Windows Defender Shill Config

Windows Defender Shill · Apr 30, 2017

Ever since the Windows 10 Fall Creators update my machine has been using more recourses. So Webroot, (which I've always liked) became an appealing AV choice to lower my resource usage.

Nightwalker · Apr 30, 2017

I really like your setup, I am trying something similar for a while and it has been a good experience.

Deleted member 178 · Apr 30, 2017

Simplicity is efficiency.

Nightwalker · Apr 30, 2017

Umbra said:
Simplicity is efficiency.

I was sure that you would like this setup

Deleted member 178 · Apr 30, 2017

The only "weak point" on this config is its exposure to fileless malwares (those using memory vectors), but the chance a safe habit's user will encounter those are more than minimal.

shmu26 · May 1, 2017

Good concept.
To round out your native Windows security config, you could use a standard users account (maybe you already do), and use Windows Hard_Configurator to disable Windows script host, Powershell, and anything else that catches your fancy.

frogboy · May 1, 2017

Looks good to me, nothing to add here.

Thanks for sharing with us here at MT.

brod56 · May 1, 2017

You are perfectly fine. Make sure to upload unknown files to VT since you have no anti-exe.
Thanks for sharing

Ink · May 1, 2017

How do you store your login credentials and do you use 2-Factor Authentication for Web accounts?

We have 2FA for your MalwareTips account.

Deletedmessiah · May 1, 2017

Great config. Thanks for sharing. What software you use to make system backups?

Windows Defender Shill · May 1, 2017

brod56 said:
You are perfectly fine. Make sure to upload unknown files to VT since you have no anti-exe.
Thanks for sharing

I like to think the allow from Windows store only option in app settings is effectively an anti exe.

But when i need a file from the internet, I always check it against VT

Deletedmessiah said:
Great config. Thanks for sharing. What software you use to make system backups?

just windows restore points.

frogboy · May 1, 2017

I would like to suggest creating system images with either Macrium Reflect or Aomei Backupper both have a free and reliable version.

Windows Defender Shill · May 1, 2017

Spawn said:
How do you store your login credentials and do you use 2-Factor Authentication for Web accounts?

We have 2FA for your MalwareTips account.

I store login credentials in a real life notepad.

frogboy said:
I would like to suggest creating system images with either Macrium Reflect or Aomei Backupper both have a free and reliable version.

ok thanks

Umbra said:
The only "weak point" on this config is its exposure to fileless malwares (those using memory vectors), but the chance a safe habit's user will encounter those are more than minimal.

"File-less malware attacks evade detection by avoiding the drop of malicious files in favor of methods such as storing information in system memory, leveraging PowerShell or Windows registry, or using malicious macros."

Is there any simple solution to prevent those?

Deleted member 178 · May 1, 2017

Windows Defender Shill said:
Is there any simple solution to prevent those?

Yes,

- using Software Restriction Policy applications (Appguard, Hard Configurator, etc...), they will not block the attack but will stop the dropped files.
- using memory protection softwares (MemProtect, etc...)
- using HIPS/BB

if you really afraid of this kind of attacks, based on your config, SRP is your best bait.

Ink · May 1, 2017

Windows Defender Shill said:
just windows restore points.

System Restore points are not Backups. It cannot be used to restore lost data or damage by malware, only system changes.

Rengar · May 1, 2017

Add HTTPS Everywhere to Chrome.
ZAM to on demand
Nice setup

Spawn said:
System Restore points are not Backups. It cannot be used to restore lost data or damage by malware, only system changes.

If you get damaged by malware you can use safe mode to restore your system. If safe mode isnt working then you are scr**ed...

Ink · May 1, 2017

LanDude said:
If you get damaged by malware you can use safe mode to restore your system. If safe mode isnt working then you are scr**ed...

In malware removal I have seen the helpers suggest to the user to delete all system restore points before proceeding with removal. Restore Points may also fail when they conflict with 3rd party software. So it's not a real solution for a backup.

brod56 · May 1, 2017

Windows Defender Shill said:
I like to think the allow from Windows store only option in app settings is effectively an anti exe.

But when i need a file from the internet, I always check it against VT

Kind of. Remember many ransomware comes from js files or office macros and Windows blocking mode won't protect you from those.
Anyways if you check every unknown file with VT you will probably never get infected.

JM Safe · May 1, 2017

Good config.

It is really simple but efficient, just follow the important suggestions about the backups and add HTTPS Everywhere.

Thanks for sharing.

Exterminator · May 2, 2017

Windows Defender Shill said:
just windows restore points.

I would suggest some type of system backup solution.
Nice config! Thanks for sharing it with us

Search

Windows Defender Shill Config

Windows Defender Shill

Level 7

Nightwalker

Level 24

Deleted member 178

Nightwalker

Level 24

Deleted member 178

shmu26

Level 85

frogboy

In memoriam 1961-2018

brod56

Level 15

Ink

Administrator

Deletedmessiah

Level 25

Windows Defender Shill

Level 7

frogboy

In memoriam 1961-2018

Windows Defender Shill

Level 7

Deleted member 178

Ink

Administrator

Rengar

Level 17

Ink

Administrator

brod56

Level 15

JM Safe

Level 39

Exterminator

Level 85

Similar threads