Advanced Plus Security Brambedkar59's Security Config 2026

Last updated
Nov 7, 2025
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
2 older laptops running Win 10 (one with F-secure and other Kaspersky Free)
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
    • Basic account password (insecure)
Security updates
Check for updates and Notify
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer
Smart App Control
Off
Network firewall
Enabled
Real-time security
Avast Premium
Firewall security
Other - Internet Security (3rd-party)
About custom security
Persistent cache enabled for all scans
Periodic malware scanners
Norton Power Eraser
EEK
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Common extension/Search in all browsers: Bitwarden, Bing Search
Edge (Default): uBlock Origin (MV2), Shazam (enabled only on usage), Bypass Paywalls Clean ( (enabled only on usage))
Firefox (Secondary): uBlock Origin
Secure DNS
NextDNS
Desktop VPN
Proton VPN
Password manager
Bitwarden
Maintenance tools
Biweekly run: Windows Built-in, CCleaner, WiseCare 365 (Rarely used), Driver Store Explorer [RAPR] (for deleting old drivers not needed)
For finding program updates: UCheck & RuckZuck
HiBit Uninstaller
File and Photo backup
Google Drive, OneDrive
Subscriptions
    • None
System recovery
Hasleo Backup Suite
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Gaming with third-party mods
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
malwaretips.com

PC Specs - Brambedkar59's gaming laptop 2021

Recently bought a new laptop, pretty happy with it so far. Slightly larger 17.3" screen (compared to 15.6") really makes a difference, could be also due to the fact that I can use 100% display scaling instead of 125% scaling on 15.6" 1080p display. Colors are also much better than my previous...
malwaretips.com malwaretips.com
11400H (UV via ThrottleStop), 3050Ti (UV via G-Helper), 16 GB, 0.5TB + 1 TB NVMe, 1 TB & 4 TB HDD (for image backup and downloads)
Notable changes
Kaspersky Free to AVG IS
AVG IS to Kaspersky Free
Kaspersky Free to Avast Premium
What I'm looking for?

Looking for medium feedback.

SeriousHoax said:
Anonymized doesn't mean it's not visible/hidden, it just means that instead of using your exact IP or IP subnet it uses the ASN number of that region or something like that. I don't fully understand ASN number yet, but some details are present in the NextDNS article you gave above, as well as in this AdGuard article.
adguard-dns.io

Privacy-friendly EDNS Client Subnet

EDNS Client Subnet is a mechanism used by DNS resolvers to to deliver location-specific results to clients. It's widely popular, but also not without its drawbacks. Are there ways to improve it?
adguard-dns.io adguard-dns.io
AdGuard took inspiration from NextDNS's approach and made some tweak of their own to further improve cache hit ratio.

My IP address starts with 103 while the ECS that I get from AdGuard starts with 203. Both IP belongs to my country, but they are not the same, hence still private to some extent. So when DNS is queried with the ECS IP subnet, the DNS server still knows that it's coming from my country and serve IPs for/closest to my location if available.
So the ECS shouldn't be hidden to a testing site as far as I understand. No issue while using AdGuard DNS on that site, who is doing almost exactly the same thing as NextDNS.

Besides, NextDNS has their own testing site,
You should see an ECS entry here if ECS is working for you. If you see, then the previous testing site has an issue.
Here's mine. No sign of ECS here.
View attachment 292575
The nice thing is, you can use this site to test ECS with any DNS provider.
Here's the same site with AdGuard DNS, and there we have ECS. You can test with Google DNS, Quad9 with ECS or anything else.
View attachment 292578
Another method that is given in the NextDNS article is by using DIG. This method is applicable to NextDNS only.

I already have dig installed on my Windows. You will have to install it for testing. Here from the result we have another confirmation that ECS is not being sent when I am using NextDNS.
View attachment 292574
So you can try these methods to see it's actually working for you.
ECS not working for many users is a long known issue. It never ever worked for me.
Click to expand...
Thanks a lot for clarifying (y) 😊
 
  • Like
Reactions: Sorrento, brambedkar59 and SeriousHoax
brambedkar59 said:
But how to test if it is actually working?
Click to expand...

Give this a read.

