Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Secure


02 Oct 2010   #1

Windows 7
 
 
Secure

Hi,

Is anyone able to help me, take a look at my configurations please. system services as well as comodo firewall set rules? Reason I'm asking is because I think theres a security flaw which i hope you may be able to help me with.

For those able to help, could you please advise me meaning how to upload my sys config file, comodo config file and anything else you may need.

I'm running Windows 7, no file sharing as far as I know, stand alone system, wired up to a modem, with one firewall running which is comodo, its set to basically be invisible but I don't think it is.


My System SpecsSystem Spec
.

02 Oct 2010   #2
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

I can't find anything in your configuration that hints to a "security flaw". What makes you believe that there is a problem?
My System SpecsSystem Spec
02 Oct 2010   #3

 

It's probably not a security flaw, but if you want to upload the system config file and the comodo config file, you'll have to use winzip or 7zip to create a zip file, then upload using the paperclip icon.
I use the Comodo firewall too, but I think for some reason Microsoft doesn't like Comodo because I get a lot of alerts for normal internal connections in my computers that wouldn't happen if Comodo and Microsoft had even the slightest collaboration. The latest version of comodo is constantly connected to the internet, to check running processes against a list of malware. A lot of the firewall and defense plus alerts are for legitimate system services. Comodo does lock down all connections when you select block all.. I've verified that using port scans from another computer I have at home.
My System SpecsSystem Spec
.


02 Oct 2010   #4

Windows 7
 
 

I think the attached zipped file below has my system services configurations in it. I exported list in windows services if that correct, I've tried to disable everything that could lead to a possible hack. could you please have a look at it and let me know if anything else should be disabled for increased security.

again i have no wireless, no router, no file sharing or network sharing. its a stand alone system wired up to a modem (Virgin Media)


Attached Files
File Type: zip lm-sys.zip (11.9 KB, 11 views)
My System SpecsSystem Spec
02 Oct 2010   #5

 

The best way to further secure your system would be to disconnect from the internet whenever you're not actively surfing the web, and turn the computer off completely when you walk away. The comodo defense plus has a good feature as well, just set it to block all unknown requests when the application is closed, whenever you're not using the internet
My System SpecsSystem Spec
02 Oct 2010   #6

Windows 7
 
 

thats currently disabled, not ticked as I don't know whether or not that will mess up anything while I'm using the net. Should I enable it and leave it enabled?

Also would you be able to look at my comodo configurations if I uploaded the *.cfgx file or will you find it hard with you having to import it into your own comodo which may mess up your system? If you do wish for me to upload the file, I have the following...

COMODO - Internet Security
COMODO - Proactive Security ACTIVE
COMODO - Firewall Security

Will you only need the ACTIVE proactive file or should I upload all?

Also regarding the system services log file above, is that ok?



-------------------------------------------------------------------



heres my hijack this report if its any use,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:38:22, on 02/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Users\mh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5780 bytes
My System SpecsSystem Spec
02 Oct 2010   #7

 

I can read it without applying it to my system.. but I've found the default firewall security setting to be adequate. also don't apply the "block all unknown requests" option unless you've ran your current software configuration with comodo set to training mode for about a week, and run every installed program at least once
My System SpecsSystem Spec
02 Oct 2010   #8

Windows 7
 
 

files are attached, as said above the proactive security file is the one which is marked active in my configurations.

please advise


Attached Files
File Type: zip lm cis Firewall Security.zip (14.1 KB, 5 views)
File Type: zip lm cis Internet Security.zip (14.0 KB, 3 views)
File Type: zip lm cis Proactive Security.zip (17.8 KB, 4 views)
My System SpecsSystem Spec
02 Oct 2010   #9

 

Looks ok to me.. only thing I would suggest, make sure the following folders are given exceptions program files/eset, program files/common files/eset, users/appdata/local/eset, users/appdata/roaming/eset and so on. Defense plus doesn't play nice with other antivirus apps. Also, if you haven't already done so, disable autoplay.. which is one of the biggest security flaws in windows
My System SpecsSystem Spec
02 Oct 2010   #10

Windows 7
 
 

how do I disable autoplay, is it in windows services?
My System SpecsSystem Spec
Reply

 Secure




Thread Tools



Similar help and support threads for2: Secure
Thread Forum
Just how secure do you need to be? System Security
Is EFS secure? System Security
Is UAC really secure? System Security
So how secure you are really ? System Security
How Secure Is Your PDF? Security News
Which is Overall more Secure ? Vista or Win 7 ? System Security
Is this secure? Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:36 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33