Friday, January 25, 2013

[tips] How to protect your USB from getting infected

AS an IT repair guy, i often have to disinfect computer from malwares.
So i need my tools to be on my USB to do my job, unfortunately some systems have malwares that infect my USB flash/pendrive right away after i insert it.
Of course , i dont want to format my USB and recopy all my tools after each interventions...

There is some solutions/alternatives to that like:

- Using a media disc (CD, DVD, etc...): of course it is safe but quite expensive if i need to update my tools.

- Using a USB with write-protected switch: the simplest method, but a bit pricey especially if you already have many USBs.

the free solutions available are:

USB WriteProtector

USB Defender

of course , they are not the perfect solutions, but better than nothing ;)

[Tips] How to enable the ALPS touchpad scrolling in Firefox

hi,

Maybe some of you are using ALPS drivers for touchpad (Acer, Dell...) and have issue about using the "middle mouse-like" scrolling features of the touchpad when browsing with Firefox or assimilate.

There is the solution:

1- open the registry base with the regedit command
2- search this key : HKEY_LOCAL_MACHINE\SOFTWARE\Alps\Apoint
3- look for: ScrMethod
4-double click on it and set the Hex value to 1
5- reboot , you are all done

[Tips] How to auto-refresh Firefox's pages

 You can do it via this addon:

Link: https://addons.mozilla.org/en-US/firefox...loadevery/

Reloads web pages every so many seconds or minutes. The function is accessible via the context menu (menu you get when you right click on a web page) or via tab context menu (right click on the tab)

[Guide] How to use your Samsung phone without KIES

You know that most phone's vendors "force" you to use their own apps to upload/download files between your phone and computer.

As you also know, KIES is heavy, use a lot of resource with many processes and startup items, and is not very necessary (unless u need to update your firmware).

So there is how to deal without it :

1- if Kies already installed:


- Uninstall it but keep the driver (dont check the box)
- Connect your phone via usb
- Normally a "removable disk" icon appears on your computer panel but when clicking on it , it says "please insert a disk in removable disk...
- Dont panic, normally your phone taskbar should show an usb icon
- Scroll down the bar, now you should see under ongoing, "usb connected - select to copy files to/from your computer"
- Tap on it
- The Android logo appears with "connect storage to pc" button, tap on it
- A popup will appear, tap ok
- Your phone will connect then a window will open showing your phone files and in your computer panel the icon of "removable disk" will show the phone disk space.
- Done

2- if Kies not installed, and Windows don't have the drivers

- Just Download and install the usb driver (not kies): http://forum.xda-developers.com/showthread.php?t=961956
- then do the step above.

[Guide] Force Addon compatibility in Firefox

for example im using Nightly and i want my addons working.

method 1

download and install the Nightly Tester Tool

https://addons.mozilla.org/en-US/firefox...ter-tools/

go to options > Nightly Tester Tool > Force Addon Compatibility


method 2


- Type about:config in Firefox address bar and press Enter.
- It'll ask for confirmation, click on "I'll be careful, I promise!" button.
- right-click anywhere and select "New", then "Boolean".
- Give it name: extensions.checkCompatibility.9.0 (or 10.0, 11.0, etc...depending the version using)
- set the value to false.

it's done

[Guide] How to fix file disassociation on Win7/ Vista

Issue:

this issue may happen after some malware hit you or after a system corruption, your shortcuts or executables open the image viewer (or another) instead of the programs concerned.

example: your programs shortcut has a different icon than usual, you click on Chrome.exe it open Image Viewer instead of Chrome.

in fact, the file association is disassociated.

How to fix (Windows 7):

1- Download the File Association Fixes : http://www.winhelponline.com/blog/file-a...windows-7/

2- Unzip the file and extract the .REG file to Desktop.

3- Right-click the REG file and choose Merge. Alternately, you can open the Registry Editor and then using the Import option from the File menu, to merge the REG file contents.

Note that you need to be an administrator to apply these fixes.


How to Fix (Win Vista)

1- Download the File Association Fixes : http://www.winhelponline.com/articles/10...Vista.html

2- Unzip the file and extract the .REG file to Desktop.

3- Right-click the REG file and choose Merge. Alternately, you can open the Registry Editor and then using the Import option from the File menu, to merge the REG file contents.

Note that you need to be an administrator to apply these fixes.

