions: frogboy
brod56 said:
You are perfectly fine. Make sure to upload unknown files to VT since you have no anti-exe.
Thanks for sharing :)
Click to expand...
I like to think the allow from Windows store only option in app settings is effectively an anti exe.

But when i need a file from the internet, I always check it against VT

Deletedmessiah said:
Great config. Thanks for sharing. What software you use to make system backups?
Click to expand...
just windows restore points.
 
Last edited by a moderator:
  • Like
Reactions: Rengar and frogboy
Spawn said:
How do you store your login credentials and do you use 2-Factor Authentication for Web accounts?

We have 2FA for your MalwareTips account.
Click to expand...
I store login credentials in a real life notepad.

frogboy said:
I would like to suggest creating system images with either Macrium Reflect or Aomei Backupper both have a free and reliable version. :)
Click to expand...
ok thanks

Umbra said:
The only "weak point" on this config is its exposure to fileless malwares (those using memory vectors), but the chance a safe habit's user will encounter those are more than minimal.
Click to expand...
"File-less malware attacks evade detection by avoiding the drop of malicious files in favor of methods such as storing information in system memory, leveraging PowerShell or Windows registry, or using malicious macros."

Is there any simple solution to prevent those?
 
Last edited by a moderator:
  • Like
Reactions: Sunshine-boy, Rengar and frogboy
Windows Defender Shill said:
Is there any simple solution to prevent those?
Click to expand...
Yes,

- using Software Restriction Policy applications (Appguard, Hard Configurator, etc...), they will not block the attack but will stop the dropped files.
- using memory protection softwares (MemProtect, etc...)
- using HIPS/BB

if you really afraid of this kind of attacks, based on your config, SRP is your best bait.
 
  • Like
Reactions: Sunshine-boy, Windows Defender Shill and Rengar
Add HTTPS Everywhere to Chrome.
ZAM to on demand
Nice setup :)

Spawn said:
System Restore points are not Backups. It cannot be used to restore lost data or damage by malware, only system changes.
Click to expand...
If you get damaged by malware you can use safe mode to restore your system. If safe mode isnt working then you are scr**ed...:D
 
Last edited by a moderator:
  • Like
Reactions: frogboy
LanDude said:
If you get damaged by malware you can use safe mode to restore your system. If safe mode isnt working then you are scr**ed...:D
Click to expand...
In malware removal I have seen the helpers suggest to the user to delete all system restore points before proceeding with removal. Restore Points may also fail when they conflict with 3rd party software. So it's not a real solution for a backup.
 
  • Like
Reactions: Handsome Recluse, frogboy, Rengar and 1 other person
Windows Defender Shill said:
I like to think the allow from Windows store only option in app settings is effectively an anti exe.

But when i need a file from the internet, I always check it against VT
Click to expand...

Kind of. Remember many ransomware comes from js files or office macros and Windows blocking mode won't protect you from those.
Anyways if you check every unknown file with VT you will probably never get infected.
 
  • Like
Reactions: Handsome Recluse and Rengar
Status
Not open for further replies.

You may also like...