Advanced Plus Security Kongo's Computer Security Config 2026

Last updated
Dec 22, 2025
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
AiProtection Pro by TrendMicro (ASUS ROG Rapture GT-AXE11000)
Real-time security
Deep Instinct Endpoint Protection
CyberLock (Autopilot)
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Hardening tools:
- Cyberlock with Intelligent Firewall set to "Aggressive"
- Cyberlock with Security Posture set to "Aggressive"
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Local Security Authority Protection enabled
- Microsoft Vulnerable Driver Blocklist enabled
- Memory Access Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled
‎‎‎ㅤ‎ ‎
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mozilla VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- UnpacMe
- Qianxin Online Sandbox

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 147.0.0

Extensions:
- Ghostery
- Mozilla VPN Extension
- Bitwarden

Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.lna.blocking = true
- network.lna.block_trackers = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoT + OISD (Network-wide)
- NextDNS with DoH + HaGeZi - Multi Ultimate (only browser)



Desktop VPN
Mozilla VPN
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, UniGetUI, HiBit Uninstaller, Process Lasso and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 3060 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2026
What I'm looking for?

Looking for maximum feedback.

I have been using at home for about 2 years - it is useful as you need to do remote support, e.g. for family (from the web console you have access, among others: Patch management, Program installation, MDM, Remote Support. In addition, I have paused updates in Windows and installs patches when I am 100% sure that they will not cause problems in using the system
 
  • Like
Reactions: Trident and Kongo
Sending DNT-requests disabled
Click to expand...
@Kongo Regular settings doesn't have an option to fully disable. Do you set both of these advanced preferences to 'false'? Are there additional prefs?🤔
Code: 
privacy.donottrackheader.enabled
services.sync.prefs.sync.privacy.donottrackheader.enabled

I'm hoping to snag a Firewalla Blue+ one of these days.
 
  • Like
  • Hundred Points
Reactions: Kongo, simmerskool and Trident
oldschool said:
@Kongo Regular settings doesn't have an option to fully disable. Do you set both of these advanced preferences to 'false'? Are there additional prefs?🤔
Code: 
privacy.donottrackheader.enabled
services.sync.prefs.sync.privacy.donottrackheader.enabled

I'm hoping to snag a Firewalla Blue+ one of these days.
Click to expand...
a gem of a post, I've never heard of Firewalla Blue+, looks interesting...
 
  • +Reputation
  • Like
Reactions: Kongo and ErzCrz
oldschool said:
@Kongo Regular settings doesn't have an option to fully disable. Do you set both of these advanced preferences to 'false'? Are there additional prefs?🤔
Code: 
privacy.donottrackheader.enabled
services.sync.prefs.sync.privacy.donottrackheader.enabled

I'm hoping to snag a Firewalla Blue+ one of these days.
Click to expand...
Didn't have those about:config settings disabled. Will change that.
About Firewalla Blue+: I would take one of their other options if I were you. Blue + is the oldest one of them and probably the next to be discontinued. Otherwise you can't go wrong with Firewalla (y)
 
  • Like
  • Thanks
Reactions: Gandalf_The_Grey, simmerskool and oldschool
Kongo said:
Didn't have those about:config settings disabled. Will change that.
Click to expand...
I think the first preference is the default 'true' when DNT is set to "Only when FF is set to block know trackers". Not sure what that 2nd preference is for.

I'm confused about the meaning of the "Only when ... " option in settings, especially upon reading this
The Do Not Track feature is turned off by default, except in Private Windows, where it is always on by default.
Click to expand...
How do I turn on the Do Not Track feature? | Firefox Help
It seems to me that the "Only when ... " setting is always sending DNT with TP enabled, but not so according to above link. o_O :rolleyes:
o_O🤔
 
  • Like
  • +Reputation
Reactions: Kongo, simmerskool and Trident

You may also like...