[Review] Internet Download Manager v6

The Good :


- Fast downloads with resume capability
- Efficient web player detection
- Ease of use via a clear interface
- Lot of useful options/tweakings
- Good browsers integration
- Low on resources usage
- Frequently updated


The Bad :


- Paid software


--------------------------------------------------------------------------------------------------------------------------

Internet Download Manager

Homepage

Internet Download Manager (aka IDM) is what we call an "Download accelerator"; it uses intelligent dynamic file segmentation and safe multipart downloading technology to accelerate your downloads. It means it segment the file you wish to download into smaller part, downloaded separately to achieve greater speed.



Dynamic file segmentation and connection reuse
Internet Download Manager has optimized file download logic. IDM divides downloaded file on file segments dynamically, unlike other download accelerators that divide downloaded file in segments once just before download process starts. Dynamic segmentation gives significant download performance improvement. When file download starts, it's unclear how many connections may be opened. When new connection becomes available IDM finds the largest segment to download and divide it in half. Thus new connection starts downloading file from the half of the largest file segment. IDM minimizes the time needed for negotiations with servers and keeps all connections busy.

The goal of this kind of software is to give you more control over your downloads and a boost in your download speed.

The Installation of IDM is classic and it will add a plugin into the main browsers available on your system (with an option to include less known ones manually)

Now that you understand how it works, let's go for a tour:

1- Main Program Window

When you open IDM you arrive into the main window, where all options/features are listed.

[Image: gROhGl.jpg]

- Download control buttons: (Add URL, Start/Resume, Stop, Stop All, Delete, Delete All Completed, Options, Scheduler, Start Queue, Stop Queue, Stop Queue, Grabber, Tell A Friend) are located above the download list under the form of a ribbon. They can be in active (colorful) or disabled (greyed) state depending on what actions are possible for the current selected downloads.

- Categories: In the left side of the main part of the window is a tree of download categories. IDM offers the categories feature to organize and manage your files. Every download category has a name, a default download directory and a list of associated file types. IDM has several predefined categories like Music, Video, Programs, Documents, etc. You may delete, edit them, or add your own categories.

- Download List: located in the middle of the windows, here are listed all the downloads you have started, paused or completed. It also indicates the percentage and ETA of the downloaded files.

2- Download Modes

IDM has multiple download mode giving you a great freedom of use; the main methods are:

- Automatic Mode: This method to start downloads is the easiest one. IDM takes over downloads from various browsers and starts downloading files automatically when users click on download links.
  • When a link is clicked this window appears:

[Image: 9xJ8ul.jpg]

note that your download can be delayed.
  • When IDM detects a Web Player and receive a multimedia request, this small windows appears

[Image: 2cTi2.jpg]

if clicked, the Download window appears (as above), if you have many requesting pages, all videos will be showed as a list.

note, than some website does not trigger this feature.
  • If the download is started , then this windows is activated

[Image: Dp0Bml.jpg]

as you can see, the "resume capability" shows "Yes", it means that if for some reasons i have to stop the current download (internet disconnection, reboot, etc...) i will not loose the already downloaded part and i will bnot have to re-download from the beginning. This is a very useful feature especially if you download heavy files.

you can set the speed limit here:

[Image: 6KBMil.jpg]

and what IDM will do upon completion:

[Image: pcBqHl.jpg]
  • When the download is completed , this windows appears and inform you where the file is located and if you click "open" the file/program is executed directly.

[Image: jppGql.jpg]

- Download a specific link or all links in the selected text from an html page : If you right click on a link in your browser, you will see "Download with IDM" menu item. Just click this item to start downloading the link with IDM. You may also select a text and click "Download with IDM" to add all links in the selected text to IDM.

- Add URL Button: You can add a new file to download with Add URL button (see Main Program Window chapter). You can either enter a new URL in the text box or select URL from existing ones. You can also specify login informations if the server demands authorization (by checking "Use authorization" box. )

[Image: Ge6Hpl.jpg]


3- Options Dialog

IDM has a wide range of options, here they are some of the most useful:

- General options:

[Image: p2ro7l.jpg]

The interesting feature here is "add browser" , if your browser is not listed in the windows above, you can manually add it by selecting the executable (i.e: Dragon.exe for Comodo Dragon, etc...)


IDM supports basic and advanced browser integration types. For basic browser integration you can check what type of integration is used for a browser by selecting the browser and clicking on details button. In basic browser integration you can add a browser by using "Add Browser..." button. IDM determines the version of the browser and will integrate into it.