NextDNS Diagnostic Guide: Connection and Smart ECS Check

This guide shows you how to use NextDNS tools to check your connection status, latency, and, most importantly, confirm that the Smart EDNS Client Subnet (ECS) feature is working to protect your privacy.



I. For Windows Users: The Dedicated Diagnostic Tool

NextDNS provides a specific program to run comprehensive checks on your Windows machine and generate a shareable report.

1. Download and Run the Program

Download the official NextDNS diagnostic program and run it.

It automatically gathers network measurements related to your connectivity and routing with NextDNS.

2. Generate the Report URL

At the end of the process, it submits the report and gives you a unique diagnostic URL (e.g., [https://nextdns.io/diag/](https://nextdns.io/diag/)...).
Share this URL if you need assistance troubleshooting specific latency or routing issues.



II. Basic Status Check: The NextDNS Test Page

For a quick check of your current connection and basic settings, use the official NextDNS test page:

Go to: [https://test.nextdns.io/](https://test.nextdns.io/)

This page provides key information at a glance, such as the connection status (should show ok), the protocol (e.g., DOH or DOT), and the client IP address it sees.



III. For Advanced Users (Linux/Mac): Verifying Smart ECS Logic

To confirm NextDNS's Smart ECS (which substitutes your IP for privacy) is working on a specific domain, you can use the `dig` command. This checks if the domain is on their whitelist for ECS optimization.

1. The Diagnostic CHAOS Query

Run this command in your terminal. Be sure to replace `[domain_name]` with the site you want to test (e.g., `facebook.com`):

Code: 
dig +tcp +nocomment chaos [domain_name] @ecs-test.nextdns.io

2. How to Read the Results

The key is the line containing `smart-ecs.nextdns.io` in the output's TXT record.

Scenariosmart-ecs.nextdns.io TXT RecordWhat It Means
Domain is on the Whitelist"X.Y.Z.0/24" (Example)The domain needs ECS for speed. NextDNS sent a substituted subnet for optimization. The IP block shown is not your real IP.
Domain is NOT on the Whitelist"not sent"The domain was determined not to benefit from ECS. NextDNS sent NO ECS data at all, maximizing your privacy.

This check confirms that NextDNS successfully applies its smart logic, either sending a privacy-preserving substitute subnet or skipping ECS entirely, depending on the domain.
Click to expand...
 
Last edited:
  • Like
Reactions: brambedkar59 and Kongo
Captain Awesome said:
Why Avast!?
Click to expand...
I wouldn't have switched away from Kaspersky Free but they kinda forced my hand by discontinuing the free version. I thought about going premium route with Kaspersky but I hate the Application control, it's very annoying.
Avast is the 2nd best choice for me. It's usually in the top 5 spots in-terms of both protection and performance (which is more important for me, so MS Defender is no go), since last 5 years.
Avast allows exceptions easily just like Kaspersky. Updates don't slow down system like Bitdefender. Also, False positives are not too high unlike some of the AVs.

Edit: I do have concerns about its stability, from my past experience. I will use it for a while and then go from there.
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: Jonny Quest, Gandalf_The_Grey, Sorrento and 2 others
brambedkar59 said:
I wouldn't have switched away from Kaspersky Free but they kinda forced my hand by discontinuing the free version. I thought about going premium route with Kaspersky but I hate the Application control, it's very annoying.
Avast is the 2nd best choice for me. It's usually in the top 5 spots in-terms of both protection and performance (which is more more important for me, so MS Defender is no go), since last 5 years.
Avast allows exceptions easily just like Kaspersky. Updates don't slow down system like Bitdefender. Also, False positives are not too high unlike some of the AVs.
Click to expand...
Kaspersky Free is working fine for me. Recently know about discontinuing K Free from @harlan4096 and its really sad to see. Hope they will bring back free soon.
 
  • Like
  • Applause
Reactions: Sorrento, Moonhorse, harlan4096 and 2 others
Why, despite your security settings being categorized as "Advanced Plus Security" do they still include the following:

Screenshot 2025-12-17 174800.png
 
  • Like
Reactions: brambedkar59 and Gandalf_The_Grey

You may also like...