Advanced Plus Security Brambedkar59's Security Config 2024

[bazang]

It's a mess. MS can't be bothered to make proper documentations. Like Why Group policies have no effect on Defender service?

Because even the people at Microsoft do not know or understand how Windows GPO works. This is an accurate statement.

The people that write Microsoft documentation are not Windows internals gurus at Mark Russinovich's level. They're most just technical writers.

The vast majority of Windows internals is uncharted and undiscovered territory - changing as Microsoft changes the OS with every update.

 

[bazang]

I have already disabled defender service with DControl.

There for a while, Sordum's DControl stopped working; it no longer prevented Microsoft Defender from starting/it did not block it.

So it is good to know that it is working again for at least one person.

Just so you are aware, Microsoft knows about the method that Sordum uses. So it could close that ability to block Defender whenever it decides.

 

[Vitali Ortzi]

There for a while, Sordum's DControl stopped working; it no longer prevented Microsoft Defender from starting/it did not block it.

So it is good to know that it is working again for at least one person.

Just so you are aware, Microsoft knows about the method that Sordum uses. So it could close that ability to block Defender whenever it decides.

Disabling a few components and then a registry edit worked for me to disable defender and I just followed a guide from Microsoft fourm

 

[brambedkar59]

Just so you are aware, Microsoft knows about the method that Sordum uses. So it could close that ability to block Defender whenever it decides.

Well, I hope they don't.

 

[bazang]

Disabling a few components and then a registry edit worked for me to disable defender and I just followed a guide from Microsoft fourm

Officially and ultimately, Microsoft wants to remove any unmanaged user's ability to block Defender.

Microsoft uses the term unmanaged to mean 1) any system not connected to a Microsoft Account (a local account, for example) or 2) any system not managed by an Administrator (not a home Administrator but an enterprise or government IT administrator).

Sooner or later M$ will "patch" the various ways that users can block Defender. When I cannot say, but it has been on their bucket hit list for quite a while.

M$ is OK with the whack-a-user game.

One thing about Microsoft is that for the most part they don't care about what users can and cannot do on older builds of Windows. So if a system is not Windows 11 latest build then M$ will rarely release a patch for an older build to address what it considers to be a security gap or hole that results not from a bug or feature, but some unintended or unwanted way that Windows internals create the hole.

 

[Vitali Ortzi]

Officially and ultimately, Microsoft wants to remove any unmanaged user's ability to block Defender.

Microsoft uses the term unmanaged to mean 1) any system not connected to a Microsoft Account (a local account, for example) or 2) any system not managed by an Administrator (not a home Administrator but an enterprise or government IT administrator).

Sooner or later M$ will "patch" the various ways that users can block Defender. When I cannot say, but it has been on their bucket hit list for quite a while.

M$ is OK with the whack-a-user game.

One thing about Microsoft is that for the most part they don't care about what users can and cannot do on older builds of Windows. So if a system is not Windows 11 latest build then M$ will rarely release a patch for an older build to address what it considers to be a security gap or hole that results not from a bug or feature, but some unintended or unwanted way that Windows internals create the hole.

With all the low level security they have been pushing they could make it impossible for a user to do that if they wanted
Eh would definitely be a weird ride in the security by default where everyone will be adminless with low level firmware checks
Unless they pay for some administration license to unlock paid enterprise features with the cloud

Not sure if it will happen but it's always a possibility with their security by default agenda

Only good thing is that every PC will be as secure as their Xbox

 

[bazang]

With all the low level security they have been pushing they could make it impossible for a user to do that if they wanted
Eh would definitely be a weird ride in the security by default where everyone will be adminless with low level firmware checks
Unless they pay for some administration license to unlock paid enterprise features with the cloud

Not sure if it will happen but it's always a possibility with their security by default agenda

Only good thing is that every PC will be as secure as their Xbox

Over the years Microsoft has slowly been wearing-down users and making a strong attempt to manage their devices for them (at least the basics such as applying security patches):

1. Forced updates
2. Forced use of a Microsoft Account
3. Forced Windows S Mode on certain devices

However, to a very large extent, Microsoft wants no parts of home users and all the stuff that they bring.

The entire "users want to use stuff and they should be able to do what they want" is dinosaur thinking. That model has never worked and is the cause of everything that you read about in the daily cybersecurity news.

Do not blame Microsoft or any other company for terrible user security. Blame the users because they are 90% of the cause of device insecurity. Microsoft and OEMs could make extremely secure devices for consumers, but those consumers will not let them. The consumers want what they want when they want it. Well that is just like catering to a 4 year old child that throws temper tantrums and giving them what they want every single time because that is what makes the child stop carrying on like the little obnoxious thug that it is.

I do not think humanity is smart enough to be secure (or prevent catastrophic climate change or fix any other major problems such as the coming world war). Too many soft people. Too many people that want what they want when they want it.