IDM has a special module (IEMonitor.exe) for click monitoring in IE-based browsers (MSN Explorer, Avant, MyIE, some versions of AOL etc.) that runs separately from the main process of IDM. This module can be turned on/off using "Run module for click monitoring for IE-based browsers" checkbox.

- File Types tab: File Types tab can be used to change the list of file types that will be taken over from a browser and downloaded by IDM.

[Image: zLhaJl.jpg]

- Connection tab: Here you can set up IDM to fit the kind of connections you have for optimal performances.

[Image: SHital.jpg]

- Save To tab: This is here where you can define the default final download location for the selected category (Music, Videos, etc...) and the temporary one.

[Image: QwfQFl.jpg]

-Downloads tab: Here you can control how IDM dialogs are displayed.

[Image: rnvXQl.jpg]


Final Note:

Now you have a good idea of What is IDM and its usefulness, it is simple to use and efficient. iI have to admit that when you start using IDM, it is very difficult to renounce to it.
i really like its speed, ease of use and ability to download contents from streaming video sites.
IDM is useful for people that download a lot of software/files, for the others it is not very necessary since it is a paid product.


I rate it 4/5 (based of my sole opinion and testing, this rate can be raised/lowered if new Pros/Cons are found)

[Review] Spyshelter Firewall 2.3

The Good :


- First class Anti-logger with innovative anti-sound capture module
- HIPS
- Policy-based restriction mode for processes
- Light on system
- Easy to configure and use
- Keystroke encryption (x64 only)
- Firewall

The Bad :


- Some options are obscure to the user (Hard Hook mode)
- Some modules doesn't support Win8 x64






 -------------------------------------------------------------------------------------------------------------------------

Ok, There is my review of Spyshelter Premium 8 (SSP)

Home
Features

I want to precise that i cant test it against malwares since it creates BSODs on my Virtual Box, so it will be a descriptive and usability review.
i will do a malware test later.

One interesting thing, is when you install it , it ask you if you want it start with high or normal security after the reboot.

SSP sit on my system between 20-30mb WS of RAM, i don't feel any visible slowdown.

[Image: ZxMBwl.jpg]

1- Protection Tab

Spyshelter is an Anti-Keylooger and also an HIPS, here we can see the various protection modules, SSP, it share the common protection with other products but where it is innovative is the "Anti-sound module" that protect your system against VOIP sound trojan loggers and other sound capture.
Note: the kernel module is only for x86 systems





2- Rules tab

Here is the place where the rules will be shown, you can alow/deny/check/add/edit/remove them ,you can also impot/export some rules, clean old ones (from uninstalled programs) and check all component and details of them, i like the Virus Total integration, when a process is allowed/denied, you can upload the file to it.




3- Log tab

Here is shown all the decision made by SSP or by you, nothing very exceptionnal there.




4- Restricted Apps tab

Here is an interesting feature of SSP, it is in fact a kind of policy-based "Sandbox" (like OAP's Runsafer or Comodo's Auto-sandbox), with the addition of selecting which folder/file access will be allow/deny to be writed.
When an process is run restricted, its windows will got the "Restricted" tag (if selected in the settings)








5- Firewall


SpyShelter firewall module is designed to control (permit or deny) network transmissions based upon a set of rules.It's commonly used to protect computer system networks from unauthorized access while permitting trusted communications to pass.
SpyShelter Firewall supports IPv6 protocol






6- Keystroke Encryption

This feature (available for x64 system only) will encrypt any of your keystrokes (a la "Keyscrambler") so even if a keylogger successfully leaks datas to the attacker , he will not be able to read them.







6- Settings tab

There are the settings options

a- General : here nothing special except the auto-clean option of the rules, quite convenient.




b- Security: here you can allow how SSp will react when confronted to a process, you can select one of the 4 options, "Allow Microsoft" is the less intrusive, "Ask" the most (means more popups)








c- Advanced: here you can increase the protection by terminating processes and their child

Use Hard Hook seems to be an option to enforce compatibility with other security apps.




d- List of Monitored Actions : here you can decide what actions SSP will react from. When a popup will appears the number of the action will be shown so you can know what happened.




Hope you enjoyed the review Wink


[Review] KeyScrambler (All Versions)

The Good :


- Very easy to use.
- Encrypt your keystrokes in a visual manner.
- Quite light on the system.

