Advanced Plus Security YARR Security Config 2019

Last updated
Mar 26, 2019
Windows Edition
Home
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Windows Defender, appguard, shadow defender
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
EEK, HitmanPro, zam
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome
Maintenance tools
Default windows utilities
File and Photo backup
Mega Cloud
System recovery
Macrium Reflect
Risk factors
    • Gaming
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
Computer specs
i7-9700k
RTX 2080
DDR4 3200 16GB
SATA+Optane

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
I've had a lot of trouble lately with Windows PCs acting funky or not working at all so I'm trying my best to make sure I'm more safe this time around. I'm definitely open to suggestions or trying new software. I've got licenses for a few things not on here like hmp.a, eset smart security, emsisoft antimalware and sandboxie ect. Looking forward to your input on how I could internet more safely
 
Last edited:
  • Like
Reactions: Jack

Deckard

Level 1
Verified
Feb 20, 2019
41
I've had a lot of trouble lately with Windows PCs acting funky or not working at all so I'm trying my best to make sure I'm more safe this time around. I'm definitely open to suggestions or trying new software. I've got licenses for a few things not on here like hmp.a, eset smart security and sandboxie ect. Looking forward to your input on how I could internet more safely
Hi,
The first thing is to try to identify the problem. The origin of the problem.
Are you sure your problem was not from the hardware?

I don't know Huorong IS5 but if you jump on beta security tools, especially for such a complete program (AV, firewall, HIPS), you can expect possibly/probably new problems.

The more you accumulate security softwares, the more you accumulate difficulties and possibly the redundancies.
 

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
Hi,
The first thing is to try to identify the problem. The origin of the problem.
Are you sure your problem was not from the hardware?

I don't know Huorong IS5 but if you jump on beta security tools, especially for such a complete program (AV, firewall, HIPS), you can expect possibly/probably new problems.

The more you accumulate security softwares, the more you accumulate difficulties and possibly the redundancies.
I definitely think the problem ended up being hardware related. Thanks I removed the beta software. Also, HIPS is definitely my biggest concern at the moment
 
  • Like
Reactions: harlan4096

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Looking at your config, I didn't see an AV mentioned. Are you using Windows Defender? If so, please mention it.
By the way, Harlan's comment above (post 3) might still be relevant. You have three programs (Appguard, OSA, Syshardener) with significant overlap.
If you are trying to achieve a paranoid setup with an expert configuration, something like Umbra would do, then I can understand where you are coming from, but that requires expert knowledge of both your OS and the security programs themselves.
 

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
Yeah windows defender, sorry I thought that and smartscreen are kind of the same thing. OSArmor has really minimal settings applied because appguard covers a lot of my worries but it's also very new to me so I mostly use OSArmor for things I'm not sure of because I find appguards configuration confusing. I like that osarmor has lots of YouTube videos for that. If they interfere with one another then I'll just have to pick one. Which would you say have the most significant overlap? Recent events have made me a bit paranoid tbh and I just want to feel safe again. I appreciate the input, these forums have been a significant help so far
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I find appguards configuration confusing
You are not the only one. You are with the 99%. :)
I cannot recommend Appguard -- even though I have done beta testing for them in the past, and I know the program pretty well -- because you need inside information in order to configure it properly. Otherwise, you can easily shoot yourself in the foot.

OSA is much better. If you want a paranoid setup, just enable all advanced settings, and make exceptions when you get prompts. You might need to use wildcards in your exceptions.

And use @Andy Ful's ConfigureDefender tool to tweak Windows Defender. There are some powerful settings in there, you just need to activate them.

I am not pushing this third suggestion, but maybe you want to look into @Andy Ful's complete configuring tool, called Hard_Configurator. It is very powerful. But it is not install-and-forget. It will give you a very effective default/deny setup, similar in many ways to Appguard. Both use Software Restriction Policy. Appguard is third-party, and H_C uses the built-in Windows SRP.
 

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
He has actually been helping me with my current predicament quite a bit. Also, hard_configurator and appguard were the only things I could use to regain any significant amount of control of my system. OSArmor was acting if it was just an empty exe running in the background. That wasnt the only security app that acted this way either. I felt like I was thrown in the deep end, so this has been learning experience to say the least! Maybe I should give it another go because he really does seem to know what he's talking about, huh? :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
He has actually been helping me with my current predicament quite a bit. Also, hard_configurator and appguard were the only things I could use to regain any significant amount of control of my system. OSArmor was acting if it was just an empty exe running in the background. That wasnt the only security app that acted this way either. I felt like I was thrown in the deep end, so this has been learning experience to say the least! Maybe I should give it another go because he really does seem to know what he's talking about, huh? :)
Andy knows what he is talking about, for sure.
Regarding Smartscreen and Windows Defender: WD works best in conjunction with Smartscreen, but they are really two different things. Smartscreen works no matter what AV you have, and it works even if you have no AV at all.
Hard_Configurator enhances Smartscreen and makes it even smarter.

