Windows 10 Security Settings

[ZeeOSix]

The new Dell laptop i got a couple months ago came loaded with McAfee "LiveSafe" which was a full blown anti-virus program that was a 1 year free subscription as part of the purchase. With McAfee loaded, Windows Defender took a second seat and wasn't the real time anti-virus program, but only did it's updates and do random background scans.

I didn't really like McAfee, as the user interface was horrible and it didn't give much scanning and protection info to the user. So I decided to uninstall it and install my Malwarebytes Premium (a full license version). I actually installed Malwarebytes Premium before uninstalling McAfee and they both seemed to play well with each other. Anyway, the setup I ultimately want is Windows Defender and Malwarebytes Premium both working together in unison, which is routinely done from the info I've found on Malwarebytes website and other websites. After making a setting change in Malwarebytes Premium it looks like both Windows Defender and Malwarebytes Premium are both fully active. Before turning off the setting of "Register Malwarebytes in the Windows Security Center", only Malwarebytes was the real time program and Defender was not running real time, but randomly doing "Quick" scans in the background.

So another security setting I came across was the "Core Isolation > Memory Integrity" setting located in "Windows Security > Device Security" options. Mine was set to "Off", but I'm wondering if it should be turned "On" (if not, why not?). Anyone here using this security setting set to "On" ?

Here's info from Microsoft what this setting does ... sounds like it wouldn't hurt to turn it on.

https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/memory-integrity

https://support.microsoft.com/en-us...tion-in-windows-defender-security-center

Screen shot of the "Core Isolation" setting:

On a side note, uninstalling McAfee was a royal pain as it was embedded in all kinds of stuff, even the Google Chrome web browser. The loaded McAfee stuff ultimately consisted of 1) McAfee "LiveSafe", 2) McAfee "WebAdvisor" and 3) McAfee "Personal Security" (a separate App that was uninstallable). I could probably write a short book on what it took uninstall and clean up all associated folders and files. Without using Revo Uninstaller there would have been way more garbage leftover and it would have been a big nightmare.

 

[MParr]

Yep, McAfee is major bloat ware.

 

[Paul_Siu]

McAfee is often a resource hog and often cause cpu to mysteriously spike. I end up uninstalling it.

 

[4WD]

Originally Posted by Paul_Siu
McAfee is often a resource hog and often cause cpu to mysteriously spike. I end up uninstalling it.


Same … what a monster

 

[OVERKILL]

The core isolation feature is only valuable if you do virtualization, if you don't, it's not going to help you.

 

[daves87rs]

Yep, it is pretty bad....

 

[gathermewool]

I also have Malwarebytes Premium, but don't run it as my main IS, since it always scores so low on Consumer Reports testing.

I run Avira free. I don't care that it's not the fanciest and I don't care that it likes to also tell me how it can make my PC run better - I'm only interested that it's protecting me.

 

[Dave9]

My theory is that part of the bloatware security suites' strategy is slow your system down enough that you can't get as much done, thus decreasing your exposure and infection rate.

Whether you need one at all, or even MS Security Essentials, has everything to do with your behavior, whether you do risky things, or let others who do risky things use it, and how secure your browser is set up.

With a new laptop what I'd do is make a backup image of the factory install after you get the must-have apps you want put on it and everything configured to your liking, then uninstall everything that you don't know you need. Some would say nuke it from orbit and do a fresh windows install, but all the bloat that came from the factory should be removable via add/remove programs. Once you've used it a few weeks to months to make sure everything is good, replace the backup you already made with a new backup.

No security suite is a replacement for having a full backup that you can restore to a known clean state. It also avoids having to do a fresh reinstall of the OS every few years - for people that keep piling on junk that slows their system and eats up SSD space. Restoring a backup can take about 5 minutes from a decent USB flash drive, vs reinstall everything again from scratch, taking days or weeks to finally get it just how you want it. Then again some people change almost nothing, but that's not a safe bet for browsers, one of the primary infection points if you otherwise followed safe practices.

 

[ZeeOSix]

Originally Posted by OVERKILL
The core isolation feature is only valuable if you do virtualization, if you don't, it's not going to help you.


The first link I posted to a Microsoft article says:
"It uses hardware virtualization and Hyper-V to protect Windows kernel mode processes from the injection and execution of malicious or unverified code. The integrity of code that runs on Windows is validated by memory integrity, making Windows resistant to attacks from malicious software. "

I don't think it means you have to be running as a virtual machine for Memory Integrity to be used. They make it sound like the feature basically "locks down" the memory from being used by any unverified code. Like a "firewall" for the memory to only let validated code use the memory in order to block many types of malware.

Maybe you can elaborate.

 

[OVERKILL]

Originally Posted by ZeeOSix
Originally Posted by OVERKILL
The core isolation feature is only valuable if you do virtualization, if you don't, it's not going to help you.


The first link I posted to a Microsoft article says:
"It uses hardware virtualization and Hyper-V to protect Windows kernel mode processes from the injection and execution of malicious or unverified code. The integrity of code that runs on Windows is validated by memory integrity, making Windows resistant to attacks from malicious software. "

I don't think it means you have to be running as a virtual machine for Memory Integrity to be used. They make it sound like the feature basically "locks down" the memory from being used by any unverified code. Like a "firewall" for the memory to only let validated code use the memory in order to block many types of malware.

Maybe you can elaborate.


It's a feature that was originally crafted to protect (and isolate) the memory and processing stacks for VM's, it sounds like they've extended it to provide a pseudo-virtualization environment, using the same tech, to isolate processes. I expect it is still of little utility in the real world and may be buggy if your system doesn't play well with hardware virtualization support enabled (and even if it appears to, which is likely why it is disabled by default) but could conceivably provide benefit if you are frequently experimenting with malicious code that functions by exploiting memory space references? This stuff should all be blocked before it gets to that point ideally.