The Bad :


- The personal (free) version allow 3 browsers (no other apps) to be protected (IE, Firefox and Flock). - Prices a bit high (especially the premium version).
- Only the apps selected by the developers are protected, no way to add yours.

-------------------------------------------------------------------------------------------------------------------------

KeyScrambler Personal/Pro/Premium

Home

Features & Comparatives

Download


KeyScrambler is a security software designated as an "Anti-logger" , effectively some malwares called "keyloggers" sit on your system and record everything you type on your keyboard in a log and then transmit it to someone who will appreciates to get your bank account's username and password or your credit card's credentials...

This kind of malwares are very silent and a common user will never know he is its victim.

What makes KeyScrambler different than other Anti-loggers (like Zemana Anti-logger, Spyshelter, etc...) is that it just encrypt your keystroke with random characters instead of detecting/removing the keylogger.

It means that even you are victim of an keylogger, anything you type is unreadable by the attacker, the log will just show random characters without any meaning.

How it works (in details)

ok, now that you understand how it works, lets go for a tour:


Resources Usage

[Image: ZDvgT.jpg]

2 processes on x64 system (one for x86 the other for x64)

The Encryption

As you can see on the screenshot, everything you will type is encrypted, and you can see how in the green small window.
You can set up the location of the window in the options.

[Image: VlbFls.jpg]

Options

keyscrambler is a minimalist software so you will have few options.

- Display tab: here you set the position of the window

[Image: NtOwXs.jpg]


Advanced tab: Here some options available only for the Premium version, the most interesting is the Windows Logon protection.

[Image: rU343s.jpg]

That is all,yes it was fast but Keyscrambler is very simple in its concept but very efficient on its use.

I Highly recommend it if you are an aficionados of online banking or online shopping !

Thanks

[Review] Zemana Anti-Logger

The Good :


- Good protection
- HIPS-like module
- Light on system
- Can be run alongside other security apps
- Almost silent (Install & Forget)
- Easy to use
- Do more than just protect vs keyloggers

The Bad :

- Protection limited on x64 system
- Not free (but you may find many giveaways)


---------------------------------------------------------------------------------------------------------------------------

Homepage


After some weeks of experiment, this is what i can say about Zemana Anti-logger:

1- UI : clear, simple, well designed, it show you the various modules and options.

[Image: th_Untitled-7.jpg]

2- Modules: ZAL is made of 5 modules:
- Anti-Keylogger,
- Anti-screenlogger,
- Anti-Webcam logger,
- Anti-clipboardlogger
- System Defense (this one, act like a HIPS, very strong, it monitors your RAM/registry/files for malwares).

http://malwareresearchgroup.com/2011/07/...-26072011/ (MRG flast test 26/07/11)
http://malwareresearchgroup.com/malware-...t-results/ (MRG current result 2011)

3- Rule List: you can set there the rules you want ZAL applies when detecting a potential suspicious process.

4- Settings: there you can set the various alerts options of ZAL, the use of it whitelist, etc... an "Expert" button allow ZAL to ask about your decision to every alert it detect.



Thanks for reading.

Thursday, January 24, 2013

Umbra Corp's Concept of Layered Config

Because many users asked me how to set up a very tight config , so i will simply give a short "blueprint". i am using all the layers below.

note: if you like simplicity, stop reading now ^^

I will organize the layers by starting from the OS to the topmost layer, simulating a fresh installation of my OS.

1- Updating your Operating System and softwares (Important)

the first layer is your system aka your OS , it must be up-to-date all the time, every day new flaws are identified and corrected by the developers of your OS, don't be lazy, just do it.


Earth wrote:Most security issues are related to vulnerabilities in the operating system. As these flaws are discovered software companies release patches and updates to protect you from the security holes.
source

For Windows 7 users, you can install right away EMET aka Enhanced Mitigation Experience Toolkit (from Microsoft) to harden your softwares.
Windows 8 users don't need it.

2- Imaging Backup (Important)

First thing to do after installing your OS and before browsing the net is to do a clean backup of your system.
no system must be without a imaging backup solution, so if all of the layers below fails, you still get back your system

3- Rollback (for paranoid users)

Rollback RX and Returnil are the mostly known program to do it, it is a fastest and more secure "system restore" because it take a complete snapshot of your system (unlike Windows' Restore Points that save only parts of the system) and allow you to save/restore it in a minute
note that rollback softs don't fit well with installed imaging programs.
On my Config, it is the first thing i installed after doing a backup, so i will have a clean "baseline" from where i can test/install/update things knowing i can revert to a clean state if something goes wrong.
note that rollback softwares are not recommended to use with an installed imaging backup software.

