Advanced Plus Security YARR Security Config 2019

[yarr]

I've had a lot of trouble lately with Windows PCs acting funky or not working at all so I'm trying my best to make sure I'm more safe this time around. I'm definitely open to suggestions or trying new software. I've got licenses for a few things not on here like hmp.a, eset smart security, emsisoft antimalware and sandboxie ect. Looking forward to your input on how I could internet more safely

 

[yarr]

Added Macrium Reflect
Added Mega Cloud

 

[harlan4096]

@yarr:

It seems execesive/overkill all those security applications running: Huorong IS5 beta, appguard, osarmor

 

[Deckard]

I've had a lot of trouble lately with Windows PCs acting funky or not working at all so I'm trying my best to make sure I'm more safe this time around. I'm definitely open to suggestions or trying new software. I've got licenses for a few things not on here like hmp.a, eset smart security and sandboxie ect. Looking forward to your input on how I could internet more safely

Hi,
The first thing is to try to identify the problem. The origin of the problem.
Are you sure your problem was not from the hardware?

I don't know Huorong IS5 but if you jump on beta security tools, especially for such a complete program (AV, firewall, HIPS), you can expect possibly/probably new problems.

The more you accumulate security softwares, the more you accumulate difficulties and possibly the redundancies.

 

[yarr]

Removed Huorong IS5 beta

 

[yarr]

Hi,
The first thing is to try to identify the problem. The origin of the problem.
Are you sure your problem was not from the hardware?

I don't know Huorong IS5 but if you jump on beta security tools, especially for such a complete program (AV, firewall, HIPS), you can expect possibly/probably new problems.

The more you accumulate security softwares, the more you accumulate difficulties and possibly the redundancies.

I definitely think the problem ended up being hardware related. Thanks I removed the beta software. Also, HIPS is definitely my biggest concern at the moment

 

[shmu26]

Looking at your config, I didn't see an AV mentioned. Are you using Windows Defender? If so, please mention it.
By the way, Harlan's comment above (post 3) might still be relevant. You have three programs (Appguard, OSA, Syshardener) with significant overlap.
If you are trying to achieve a paranoid setup with an expert configuration, something like Umbra would do, then I can understand where you are coming from, but that requires expert knowledge of both your OS and the security programs themselves.

 

[yarr]

Yeah windows defender, sorry I thought that and smartscreen are kind of the same thing. OSArmor has really minimal settings applied because appguard covers a lot of my worries but it's also very new to me so I mostly use OSArmor for things I'm not sure of because I find appguards configuration confusing. I like that osarmor has lots of YouTube videos for that. If they interfere with one another then I'll just have to pick one. Which would you say have the most significant overlap? Recent events have made me a bit paranoid tbh and I just want to feel safe again. I appreciate the input, these forums have been a significant help so far

 

[shmu26]

I find appguards configuration confusing

You are not the only one. You are with the 99%.
I cannot recommend Appguard -- even though I have done beta testing for them in the past, and I know the program pretty well -- because you need inside information in order to configure it properly. Otherwise, you can easily shoot yourself in the foot.

OSA is much better. If you want a paranoid setup, just enable all advanced settings, and make exceptions when you get prompts. You might need to use wildcards in your exceptions.

And use @Andy Ful's ConfigureDefender tool to tweak Windows Defender. There are some powerful settings in there, you just need to activate them.

I am not pushing this third suggestion, but maybe you want to look into @Andy Ful's complete configuring tool, called Hard_Configurator. It is very powerful. But it is not install-and-forget. It will give you a very effective default/deny setup, similar in many ways to Appguard. Both use Software Restriction Policy. Appguard is third-party, and H_C uses the built-in Windows SRP.

 

[yarr]

He has actually been helping me with my current predicament quite a bit. Also, hard_configurator and appguard were the only things I could use to regain any significant amount of control of my system. OSArmor was acting if it was just an empty exe running in the background. That wasnt the only security app that acted this way either. I felt like I was thrown in the deep end, so this has been learning experience to say the least! Maybe I should give it another go because he really does seem to know what he's talking about, huh?

 

[shmu26]

He has actually been helping me with my current predicament quite a bit. Also, hard_configurator and appguard were the only things I could use to regain any significant amount of control of my system. OSArmor was acting if it was just an empty exe running in the background. That wasnt the only security app that acted this way either. I felt like I was thrown in the deep end, so this has been learning experience to say the least! Maybe I should give it another go because he really does seem to know what he's talking about, huh?

Andy knows what he is talking about, for sure.
Regarding Smartscreen and Windows Defender: WD works best in conjunction with Smartscreen, but they are really two different things. Smartscreen works no matter what AV you have, and it works even if you have no AV at all.
Hard_Configurator enhances Smartscreen and makes it even smarter.

OSArmor was acting if it was just an empty exe running in the background. That wasnt the only security app that acted this way either.