OSArmor was acting if it was just an empty exe running in the background. That wasnt the only security app that acted this way either.
When the system is already infected, that's a different situation. OSA and many other security apps are built to prevent infection, rather than diagnose and remove infection.
 

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
So if I run OSArmor with your suggested settings I should be able to drop the other apps? At least until I have a better understanding of Hard_Configurator? I like the idea of using windows defender and optimizing the utilities windows has already provided us.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
So if I run OSArmor with your suggested settings I should be able to drop the other apps? At least until I have a better understanding of Hard_Configurator? I like the idea of using windows defender and optimizing the utilities windows has already provided us.
OSA makes syshardener unnecessary. Besides that, syshardener settings can be tricky to undo, sometimes.

However, OSA is still not a full default/deny, even if you flip all the protections on. So I can't say it covers everything. The main weakness it leaves is malware with a valid digital signature. It's relatively rare to encounter this on a home system, but it does exist. You can protect against even this on OSA by making custom rules, but it's not so simple.
 
Last edited:

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
I use default syshardener config currently so hopefully I won't run into any major issues removing it. I wonder why NoVirusThanks doesn't have a support forum for that type of thing.

I noticed two things from your config I found interesting. Using a standard account is something I never considered, with a config l I'll le that do you have to set up your apps on the hidden administrator account? What added protection does this add? Second thing I noticed was you use Bouncer. I just learned about that a couple days ago when trying to find excubits mzwritescan demo, it really seems like a cool app. Oh and malware with valid signatures is something I'm currently concerned about because I haven't been able to make much sense of what happened to my network. Bottom line for me is that malware sucks and I'm going to be a scaredy cat for a little while longer! Haha
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I use default syshardener config currently so hopefully I won't run into any major issues removing it. I wonder why NoVirusThanks doesn't have a support forum for that type of thing.

I noticed two things from your config I found interesting. Using a standard account is something I never considered, with a config l I'll le that do you have to set up your apps on the hidden administrator account? What added protection does this add? Second thing I noticed was you use Bouncer. I just learned about that a couple days ago when trying to find excubits mzwritescan demo, it really seems like a cool app. Oh and malware with valid signatures is something I'm currently concerned about because I haven't been able to make much sense of what happened to my network. Bottom line for me is that malware sucks and I'm going to be a scaredy cat for a little while longer! Haha
Standard user account stops most malware from running. It makes it pretty hard for malware to get elevated privileges, which it usually needs. And it is the natural complement to Hard_Configurator. You can ask Andy about that.

I am too lazy most of the time to switch to the Admin account, so I do most installations etc by punching in the Admin password at the UAC prompt. There are cases where this won't work quite right, and it is not the ultimate secure way of doing things, but laziness is a fact of life. :)

I don't really need Bouncer but I enjoy that kind of a thing as it satisfies the paranoid in me. It is difficult and frustrating to learn how to use Bouncer right. Stay away from Excubits products unless you are willing to put in the effort it takes.
 

yarr

Level 2
Thread author
Verified
Jul 5, 2018
52
Thanks for everything today! I've got a small surgery tomorrow so I've got to get to bed. I'll update the thread after I run through the apps once more.

I've got one last question though if you don't mind. When using a standard account do you disable the main admin account so its inactive after changing your main account to standard or does that not matter? I'm guessing you add a password to it during that time too. (I tried wording this paragraph in a less confusing way but failed each time lol)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Thanks for everything today! I've got a small surgery tomorrow so I've got to get to bed. I'll update the thread after I run through the apps once more.

I've got one last question though if you don't mind. When using a standard account do you disable the main admin account so its inactive after changing your main account to standard or does that not matter? I'm guessing you add a password to it during that time too. (I tried wording this paragraph in a less confusing way but failed each time lol)
I leave my admin account running in the background when I switch to standard account (SUA), if that's what you mean. It doesn't hurt to leave it running in the background and makes it easier to switch back and forth.
 

Nevi

Level 11
Verified
Top Poster
Well-known
Apr 7, 2016
500
As several has posted I think you are using too much protection. One good antivirus and Appguard should keep you safe. Maybe with HMP or EEK as on demand scanner (one or both). A standard account would be a good move too.
Good luck with your little procedure.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
My advice:
  • With the Overkill you could easily get rid of OSA/Appguard and use Windows Defender with Configure Defender and Syshardener, whilst adding something like Tinywall/MWFC to compliment WF or an Antivirus firewall such as Comodo Firewall.
  • Have sensible browsing habits and teach yourself to look out for phishing attempts via sites and email, plenty of articles about and videos to help you with this
  • I know it's easy to get paranoid when dealing with an infection, but this actually makes your computer even more of a target, remember with a security config, sometimes less is more
  • Add ZAM Free 3.0
I hope you can 100% get passed your infection for your computer, I know how annoying this can be! MWT's forums are a kind place to get help and hopefully resolve your issue(s).

~LDogg
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top