4- Light Virtualization (for paranoid users)

Light Virtualization softwares are mostly system-wide , they functions like sandboxes but affect your whole system, isolating any changes in your system after their activation until the reboot; so you can test malwares, softs, etc...
Shadow Defender, Timefreeze, Deepfreeze are the most famous ones, in my case i use Shadow Defender on boot.

5- Sandboxes

Sandboxes are programs that virtualize other softwares ran inside them, isolating them from your real system.
they are mainly used with browsers so if you catch a malware on a malicious website , it will not affect you.
Sandboxie or Bufferzone are the most famous one.
i install Sandboxie before going into internet and use it to isolated my browsing in search of softwares to install. so im sure i will not be infected.

6- Secured DNS

DNS servers are like adresses books of the web, Your Internet provider gave you a basic DNS server to allow you to surf, some vendors like Norton/Comodo removes malicious websites adresses giving you more security while browsing.
i change my default DNS to a secure one also before browsing to minimize the risks.

7- Firewall (Important)

to secure my system a bit more before browsing, i install the Firewall before the Anti-Virus.
A firewall will monitor you inbound/outbound connections. I use them to control what going out of my system (ex: trojan downloaders or rootkits calling home) rather than protect me from attackers (quite rare now if you are a common user without sensitive datas).

8- Main Antivirus (Important)

Now that my browsing is secured by the steps above, i can install my AV.
choose any AV you like (lighter is better) it will be your first line of defense against malwares, my favorites are Avast, AVG, ESET Nod32 or Emsisoft AM.

a- Web Filters/DNS checkers

Web Filters like "Panda Cloud URL filter" or "Bit Defender Trafficlight" will check/scan the website you visit for malicious code/script/executables that may infect your system and block you from accessing it, some AVs incorporate them in them.

b- Behavior Blockers/HIPS

this will be one of your 0-days malware protection, some AV & Firewalls integrate them. Both are compatible and be used together.

BBs are more user-friendly since it will monitor the behavior of a process and ask for you only if it cant decide.

HIPS are more destined for advanced users since they ask for almost every processes events.

9- Companion Antivirus (for paranoid users)

in case your main AV misses some malwares , the companion will help filling the hole, they will also add some features your main AV may not have. Emsisoft AM, webroot SA, Kingsoft AV , MBAM Pro are very good at that.

10- Anti-keyloggers (for paranoid users)

Programs like Keyscrambler , spyshelter, Zemana Antilogger protect your system from keyloggers that record your keystrokes and sent them to the cyber-criminals, mostly using your banking credentials.

so if your are an heavy online banking/shopping users , this kind of softwares will increase your security. note that most AVs detects keyloggers.

11- Browsers & addons

Now i can go surfing but since i want be totally protected i will choose to secure my surfing a bit.
Internet browsing are the main vector of infection so some browsers like Chrome offers many built-in secured features (integrated sandbox for flash player, pdf reader, etc..). Also you can improve your security by adding addons to them (HTTPs everywhere, Ghostery, Noscripts, etc...)

12 - YOU (Important)

The final and most important layer is YOU, yes, the user; you must have the right habits on what you do with your computer:

- Surf properly, don't go to suspicious websites and check the website you go is the real one.
- Download smartly, always download from the vendor websites or at least a reecognized and legitimate website.
- Don't run files of a unknown USB you found, check them first.
- Don't use Crack/keygens outside a virtualized application.
- Don't give your credentials to anyone even your family members, i can tell you stories how i got credentials by doing social engineering.

Final Note:

If you follow the steps above, you will greatly minimize the risks to be infected and loose your system and datas.note that some suite incorporate many of the element above.

Personally, when i boot, my system is right away virtualized under Shadow Defender, then my AVs/FW load, then i can go surfing with Chrome isolated by Sandboxie.

[Image: Ku4gNl.jpg]




hope i helped you

[Guide] How to set up Shadow Defender for convenience & max protection

Hi, i read a lot of post asking how to set up Shadow Defender properly for convenience and optimal protection. so there is my simple guide:

Prologue:

SD can be used in 2 modes:

1- On-Demand mode

In this mode you just activate the Shadow mode when you need to test something you think may be harmful to your system , then reboot to exit it; this mode will not reduce/hamper your daily use of your system since all changes made (Windows Updates, bookmarks, installed softs, etc...) outside Shadow Mode will remain.

