Advanced Plus Security DeepWeb's Security Config

[DeepWeb]

My setup is aiming to be as lightweight and as conflict free as possible.

My priorities:

• Hardware health > Software health. This setup has low CPU, low RAM, low disk and low bandwidth usage. Fast boot speed. Security software should not run at the cost of hardware. There's no need to compromise.

• Something that will work with all types of software (translate: great for gaming even with mods). Software that is very old, software that is brand new, mods, apps, tools, and tweaks, signed or unsigned. Good security software should be able to tell what is good and what isn't.

How I achieve it:

1. Only using my standard user account and being smart and careful about what I download and where it's from.

2. Group policy settings and software/OS/driver updates are my #1 way to harden Windows.

3. Anti-Malware with a great behavior blocker and Exploit mitigations block unwanted/malicious software.

4. Hardware firewall and HOSTs file block unwanted connections system wide, and browser extensions and tweaks block all unwanted connections in their browsers.

 

[Deletedmessiah]

Nice config!

 

[FrFc1908]

nice config , nothing to ad really , although I would like to suggest that you moght want to switch to a more safer / realiable backup program like macrium reflect free or aomei backupper standard. both are free and reliable backup solutions. but that is entirely up to you if you want to make that change, thanks for sharing your config with us!

 

[BugCode]

Good, good, good!

Yes, if you got DA on your setup, very nice. Solid host-file pick . Tweaking is hard job! That's why i do some tweaks that i can just click and done, of course they every M$ UPDATE WORK, BUT I GOT BACKUP OF COURSE AND THEY ARE PRETTY FAST DONE.

Damn! Sorry caps-lock, lazy bastard like me doesn't bother correct those, so be it!

If i may some suggestion, it's Sbie. Maybe WFC, Tinywall, or even CFW.

Okay your good, thank you very much sharing your config dude!

E: DAMN! @public enemy lazy ass dude! You want everything is served front of you?
I have tweaking and tested those so long time that they work correctly like it should be....so you think i give you a "so high priced homework" like that! I already give you POT "tweaks" today, so here you are...will see

 

[Sunshine-boy]

@BugCode upload these tweaks
make it easy for others

 

[DeepWeb]

nice config , nothing to ad really , although I would like to suggest that you moght want to switch to a more safer / realiable backup program like macrium reflect free or aomei backupper standard. both are free and reliable backup solutions. but that is entirely up to you if you want to make that change, thanks for sharing your config with us!

Question. If you use Macrium Reflect to backup, do you use Macrium to restore your files or can you use the Windows utility to do so?

 

[BugCode]

Question. If you use Macrium Reflect to backup, do you use Macrium to restore your files or can you use the Windows utility to do so?

Yes, however. Sorry i am not Sir @Trickster i know.

 

[DeepWeb]

Yes, however. Sorry i am not Sir @Trickster i know.

Thank you.

 

[Overlord]

Nice config. Looks good.

 

[hd35]

Good configuration.
Thank you for sharing.

 

[ForgottenSeer 19494]

I've talked with 0patch's developer about some issues and about the need of 0patch on a fully updated Windows 10 home machine. 0patch is a product targeted towards either unsupported OSes or a corporate environment where full patches are delayed by sysadmins. If you are using a fully updated Windows 10 you might not need it and It can cause some issues with the way it injects inself.

 

[JM Safe]

Good config, all layers are covered.

Thanks for sharing.

 

[frogboy]

A nice config, nothing to add here other than to keep those backups up tp date. Most important.

Thanks for sharing with us here at MT.

 

[Exterminator]

Secure Windows 10 config! Thanks for sharing it with us

 

[Dave Russo]

Interesting,where did you ever find the programs 0patch and RunPEDetector? Never heard of either but googled and look pretty good. What was your thought process in choosing them? Thanks nice set up

 

[DeepWeb]

Interesting,where did you ever find the programs 0patch and RunPEDetector? Never heard of either but googled and look pretty good. What was your thought process in choosing them? Thanks nice set up

The EternalBlue debacle really made me wake up to the idea of exploits, what they are and how real of an issue they might be. So I followed infosec people on Twitter and they kept referring to 0patch so I downloaded it.
RunPEDetector and most of that stuff I found here on MT in the "Other security for Windows" section.

I said it in my intro. "Other security for Windows" on MT and "Other anti-malware" on Wilders are the most interesting sections IMO.

 

[outlawxtorn]

How do you like f-secure? I'm waiting for an invite still so I can pair it with VS pro.

 

[DeepWeb]

How do you like f-secure? I'm waiting for an invite still so I can pair it with VS pro.

Well if you want F-Secure Ultralight 64 bit, you can get it through here
F-Secure Ultralight Anti-Virus Beta

I like it. Definitely better detection than Windows Defender. Just a headsup, it does not look like the regular F-Secure and it has a strange way of installing itself. Very little visual feedback during installation, and no entry in Start Menu. Not a lot of choices, no whitelist you can navigate to but you can whitelist but I don't have any conflicts (nvm might have conflicts with Origin).

Edit: So it does actually have a whitelist called "Marked as safe". I just have to get used to the different UI.

 

[DeepWeb]

Converted to Avast Free Antivirus after seeing that it has some excellent 0 day detection and even fares better than some paid mainstream antiviruses.

Edit: Nevermind. Uninstalling this crap. Call me when there is a 3rd party antivirus that doesn't employ ugly hooks that break everything. For now I just use WD and other bells and whistles to enhance it.

 

[DeepWeb]

Installed Voodooshield and Crystal Security. Extremely happy with my setup. Very light-weight. In addition to that, I made sure to disable Windows Defender by Group Policy, Windows Firewall and that annoying Windows Defender Security Center.

Yes I use a lot of programs, but they don't conflict with each other as long as you whitelist all of them in Comodo Firewall. There is some overlap between Voodooshield and Comodo Auto-containment, but other than that they all complete one another. My goal was layered & light-weight security solution and I think I achieved that surprisingly not by having one internet security solution, but by having many. Almost no CPU usage at all. RAM?
Voodooshield 20 MB
Crystal Security 20 MB
CFW 10 MB
GhostPress 6 MB
MBAE 6 MB
AppCheck 2 MB
0patch 2 MB

64 MB RAM consumed. Yes I included the services as well.
The other goal I was trying to achieve using this is that if something compromised one of the modules, it wouldn't take down the entire security. E.g. if Voodooshield goes down, I still have the firewall, antivirus, anti-exploits, anti-keylogger and anti-ransomware running.