When the system is already infected, that's a different situation. OSA and many other security apps are built to prevent infection, rather than diagnose and remove infection.

 

[yarr]

So if I run OSArmor with your suggested settings I should be able to drop the other apps? At least until I have a better understanding of Hard_Configurator? I like the idea of using windows defender and optimizing the utilities windows has already provided us.

 

[shmu26]

So if I run OSArmor with your suggested settings I should be able to drop the other apps? At least until I have a better understanding of Hard_Configurator? I like the idea of using windows defender and optimizing the utilities windows has already provided us.

OSA makes syshardener unnecessary. Besides that, syshardener settings can be tricky to undo, sometimes.

However, OSA is still not a full default/deny, even if you flip all the protections on. So I can't say it covers everything. The main weakness it leaves is malware with a valid digital signature. It's relatively rare to encounter this on a home system, but it does exist. You can protect against even this on OSA by making custom rules, but it's not so simple.

 

[yarr]

I use default syshardener config currently so hopefully I won't run into any major issues removing it. I wonder why NoVirusThanks doesn't have a support forum for that type of thing.

I noticed two things from your config I found interesting. Using a standard account is something I never considered, with a config l I'll le that do you have to set up your apps on the hidden administrator account? What added protection does this add? Second thing I noticed was you use Bouncer. I just learned about that a couple days ago when trying to find excubits mzwritescan demo, it really seems like a cool app. Oh and malware with valid signatures is something I'm currently concerned about because I haven't been able to make much sense of what happened to my network. Bottom line for me is that malware sucks and I'm going to be a scaredy cat for a little while longer! Haha

 

[shmu26]

I use default syshardener config currently so hopefully I won't run into any major issues removing it. I wonder why NoVirusThanks doesn't have a support forum for that type of thing.

I noticed two things from your config I found interesting. Using a standard account is something I never considered, with a config l I'll le that do you have to set up your apps on the hidden administrator account? What added protection does this add? Second thing I noticed was you use Bouncer. I just learned about that a couple days ago when trying to find excubits mzwritescan demo, it really seems like a cool app. Oh and malware with valid signatures is something I'm currently concerned about because I haven't been able to make much sense of what happened to my network. Bottom line for me is that malware sucks and I'm going to be a scaredy cat for a little while longer! Haha

Standard user account stops most malware from running. It makes it pretty hard for malware to get elevated privileges, which it usually needs. And it is the natural complement to Hard_Configurator. You can ask Andy about that.

I am too lazy most of the time to switch to the Admin account, so I do most installations etc by punching in the Admin password at the UAC prompt. There are cases where this won't work quite right, and it is not the ultimate secure way of doing things, but laziness is a fact of life.

I don't really need Bouncer but I enjoy that kind of a thing as it satisfies the paranoid in me. It is difficult and frustrating to learn how to use Bouncer right. Stay away from Excubits products unless you are willing to put in the effort it takes.

 

[yarr]

Thanks for everything today! I've got a small surgery tomorrow so I've got to get to bed. I'll update the thread after I run through the apps once more.

I've got one last question though if you don't mind. When using a standard account do you disable the main admin account so its inactive after changing your main account to standard or does that not matter? I'm guessing you add a password to it during that time too. (I tried wording this paragraph in a less confusing way but failed each time lol)

 

[shmu26]

Thanks for everything today! I've got a small surgery tomorrow so I've got to get to bed. I'll update the thread after I run through the apps once more.

I've got one last question though if you don't mind. When using a standard account do you disable the main admin account so its inactive after changing your main account to standard or does that not matter? I'm guessing you add a password to it during that time too. (I tried wording this paragraph in a less confusing way but failed each time lol)

I leave my admin account running in the background when I switch to standard account (SUA), if that's what you mean. It doesn't hurt to leave it running in the background and makes it easier to switch back and forth.

 

[Nevi]

As several has posted I think you are using too much protection. One good antivirus and Appguard should keep you safe. Maybe with HMP or EEK as on demand scanner (one or both). A standard account would be a good move too.
Good luck with your little procedure.

 

[shmu26]

Good luck with your little procedure.

+1

 

[LDogg]

My advice:

• With the Overkill you could easily get rid of OSA/Appguard and use Windows Defender with Configure Defender and Syshardener, whilst adding something like Tinywall/MWFC to compliment WF or an Antivirus firewall such as Comodo Firewall.
• Have sensible browsing habits and teach yourself to look out for phishing attempts via sites and email, plenty of articles about and videos to help you with this
• I know it's easy to get paranoid when dealing with an infection, but this actually makes your computer even more of a target, remember with a security config, sometimes less is more
• Add ZAM Free 3.0

I hope you can 100% get passed your infection for your computer, I know how annoying this can be! MWT's forums are a kind place to get help and hopefully resolve your issue(s).

~LDogg