2- Permanent Mode

This mode is active when you allow the Shadow Mode at boot, this mode is the safest one for your system but is the one that will have many unwanted effects, why ?

- You are always under Shadow Mode so any changes in your system will be negated at every reboot.

- Any Windows/software/antivirus Updates, created/modified/downloaded files (as well as malwares infections ) will be negated at the next reboot.

As you see it is the main purpose of SD, virtualizing your actions then negating them at next reboot.

You will ask me : "So what the benefit of SD if i have to redo every time the works i have done?"

I will answer by: "Then you have the exclusions and commit functions"

So now let start to configure SD for max protection but with convenience of use.

1- Mode Setting

First you have to decide which partitions/drives to protect from changes, of course the system one must be protected but i recommend also any other partitions/drives you may have !

Why ? because some malwares infect every files not just the system ones.

You choose your partitions there:



[Image: f1BzD.jpg]

Then select "Enter Shadow Mode at every boot"; then you will enter rightaway in Shadow Mode and at every boot.


[Image: iE3ze.jpg]

The desktop tip will appears to confirm that you entered in Shadow Mode (the tip can now be hided )

2- Exclusion List

The important part is here, the exclusion list

You will have to set the folders that will be ignored by SD, meaning all changes occurring on them will be kept when you will reboot.

There is my exclusions:


[Image: giWON.jpg]

So what to exclude:

- Your Antivirus updates : Generally by excluding every folders of it (ask in your product support forum to be sure),

- Your browser bookmarks (optional) : i put it as optional because i don't like to exclude my browsers, since internet is the best place to be infected i don't want to open some security holes.
My workaround is to use an online bookmark synchronizer that loads my bookmarks everytime i am online (ex: Xmarks)

If you still want exclude them you must find where the bookmarks are stored. example for Firefox: "places.sqlite"

- Your downloads: It is a nonsense to download things then negate them at the next reboot, so i recommend you to create 2 folders (in the non-system partition), for that: the first one , i called it "Downloads " is where all your downloads will be saved (this one will be not excluded); its purpose is to check that your downloaded files are safe/non-malicious (the AVs will take care of that), you can open the files there.
The second folder will be named "Safe Downloads" , when after checking the files in "Downloads" you are sure they are safe, move them here to keep them. Later you will exit Shadow Mode and locate them as you wish in a non-exclusion folder.

- Your Works: Create and exclude a folder, put your actual working files there (documents, etc..) until done, then as above relocate them later in the folder that will be protected by Shadow Mode, so you will never loose them in case of infections.

Note about Windows Update: unfortunately , you can't exclude it , SD can't exclude the registry base, so when an update is available , just exit Shadow Mode, install it, return under Shadow Mode.


3- Commit Now button:

The Commit Now button allows you to exclude files/folders on the fly , in case you downloaded/modified a file outside the excluded folders.


[Image: NUaVI.jpg]

You can also do it via right-clicking the file


Final Note

As you see , Shadow Defender is a powerful protection tool if used properly, but it is not 100% bullet-proof so you have to be careful on what you download and execute on your system.

Hope this guide helped you.

I will add more infos if needed and also about the browsers bookmarks file to exclude.


Thanks

[Guide] How to increase responsiveness of your Windows system

With time your Windows system loose its fast responsiveness, and start to slowdown or even crawl.

There is my few tips to keep it responsive.

Startup entries

Some developers like to add startup processes to their softwares with good reasons but sometimes it is not worth the shot.
Do you need your Video/Audio player, Phone apps, graphic soft to start with windows? surely not !

So you must disable them from the startup, you have many tools to do it, but i will choose the simplest ones

1- Msconfig.exe

Go to start menu -> click on "run..." -> type msconfig -> startup tab -> uncheck the entries of applications you don't need to start with windows.

2- Ccleaner

This very effective software is not only good at cleaning your system fro junk files and old registry's entries but also it help to delete useless startup entries

open it, go to "Tools" -> Startup -> uncheck the unwanted entries


3- Wise Care 365

This free soft can be installed or be used as portable.

open it, go to "System Tuneup" tab -> Startup Manager -> let it populated the list -> turn off the non-essentials entries that slow down the boot (depending your taste and suggestions given by the soft)


Services

Windows is made to be easy to use and focus on a large types of users, unfortunately if you are not a "mediavore" or "remote controller" kind of user, many services will be useless to you. so you can set them on "manual " or simply disable them.

