Daario's config

Windows Edition
Enterprise
User Access Control
Always notify
Real-time security
- Windows Defender
- Enhanced Mitigation Experience Toolkit & Malwarebytes Anti-Exploit Free (tweaked to work together)
- TinyWall
- AppLocker
- Windows integrity policy
Periodic malware scanners
no need, if malware gets by the security, i will notice from logs
Malware sample testing
Browser(s) and extensions
- Cyberfox (running on low integrity level): uBlock origin, NoScript
- Internet Explorer (protected mode)
Maintenance tools
- chml
- SoftPerfect RAM Disk (for temp folders, i have to much free RAM)
- BitLocker
Daario

Daario

New Member
Thread author
Jan 13, 2016
6
I've been running this config for a while and haven't been infected so far.

I have UAC maxed and use a Standard user account.

Windows Defender provides a basic layer and blocks malicious files, which I don't download on my host anyway.

If an exploit gets through uBlock and NoScript, EMET and MBAE step in. If it passes their mitigations (not very likely) and tries to execute, it is blocked by AppLocker.

If Cyberfox (or any other 3-party SW) is exploited or malicious code somehow runs, Cyberfox and every thread it creates/file it drops is running on low integrity level, therefore cannot perform anything very dangerous. What's more, if it tries to access my personal folders (like Documents), Windows integrity policy steps in and denies the action, because personal folders have configured integrity policy in a way that no process with lower integrity level than medium can even read the content.

Integrity policy is absolute and only thing you can do with it is to increase your integrity level, which would mean passing UAC - only a masochist would allow that prompt and for exploiting UAC you would need at least medium integrity process. ;)

Physical security is normal - BIOS password, disabled Boot menu and BitLocker on startup.


So I feel safe. And would love to hear your opinion. :)
 
  • Like
Reactions: Dirk41, _CyberGhosT_, shukla44 and 2 others
A

Alkajak

Thanks for sharing your setup. This configuration looks professionally personalized and very "do not try at home"-esque. Looks good, and it looks like it works for you. My only question is about Smartscreen. Why disabled?
 
  • Like
Reactions: shukla44, Daario and Deleted Member 3a5v73x
D

Deleted Member 3a5v73x

Nice config. This setup shouldn't be copied i think, looks complicated at first but i like simplicity behind it. Nothing to add really. Thanks for sharing and enjoy MalwareTips :)
 
  • Like
Reactions: frogboy, Daario and Alkajak
Daario

Daario

New Member
Thread author
Jan 13, 2016
6
Thank you all. :)

Well, SmartScreen's real protection activates only when you try to execute the app. Since all executables (except for whitelisted) are blocked, I don't see a reason to have it enabled. I run something only when I know what it does and want to run it.

WD prevents storing malware on the disk, so I have it enabled. Not like it ever blocked anything though (except for UACMe, back when I was testing it). ;)

Yeah well the Enterprise version is not essential, just a small benefit from having a dad that runs a company. :) The advantage is keeping more things in house - less 3-party SW, less attack surface.

I can imagine working under Pro edition and running VoodooShield or NVT ERP beta. And BitLocker could be easily exchanged for VeraCrypt and syskey or something like that. ;)

I wouldn't call it "do not try at home" though. This config indeed requires an additional strong layer = you. But I believe that everyone with slightly advanced knowledge of using a PC and browsing web securely can do it. ;)

And yes, the configuration is a bit more complex, this is just some sort of baselines. But it's fairly simple. I noticed @Umbra has been digging into the security mechanism of Windows lately and posting some interesting stuff on the forum, so maybe he'll create some guides for integrity levels and policy? :)
 
  • Like
Reactions: shukla44, Alkajak, frogboy and 1 other person
D

Deleted member 178

Daario said:
Yeah well the Enterprise version is not essential, just a small benefit from having a dad that runs a company. :)
Click to expand...

Lucky you lol ^^

The advantage is keeping more things in house - less 3-party SW, less attack surface.
Click to expand...

This is the whole point ! not saying Group Policy, Applocker; Hyper-V, and other features. with Enterprise i could discard 95% of my security softs :D

I noticed @Umbra has been digging into the security mechanism of Windows lately and posting some interesting stuff on the forum, so maybe he'll create some guides for integrity levels and policy? :)
Click to expand...

I will try, but with Home edition it is quite limited ^^
 
You must log in or register to reply here.

Similar threads

nicolaasjan
    • Like
    • Applause
Serious Discussion Chrome not proceeding with Web Integrity API
Replies
1
Views
471
Chrome & Chromium
nicolaasjan
nicolaasjan
MuzzMelbourne
    • Like
    • +Reputation
    • Applause
New Update Win32 App Isolation now available in preview
Replies
1
Views
1,222
Microsoft Defender
Ink
Ink
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
WDACConfig module - WDAC Policy Deployment Simulation
Replies
0
Views
424
Other security for Windows, Mac, Linux
SpyNetGirl
SpyNetGirl

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top