Danger Nagisa Security Config 2021

Last updated
May 11, 2021
How it's used?
For sharing
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
N/A
Real-time security
None
Firewall security
Microsoft Defender Firewall
About custom security
Inbound connections set to be denied
Unnecessary services disabled

from H_C:
- Block LOLBins
- Block mshta.exe
- SRP is set to disallow except ((protect shortcuts)) and a few directories I chose.
- Block PowerShell scripts
- Block remote access
- Disable SMB 1,2 and 3
Periodic malware scanners
EEK
HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox with custom user.js
Qutebrowser
Pale Moon
Vivaldi
-
uBlock Origin
NoScript
Treestyle tabs
Secure DNS
NextDNS
Desktop VPN
None
Password manager
KeePassXC
Maintenance tools
Windows built-in tools
File and Photo backup
None
System recovery
None
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
R5 1600
GTX 1060@6
8 GB DDR4 2666 MHz
1 TB HDD
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team
  1. This setup configuration does not have a backup plan. We strongly recommend to add a backup solution for your data so that you can restore it in the case of an emergency.
    Backing up allows the recovery of data that has been lost due of a malware attack (eg. ransomware) or a hard disk crash. In such events you might lose family photos, your music collection, documents, or financial data. Backups are fast and simple to perform so it should be done on a regular basis.

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
342
From your setup:

Good luck. You will need it.(y)
Not having real time protection and sharing the PC with family members is literally the best way to get 500 fresh samples of PUPs and adwares. :LOL:
It’s even grossly negligent.

You know, not everybody is a click-happy user. Some have common sense, and I told them to not click on/run any unusual thing without my permission.

"Other users: Other accounts are Admin users"

It seems that other users use other (non-SUA) accounts. So, the SUA account is less safe than usual.
fixed that now (y)
 
  • Like
Reactions: Nevi and Andy Ful

Thiagoo

Level 3
May 10, 2021
66
You know, not everybody is a click-happy user. Some have common sense, and I told them to not click on/run any unusual thing without my permission.
If you don't use an AV because you have common sense you should think again. Vulnerabilities can get into your PC and place a backdoor there, you'll never know if you're infected or not, and a security solution can detect and disinfect it. You don't even need to use a third party AV, you can just use Windows built-in security (and do some hardening if you want).
 
  • Like
Reactions: jerzy601 and Nevi

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,458
...
Merely implementing a strict SRP and not allowing standard users to elevate is often way more secure than any antivirus
...
This will work only with software based on Microsoft Store, and software that can update via Task Scheduler or Windows Updates with high privileges (I use it on my wife's computer, but also with Defender).
Such setup would not be strictly non-AV, because of the anti-phishing & antimalware protection implemented in the web browser and Windows SmartScreen which comes from Microsoft ISG.

The AV vendors would already implement such protection if they want. But, they know, that only a negligible amount of people would use it (no profit for them). That is why Windows 10 S was unpopular due to the lack of support for desktop applications.
 
Last edited:

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
342
It was a good idea, I set up SRP to prevent unlucky incidents. I left the deny-elevation-on-SUA setting disabled though, as it will going to annoy me too much.
 
  • Like
Reactions: Nevi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top