Be sure to understand what you will disable, some services have redundancies that may affect your normal use of Windows

Again you have many ways and tools to do it.

1- Services.msc

the built-in services monitor, you can tweak it using Black Viper services configuration guide


2- SMART
: A portable apps that have some pre-configured setting


3- Advanced Win Service Manager
: It show the services and indicate if some of them are suspicious or even dangerous

4- Wise Care 365:

open it, go to "System Tuneup" tab -> Startup Manager -> Services -> let it populated the list -> turn off the non-essentials entries that slow down the boot (depending your taste and suggestions given by the soft)



Contextual Menu

Again softwares like to put some entries to your contextual menu that slowdown its appearance and make it messy

you have many ways to reduce it, there is a good guide with 2 very useful tools

How to Clean Up Your Messy Windows Context Menu

Malwares

Malwares are quite known responsible for make your system crawling, be sure to visit safe websites and use a security solutions (AVs, sandboxing, etc..)

Antivirus

As malwares will cripple your system you must use an Antivirus or other security application to be safe from them, unfortunately some are heavy on your resources, be sure to take a light one.
Remember that using 2 or more AVs in same time will make reduce your security, create issues & conflicts and of course slowdown your system (unless they are complementary)

Here you will find a good thread about light AVs/Suites :

Which is the lightest antivirus/security suite you used in last 6 months?

Responsiveness tools

i have those tool in mind, some others surely exist.

Process Lasso allows you to monitor the responsiveness of your system, CPU,RAM, etc... usage. Use it with cautions

Soluto will check which apps slow you down, just follow the steps. Tips: since Soluto slow the boot time for its scanning, use it only one time, write down the faulty apps, then uninstall Soluto.

Wise Care 365

open it, go to "System Tuneup" tab -> System Optimizer-> Tick the entries you want .

Registry Defrag tools

This is a controversial topic, some says that defragmenting the registry aford nothing to the speed when others says it does, anyway if you want to try there some tools:

Wise Care 365:

open it, go to "System Tuneup" tab -> Registry Defrag -> Run it


That is all i can think about, i will update the thread if i find new tweaks.

Thanks for reading !

[Guide] How to set Comodo IS + Emsisoft AM for max compatibility & security

this quick guide will allow you to use EAM (full version) alongside CIS with maximal compatibility.

CIS part

1- AV tab:

- set the AV on access, so it will catch malwares before EAM.




2- Defense+ tab (if not already on Trusted Files)

- add EAM files as Tusted: "a2service.exe" , "a2start.exe", "a2guard.exe"




EAM Part:

1- Application Rules

- add this CIS file: "cmdagent.exe", "cfp.exe", "cfpupdat.exe", "cfpconfg.exe", "cavscan.exe" on the list as "excluded" ("always allow this application" in Add new Rules)





2- Alerts tab:

- tick on activate Intelligent alert reduction (will diminish the numbers of popups).
- tick on community based alert reduction (will use the cloud to reducing popups).




3- File Guard tab

- select "scan only programs before they are executed" (will let CIS do all the prevention job, EAM will eventually catch malwares not blocked by CIS. this option will also reduce the RAM usage of EAM)




................................................................................​..............

that is all for the moment, if i find new options i will update this post.

thanks for reading

[Guide] How to setup Webroot SA alongside another Antivirus

Hi,

Ok, if you bought a copy of Webroot SA, you already knows that you can run it alongside another antivirus/suite without conflicts; it is called a "companion AV"

But for that , we need to tweak a bit both of them, so there is my quick guide:

The other Antivirus

depending the product, the settings are different but all of them have the same kind of options:

Exclusions/Whitelist

important step, you must exclude WRSA.exe from the protection of your other AV, so WSA will not trigger a monitoring from it, so less resources used. You do it generally in these fields:

1- Antivirus scans (exclude WRSA.exe)
2- Real-time scans/modules (exclude WRSA.exe)
3- HIPS/Behavior Blocker/Sandbox : add/trust/allow WRSA.exe
4- Firewall (add/trust/allow WRSA.exe, Webroot is cloud, means it need to connect to internet)


Webroot SA

Webroot SA is very simple to use, so you don't have to be a super-geek to set it up, so we will do it to perform as a companion AV.