 

[brambedkar59]

Replaced AVG VPN with Proton VPN (Did that last month forgot to update thread, oops)
Reason: AVG VPN has removed service from India effective 1st Jan 2025, due to privacy invasive laws, like many other VPNs.

 

[SeriousHoax]

Regarding your comment on this thread: Advanced Security - Captain's Configuration 2024-2025
You were supposed to receive a notification like this from Kaspersky when you ran Warp for the first time with Kaspersky:

Here you have click Add to exclusions to make it work with Kaspersky. Did you not receive this notification?

 

[brambedkar59]

Regarding your comment on this thread: Advanced Security - Captain's Configuration 2024-2025
You were supposed to receive a notification like this from Kaspersky when you ran Warp for the first time with Kaspersky:
View attachment 287367
Here you have click Add to exclusions to make it work with Kaspersky. Did you not receive this notification?

I never received this notification and WARP worked fine for almost a month now. Now it work sometimes and other times it doesn't.

 

[rashmi]

I never received this notification and WARP worked fine for almost a month now. Now it work sometimes and other times it doesn't.

You have Kaspersky and WARP, right? The problem might be due to HTTPS traffic analysis. Both of them install a self-signed certificate for it. Test disabling Kaspersky's HTTPS scanning feature.

 

[brambedkar59]

You have Kaspersky and WARP, right? The problem might be due to HTTPS traffic analysis. Both of them install a self-signed certificate for it. Test disabling Kaspersky's HTTPS scanning feature.

I turned off Https scanning with K and still can't connect for some reason.

 

[rashmi]

I turned off Https scanning with K and still can't connect for some reason.

The WARP app is buggy. Do you use WARP or the DNS connect feature in the WARP app?

 

[brambedkar59]

@SeriousHoax @rashmi You were both right, it was Kaspersky. I don't remember changing the setting "Visiting a domain with an encrypted connections scan error" to "Ignore" from "Ask". Changing Ignore to Ask fixed the issue. It showed a Pop-up notification when I started WARP again and I added an exclusion for it.

It's weird though that disabling https scanning didn't fix the issue. I also added WARP as trusted app in the above setting but that didn't help either.

 

[rashmi]

@SeriousHoax @rashmi You were both right, it was Kaspersky. I don't remember changing the setting "Visiting a domain with an encrypted connections scan error" to "Ignore" from "Ask". Changing Ignore to Ask fixed the issue. It showed a Pop-up notification when I started WARP again and I added an exclusion for it.
View attachment 287373
It's weird though that disabling https scanning didn't fix the issue. I also added WARP as trusted app in the above setting but that didn't help either.

How did you disable Kaspersky's HTTPS scanning? The setting "Visiting a domain..." isn't for completely disabling HTTPS.

 

[brambedkar59]

How did you disable Kaspersky's HTTPS scanning? The setting "Visiting a domain..." isn't for completely disabling HTTPS.

I meant this setting. "Network Settings > Do not scan encrypted connections"

 

[SeriousHoax]

@SeriousHoax @rashmi You were both right, it was Kaspersky. I don't remember changing the setting "Visiting a domain with an encrypted connections scan error" to "Ignore" from "Ask". Changing Ignore to Ask fixed the issue. It showed a Pop-up notification when I started WARP again and I added an exclusion for it.
View attachment 287373
It's weird though that disabling https scanning didn't fix the issue. I also added WARP as trusted app in the above setting but that didn't help either.

I once talked to harlan about this popup from Kaspersky. I was telling him that it would've been better if Kaspersky didn't show the user this popup and make their app compatible with popular apps like Cloudflare Wap by default like Avast, Bitdefender, ESET all do it in the background automatically. I don't know if in the newer versions of Kaspersky, they made "Ignore" the default mode instead of "Ask" to avoid such popups. If yes, then your problem shows then it's not perfect yet and more work on this need to be done by the Kaspersky team.

 

[harlan4096]

If yes, then your problem shows then it's not perfect yet and more work on this need to be done by the Kaspersky team.

Hum ... It all depends on the point of view with which you look, Kaspersky leaves the user to customize the behavior, and therefore, we can consider that it is by design and not a bug, and by desire of the developers .

 

[SeriousHoax]

Hum ... It all depends on the point of view with which you look, Kaspersky leaves the user to customize the behavior, and therefore, we can consider that it is by design and not a bug, and by desire of the developers .

If ask mode is still the default then yes, the devs want to give user the option. But I'll say that it creates confusion, so it's better for Kaspersky to handle it automatically. But if they have recently made Ignore the default option then it would mean that the devs are trying to automate this process but it's not problem free yet. I'll have to freshly install Kaspersky in a VM to know if Ignore is really the default option or @brambedkar59 changed the setting at some point by mistake.

 

[harlan4096]

I think it is still Ask by default...