Advanced Plus Security DeepWeb's Security Config

Last updated
Dec 17, 2018
Windows Edition
Enterprise
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Kaspersky Total Security (GDPR)
Firewall security
Periodic malware scanners
Norton Power Eraser
Run PE Detector
VT Hash Checker
Root Certificate Check
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Browsers:
Chrome
Firefox Nightly
Edge

Extensions:
Nano Adblocker & Defender
HTTPS Everywhere
Privacy Possum
Searchonymous
Temporary Container (FF)
Maintenance tools
None - They break more than they fix
File and Photo backup
Windows Backup using File History
System recovery
Macrium Reflect

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
exactly, I also noticed EAM does inject something to other programs, especially the ones using hardware virtualization, and somehow makes them a bit malfunctional

explorer.exe and task manager crashed as soon as I installed EAM and so did chrome/slimjet appcontainer feature. I couldn't perform a reboot but a forced shutdown and reboot. After a reboot, most of them worked again and I had to sacrifice chrome appcontainer to suit EAM.
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
exactly, I also noticed EAM does inject something to other programs, especially the ones using hardware virtualization, and somehow makes them a bit malfunctional

explorer.exe and task manager crashed as soon as I installed EAM and so did chrome/slimjet appcontainer feature. I couldn't perform a reboot but a forced shutdown and reboot. After a reboot, most of them worked again and I had to sacrifice chrome appcontainer to suit EAM.
That seems to be the general trend. Microsoft has ramped up kernel security and anything that attempts to get near it gets rejected. I will keep on searching for the right AV that just works. I'm no longer accepting that any AV can break normal functioning apps.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That seems to be the general trend. Microsoft has ramped up kernel security and anything that attempts to get near it gets rejected. I will keep on searching for the right AV that just works. I'm no longer accepting that any AV can break normal functioning apps.
how is fsecure ultralight? Is it updated or still stuck at the old version? can you take a few screenshots of it. Thank you
 
  • Like
Reactions: ZeroDay and amico81

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
how is fsecure ultralight? Is it updated or still stuck at the old version? can you take a few screenshots of it. Thank you
It's all updated back to using Emsisoft since I am running into the same issues with Ultralight... Opening Windows Defender Security Center during a particular moment appears to crash Windows Explorer when you use 3rd part AVs. Very strange behavior.
 
  • Like
Reactions: Evjl's Rain

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
It's all updated back to using Emsisoft since I am running into the same issues with Ultralight... Opening Windows Defender Security Center during a particular moment appears to crash Windows Explorer when you use 3rd part AVs. Very strange behavior.
perhaps, your settings prevented AVs to inject context menu dll to explorer.exe so they crashed? Maybe this feature is dedicated for windows defender or it has to be enabled after the AV finishes installing

I mean virtual based security
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
perhaps, your settings prevented AVs to inject context menu dll to explorer.exe so they crashed? Maybe this feature is dedicated for windows defender or it has to be enabled after the AV finishes installing

I mean virtual based security
Probably.

Update: Decided to just go with Windows Defender Antivirus since it has no conflict with virtualization-based security.
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
how is fsecure ultralight? Is it updated or still stuck at the old version? can you take a few screenshots of it. Thank you
Btw
FBSvfFU.png

All engines are up to date from today (Dec 8, 2017). Ultralight Antivirus is alive and well.
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I enabled Smartscreen Network Protection, ASR and Exploit Guard through Group policy.

Use Windows Defender Exploit Guard to protect your network

Once again it puzzles me why Microsoft has these powerful features well hidden and as complicated as possible for regular users but oh well. There is also no real way to test if they are actually working other than the samples from Microsoft which isn't saying much.

Disabled automatic file submission. No need. Microsoft has enough guiney pigs. Windows Defender Antivirus won't update definitions normally on my setup so I had to change it to get definition updates from Windows Update...
 
  • Like
Reactions: harlan4096

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I managed to resolve a lot of issues with EAM after finding some of Umbra's EAM/Comodo settings here but MOST OF ALL, make sure to whitelist Synaptics processes (there are two)... who could have known that these two can cause so much trouble. The difference in performance cannot be understated. CPU usage has gone from 5-7% when all I do is move the cursor to ~0-1%.

-Comodo Firewall

It's been a quite a ride. We are down to two. EAM and Keyscrambler. While I strongly believe that EAM can detect keyloggers, I opt to my anti-government spying tinfoil hat. My focus is on anti-exploit and exploit mitigation by hardening Windows
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Upgraded my Chrome and Firefox extensions as well as adding some additional lists to my adblocker while removing others that I find too big and just not necessary. I've been running into a few performance issues since the Emergency Update. AOMEI Backupper crashed the OS for the first time. Never had any issues. I'm not sure if they are because of the Intel fix or because Microsoft added new bugs through other updates.

Update:
-Keyscrambler Free
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
My 3rd backup attempt since the Emergency Patch. AOMEI is running into issues during the backup process.
-Occassional freeze
-Much much slower backup

Whatever Microsoft changed about the Windows kernel is severely slowing it down (VSS perhaps?).

Update: It is indeed VSS. I switched to using AOMEI's built-in backup utility and I no longer have slowdowns.
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Steven Black Hosts file was blocking Windows update. I could not determine which URL in particular was being blocked. But, just in case someone experiences the same thing, disable/delete your Hosts file under "\Windows\System32\drivers\etc\hosts" and try to update again.
 

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
-Added to Firefox:
mozilla/policy-templates

Firefox 60+ now supports Group policy templates! Great news. Less configuring between accounts.

Also upgraded from Windows 10 Pro to Enterprise. Almost no difference to Pro if you're not part of a big company that takes full advantage of all the tools to centralize and standardize desktop environments across multiple devices. I'm still exploring what I can do more. Initially only purchased for Credential Guard and App-V. It didn't even download anything extra. It appears all an upgrade from Pro to Enterprise does is flip some internal switches to unlock features that are already there. For comparison, when I upgraded from Home to Pro, I got a big Windows update that brought in all the Pro features, restart was required. But since Microsoft designs Windows with enterprise in mind, might as well get their gold standard.

Once the new Intel microcode is available as BIOS or Windows update, I will re-enable virtualization-based security (HVCI and Credential Guard) and take full advantage of Windows Defender Application Guard as well as App-V. Currently not possible because Hyper-V and VMware CPU Microcode Update Driver are not compatible. But the hardware benefits of the Microcode update driver far outweigh the need for security of VBS.
Hardware health > Software health
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Updated to Windows 10 1803 through in-place upgrade (Download Media Creation Tool, download Windows.iso, mount iso, click setup.exe). Went smooth. Your System Reserved Partition may give you problems. Just follow this if you run into an error: https://support.microsoft.com/en-us...m-reserved-partition-error-installing-windows

It was also stuck at 88% for a while (1-2 hours perhaps). Don't sweat it as long as Task Manager shows that it is doing something.

Update: I'm very confused. I allotted time expecting to fix bugs, reinstall drivers and all but this upgrade left me with nothing to do. It just runs extremely well out of the box and this time it kept almost all of the settings except wiping the registry which I am actually thankful for.
 
Last edited:

DeepWeb

Level 25
Thread author
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I gave DNS over HTTPS in Firefox a try using Cloudfare's new DNS resolver. It works. It's FAST!! But, it bypasses your AV's web protection. So I had to revert back.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top