Basic Security Allego's Laptop Security Config 2024

Last updated
May 21, 2024
How it's used?
For home and private use
Operating system
macOS 15 Sequoia
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Basic account password (insecure)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer
Smart App Control
Evaluation mode
Network firewall
Enabled
About WiFi router
Provided by XFinity
Real-time security
Crowdstrike Falcon Go
Firewall security
Microsoft Defender Firewall
About custom security
Applied Crowdstrike's Windows recommended prevention policy settings
Applied Lolbin and Recommended H_C using FirewallHardening
Periodic malware scanners
None
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox (using Betterfox settings)
Ublock Origin
Container Tabs
Secure DNS
Cloudflare Gateway
Desktop VPN
ProtonVPN
Password manager
ProtonPass
Maintenance tools
Windows Built-in tools
File and Photo backup
Flash Drive
Subscriptions
    • Google One Basic 100GB
System recovery
Using WIndows Create a recovery drive into my flash drive
Risk factors
    • Browsing to popular websites
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
Computer specs
Acer Predator
Intel i7-10750H
NVIDIA RTX 2060
16GB
SSD 512GB
Notable changes
May 21, 2024
Switched my AV to Crowdstrike Falcon Go from Kaspersky Plus
Migrated to ProtonPass from KPM

May 29, 2024
Changed USB Policy for Mass Storage from read, write, and execute to read and write.
Changed Adware & PUP Prevention Level to Aggressive
Used AppLocker to block .exe, msi, and scripts in Downloads folder from executing

May 30, 2024
Changed all Prevention Level to Aggressive

June 7, 2024
Changed DNS from NextDNS to ControlD

September 2, 2024
Changed DNS from ControlD to Cloudflare Gateway
What I'm looking for?

Looking for minimum feedback.

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
I posted my first security config in 2019. I'm unable to edit/update it because it was already in archived due for not updating it for 5 years lol so I need to make a new one. Any suggestions are welcome. Thank you!
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,595
Nice config! Tho you don't need to enable LOLBins + recommended as H_c recommended is just a smaller collection of all the LOLBins.
 
  • Like
Reactions: Nevi and Allego

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
Nice config! Tho you don't need to enable LOLBins + recommended as H_c recommended is just a smaller collection of all the LOLBins.
Okay thanks for letting me know. Though I did clicked both so far no problems. Anyway, I don't use MS Office but I use LibreOffice. Do I need to "add rule" all of its .exe files or just leave it?
 
  • Like
Reactions: Nevi

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,595
Okay thanks for letting me know. Though I did clicked both so far no problems. Anyway, I don't use MS Office but I use LibreOffice. Do I need to "add rule" all of its .exe files or just leave it?
Simply click on "add LOLBins" and you are good to go. The rest like Adobe, MS Office rules are only necessary if you actually use the software
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
I would:

* Set UAC to Always Notify.
* Periodic malware scanners: add any 3rd party second Opinion Scanner would be welcome.
* System recovery: a full image system backup solution would be welcome also here.

Thanks for sharing :)
 

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
I would:

* Set UAC to Always Notify.
* Periodic malware scanners: add any 3rd party second Opinion Scanner would be welcome.
* System recovery: a full image system backup solution would be welcome also here.

Thanks for sharing :)
I will just leave the UAC to its default and won't add a second opinion scanner because I won't add anymore apps in this system. Just the browser, real-time security, password manager, vpn, firewall hardening tool, o&o shutup, and Libre Office. If my curiosity kicks in, I'll just fire up the Windows Sandbox or Hyper-V and visit the website there. I did make a system recovery though using the Windows create recovery drive feature into my flash drive (y)
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,595
I will just leave the UAC to its default and won't add a second opinion scanner because I won't add anymore apps in this system. Just the browser, real-time security, password manager, vpn, firewall hardening tool, o&o shutup, and Libre Office. If my curiosity kicks in, I'll just fire up the Windows Sandbox or Hyper-V and visit the website there. I did make a system recovery though using the Windows create recovery drive feature into my flash drive (y)
May I ask how you managed to get Crowdstrike? And how is it running on your system?
 

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
May I ask how you managed to get Crowdstrike? And how is it running on your system?
I got it through Amazon for $39 per license. It feels light in the system. Even though I turned all the settings and put the protection level to Aggressive/Moderate. It reminds of Panda Cloud when I used it years ago.
 

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
Some small changes
Changed Adware & PUP Prevention Level to Aggressive
Changed USB Policy for Mass Storage from read, write, and execute to read and write.
Used AppLocker to block .exe, msi, and script files in Downloads folder from executing
 

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
Okay so after some testing, I changed all the prevention levels from moderate to aggressive and I didn't feel any performance impact. So it's all good (y)
This probably the last time I'll mess with the settings until they introduce new features or until I discover some again 'cause I'm still exploring and learning about their console 😅
 
  • Like
Reactions: oldschool and Kongo

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
NextDNS subscription was up and went to ControlD. Almost the same speed at least in my area. So far so good
 
  • Like
Reactions: oldschool

Allego

Level 3
Thread author
Verified
Well-known
Jan 25, 2016
125
Done dealing with False Positives. Changed my DNS to Cloudflare Gateway.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top