Now we open Webroot's GUI and go to settings:

A- Settings:

1- Basic configuration

   

we will check if these boxes are ticked:

- operate background functions using fewer CPU resources (your main AV may be greedy on resources so we will operate WSA with minimum consumption)

- Favor Low disk usage over verbose logging (i like to save the life duration of my HDD Big Grin )

- Lower resource usage when intensive applications or games are detected (no need to explain why Tongue )

- Force non-critical notifications into the background (to avoid useless popups)


2- Scan Settings

   

we can tick all boxes. some of them depend of your personal taste.

3- Self protection

   

the important part : Enable self protection response cloacking -> minimum (it is explained why there)

4- Heuristics

   

I selected High for all "Advanced Heuristics" , personal choice, it may generates more False positives but you can let it as Medium. this field is really depending of your taste, feel free to do as you wish

5- Real-time Shield

   

you can untick scan files when written or modified, WSA will react only on executed files.

6- Behavior Shield

   

tick all except automatically perform the recommended action... ( i like to know what is authorized on my system)

7- Core System Shield

   

tick all, if your other product have a feature that modify the HOSTs file, you can untick, "prevent any program from modifying the Host file" but i suggest you to tick it after the modification is done.

8- Webshield

   

Tick all

9- Identity Shields

   

Tick all

Click "Save All" , WE ARE DONE for the settings tab Big Grin but not finished the setup ^^


B- PC Security

1- Firewall

   

enable, it ! some says hey i have a firewall already ! it will conflict !
In fact not, Webroot is not a "traditionnal firewall" , it works differently, it is more a "malware firewall" or outbound connection monitor, it functions as an "additional firewall layer" (if i can say that)
note: Win8 users will not have the possibility to choose a setting.

- network Application -> view network application

   

check that your other product is allowed.

2- Quarantine

- Detection configuration -> configure

   

yes it is weird but it is one of the exclusions place...

add every executable of your other security product (example for Comodo IS : cfp.exe, cmdagent.exe, cavscan.exe,etc...)


Jim (Webroot Community Leader wrote:Quarantine section is not necessary. Webroot maintains a global listing of good files in addition to bad ones and unknown ones. Third-party antivirus software is included in this list. It takes less time for WSA to ask the cloud if the software in question is good, bad, or unknown than it does for you to manually tell it to flag all of those files as good. Additionally, the third-party software is probably going to update a lot, being that it's antivirus software (most-likely old-school definitions based stuff too). When it updates, those files change, and for all real purposes they are new files. The original whitelisting action you would have taken would have whitelisted a certain set of files locally, but it wouldn't account for updates. However, our cloud-based whitelisting does that automatically, which is why you notice no ill effects.

C- System Tool

1- Control Active Processes -> Start

   

check that all exe of your other product are "allowed" (if monitored their efficiency may be reduced)

Jim (Webroot Community Leader wrote:On Step C, I'd caution that you want to know for sure what you're telling it to Allow. If you see programs you use all the time in that list and you are positive they are not threats, you can toss them into the Allow column. However, there are two things to consider about this:
1. Don't just go by the name. Some threats will name themselves something convincing in an effort to evade manual detection (think "windows.exe" or even real file names like "smss.exe").
2. Uncertainty should raise suspicion. Obscure names can be bad stuff too. If you see something like aphwef876.exe (I just hit random keys there like a polymorphic infection would rename itself), and it's sitting in a Monitor or Block status, there's a good chance that's an infection.
While some users are tech-savvy enough to be able to investigate entries that are unjustifiably set to Monitor and decide to Allow them, other users who are less tech-savvy would be wise to either A) leave those in Monitor status in case they are later flagged as Bad and need to be automatically rolled back to before WSA first saw them or B) contact Support to determine if such movement to Allow is justified. B is preferred, because any time you ask Support about a file that we are currently marking as Unknown, it prompts us to look at that file right away and determine it. That doesn't just help you - that helps everyone with WSA installed, which is pretty cool when you think about it.

WE ARE FINISHED.

normally Webroot SA should run now with a low CPU & RAM (less than 10mb Working Set on idle.

   

Edit: i may add other changes if the case is needed.
Edit 2 : procedure to add Webroot to exclusions of various security products will be added by others members and me on the following posts , thanks Big Grin

note: Thanks to Jim (Webroot Community Leader) to gave me some feedbacks and corrections to the guide.