Yash Khan Config... (Laptop)

[reboot]

I think that with this configuration UAC security is tricky. Suppose that Yash will see the UAC alert and the file is executed in the real system. He knows that at 99.99% the file is clean (safe), because that is the way CF works. So, he simply always presses OK. He can be infected, when system/software is exploited by malware with stolen certificate (very unlikely in Windows 10).

Sorry Andy... it may be due to lack of sleep but I am just not following what you are saying. Can you dumb it down even further for me please?

 

[Andy Ful]

Sorry Andy... it may be due to lack of sleep but I am just not following what you are saying. Can you dumb it down even further for me please?

Of course. What have bothered you?

 

[reboot]

Of course. What have bothered you?

What specifically about Yash's configuration makes enabling UAC tricky?

 

[Andy Ful]

What specifically about Yash's configuration makes enabling UAC tricky?

Tricky = not so useful. If he turn UAC on, he mostly will ignore the alerts, because he knows that Comodo reputation cloud (file lookup service) does not let anything malicious run in the real system (with rare exceptions).
The same is when you have Kaspersky + Emsisoft, then you will mostly ignore SmartScreen alerts.

 

[reboot]

Tricky = not so useful. If he turn UAC on, he mostly will ignore the alerts, because he knows that Comodo reputation cloud (file lookup service) does not let anything malicious run in the real system (with rare exceptions).
The same is when you have Kaspersky + Emsisoft, then you will mostly ignore SmartScreen alerts.

Thank you Andy. That makes a lot of sense. I am sorry for being slow to pick up what you meant in your previous post.

 

[Andy Ful]

Thank you Andy. That makes a lot of sense. I am sorry for being slow to pick up what you meant in your previous post.

My English can be hard to understand.

 

[reboot]

My English can be hard to understand.

Your English is very understandable. Your knowledge is outstanding which is why I follow you and want to be sure I don't miss any learning opportunities. Just call me greedy! LOL

 

[Deleted member 2913]

Guys, Thank You for the concern

@Andy Ful

Trusted Malware, Stolen Certs, etc is definitely But rare possibility, as you too mentioned.

This is a family shared system, 2 average users, you know how average users are, "Yes" is the action for them. BUT are fairly safe users.

After taking into account everything, I decided to keep UAC & Smart Screen disabled.

On Win 10, UAC is not completely disabled i.e I have set to "Never notify" But Security Center shows "ON".
I guess some protection in place, any info?

 

[Deleted member 2913]

First post updated with the detail & added the screenshot.

Edited AutoSandbox Rule - Options - Set Restriction Level - "Checked" & set to "Restricted".

 

[Andy Ful]

Guys, Thank You for the concern

@Andy Ful

Trusted Malware, Stolen Certs, etc is definitely But rare possibility, as you too mentioned.

This is a family shared system, 2 average users, you know how average users are, "Yes" is the action for them. BUT are fairly safe users.

After taking into account everything, I decided to keep UAC & Smart Screen disabled.

On Windows 10, UAC is not completely disabled i.e I have set to "Never notify" But Security Center shows "ON".
I guess some protection in place, any info?

I was thinking about such configuration some time ago (except: UAC MAX, because I like UAC).
But, I had some concerns about unsigned system files (there are many in Windows folder). There is a possibility, that after Windows 10 cumulative update, unsigned system file can be autosandboxed. That could have the negative impact on system stability.

 

[Deleted member 2913]

I was thinking about such configuration some time ago (except: UAC MAX, because I like UAC).
But, I had some concerns about unsigned system files (there are many in Windows folder). There is a possibility, that after Windows 10 cumulative update, unsigned system file can be autosandboxed. That could have the negative impact on system stability.

Previously, I have used CFW for quite a long time And never experienced it autosandbox System or Windows Updates files.

 

[Andy Ful]

Previously, I have used CFW for quite a long time And never experienced it autosandbox System or Windows Updates files.

Good to know this.

 

[Evjl's Rain]

I like your config. I'm the one who also don't like/deeply hate UAC. Simple but effective

 

[JM Safe]

@Yash Khan great config my friend. Comodo Firewall is light and powerful.

 

[ForgottenSeer 55474]

Hello,nice Configuration,thanks for sharing

 

[Deleted member 2913]

Added Shadow Defender

SD for ondemand use...trying software
Sometimes programs I try dont run in Comodo Sandbox/Kiosk

And SD is on a trial basis with FlashBack V2
If no probs then would be permanent

 

[Deleted member 2913]

Uninstalled Shadow Defender

After using SD & restarting system, I tried FlashBack to take backup And it lost tracking i.e started fresh i.e select source/destination & initial full backup, etc.

 

[Rolo]

You can use Task Scheduler to bypass the UAC prompt for programs you normally use (this is how CCleaner does it). This way, you could enable UAC but not be pestered by it. I hate getting pestered too.

 

[Deleted member 2913]

You can use Task Scheduler to bypass the UAC prompt for programs you normally use (this is how CCleaner does it). This way, you could enable UAC but not be pestered by it. I hate getting pestered too.

Its not for pestering, I find it redundant with my setup.

 

[Deleted member 2913]

First post updated

Uninstalled FlashBack

Installed Shadow Defender

Installed Veeam Endpoint Backup FREE (Automatic backup disabled) BUT with Windows task manager set to every 2 hours & works good here.

Its SOLID/RELIABLE backup/restore software PLUS recovery disk has Windows recovery tools too like Startup Repair, CMD, Memory Test, etc...

AND no probs with my Shadow Defender on-demand use & Veeam