I think it would be a good idea to have a firewall and an AV. If you are looking for IS then take CIS otherwise you can choose what AV you want together with CF( Many like CF but there are others as well). If you install… lets say… Avira or Avast together with CF please add those exe to detect Shellcode injections and this how you do it: CIS —> Defense+ —> Defense+ Settings —> Execution control Settings —> Detect shellcode injections (i.e. Buffer overflow protection) —> Exclusions —> Add —> Browse…
I already use CF with defense+. It is the best solutions for personal computer security. I enjoy using CF.
I have tested honeybot with CF and when I run nmap probe to honeybot IP, there is ofcourse no logged activity.
I was thinking, that I should turn off Firewall and leave Defense+ in safe mode. With my experiments, this is the only options to detect TCP probes and catch trivial malware.
HoneyBot will be behind router, so I think, there is no options to get attacked except pivoting from anyother computer which is on Lan.
One more question. What is the main reason to add anti-virus exe on defense+ exclusions for shellcode injections?
I am happy to hear that CF is living up to your expectations ( :-TU for that) and I hope my previous post was to much bla bla bla. ;D
The easiest way to answer "What is the main reason to add anti-virus exe on defense+ exclusions for shellcode injections? is to prevent conflicts with another application that may hook into the operating system in ways that conflict with CIS.