Advanced Plus Security Divine Barakah's Laptop Security Config 2021

Last updated
May 2, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Kaspersky Total Security 21.3.10.391(b)
Firewall security
About custom security
- Trust group for applications that could not be added to existing groups (Untrusted).
- Trust group for applications started before startup of Kaspersky Total Security (High restricted).
- Trust digitally signed applications (unticked).
- Disabled Anti Banner.
Periodic malware scanners
ADW Cleaner
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Browsers
  • Microsoft Edge
  • Firefox
  • Vivaldi
Extensions
IDM
  • Mendeley
Secure DNS
Cloudflare DNS over HTTPS using Adguard Desktop.
Desktop VPN
BULLETVPN
Password manager
Kaspersky Password Manager.
Maintenance tools
Revo Uninstaller Pro Portable
File and Photo backup
Koofr & Microsoft One Drive
System recovery
AOMEI Backupper Pro
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Streaming audio/video content from shady sites
Computer specs
  • Acer Aspire ES1-572-586C
  • Intel Core i5-7200U
  • Intel HD graphics 620
  • Adata 8 GBs RAM
  • Adata Ultimate SU630 480 GBs SSD
What I'm looking for?

Looking for maximum feedback.

Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Jan Willy said:
Why?
Click to expand...
When @Evjl's Rain was still active in testing and we all participated AdGuard blocked almost nothing compared to Google Safe Browsing and Microsoft SmartScreen.
See this thread and/or do your own tests:
malwaretips.com

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...
malwaretips.com malwaretips.com
 
  • Like
  • Sad
  • Wow
Reactions: Cortex, Dave Russo, Divine_Barakah and 7 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Gandalf_The_Grey said:
Yes, you need an internet connection for Microsoft Defender to perform, but that's the case for almost all Antivirus software nowadays.
Click to expand...
Of course, that's true but for major AV vendors, local BB as own system process is able to work properly even offline to block suspicious files...

I'm using on my daily laptop, MD/WD as my AV, so my intention is never to bash any product, but it's wrong to claim that F-Secure has no advantage compared to MD/WD, we should always mention all points of view, and it's a fact that MD/WD doesn't includes a certain module like BB, default there aren't any settings available, we have to tweak via Group-Policy or the easier way just using tools like Configure-Defender.
 
  • Like
  • +Reputation
Reactions: Cortex, Dave Russo, Protomartyr and 5 others
Jan Willy

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
Gandalf_The_Grey said:
When @Evjl's Rain was still active in testing and we all participated AdGuard blocked almost nothing compared to Google Safe Browsing and Microsoft SmartScreen.
See this thread and/or do your own tests:
malwaretips.com

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...
malwaretips.com malwaretips.com
Click to expand...
Yes, I know. But I'm talking about the browser security option in Adguard Desktop. See How malware protection works
So, what I said before, in that way Google Safe Browsing also can be used.
 
  • Like
Reactions: Cortex, Divine_Barakah, Protomartyr and 5 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
SeriousHoax said:
pointed out in his review that it doesn't have system wide web protection (only in browsers), I was disappointed.
Click to expand...
Sad to hear, but you and anybody else should try to understand that reviews here on MT comes with a specific disclaimer that is very important to understand. Let me try help and quote :
Any views or opinions expressed are that of the member giving the information and may be subjective.
Click to expand...
 
  • Like
Reactions: Cortex, Protomartyr, Venustus and 4 others
F

ForgottenSeer 89360

silversurfer said:
Just to makes things more clear to anyone who may didn't know before:
We should mention that MD/WD doesn't includes a certain module like Behavior Blocker, MD/WD uploads suspicious files to own cloud-behavior-analysis by Microsoft, that's a different way to check files compared to a local module like DeepGuard by F-Secure.
Click to expand...
It uses cloud-based processing like McAfee, AVG, Symantec and many others, but it doesn't need a whole file to be sent to the cloud. This is only if the verdict is inconclusive.

How client behavioral blocking works​

Microsoft Defender Antivirus can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.
docs.microsoft.com

Client behavioral blocking - Microsoft Defender for Endpoint

Client behavioral blocking is part of behavioral blocking and containment capabilities at Microsoft Defender for Endpoint
docs.microsoft.com

upnorth said:
Sad to hear, but you and anybody else should try to understand that reviews here on MT comes with a specific disclaimer that is very important to understand. Let me try help and quote :
Click to expand...
So are you claiming that F-Secure does have system-wide web blocking?

help.f-secure.com

F-Secure User Guides

Guides and manuals for your F-Secure products
help.f-secure.com

Browsing Protection helps you browse the internet safely by providing safety ratings for websites on your browser and blocking access to websites that have been rated harmful.
Click to expand...
help.f-secure.com

F-Secure User Guides

Guides and manuals for your F-Secure products
help.f-secure.com

Note: Browsing Protection requires that the Browsing Protection extension is turned on in the web browser that you use.
Click to expand...
 
Last edited by a moderator:
  • Like
Reactions: Cortex, Divine_Barakah, Protomartyr and 4 others
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
McMcbrad said:
It uses cloud-based processing like McAfee, AVG, Symantec and many others, but it doesn't need a whole file to be sent to the cloud. This is only if the verdict is inconclusive.

How client behavioral blocking works​

Microsoft Defender Antivirus can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.
docs.microsoft.com

Client behavioral blocking - Microsoft Defender for Endpoint

Client behavioral blocking is part of behavioral blocking and containment capabilities at Microsoft Defender for Endpoint
docs.microsoft.com
Click to expand...
My point was just to mention that MD/WD doesn't includes a local BB which is able to work even offline to block suspicious files, that's a real downside compared to other major AVs. That is a fact and nothing like claiming my personal opinion as true ;)
 
  • Like
Reactions: Cortex, Protomartyr, Venustus and 3 others
F

ForgottenSeer 89360

silversurfer said:
My point was just to mention that MD/WD doesn't includes a local BB which is able to work even offline to block suspicious files, that's a real downside compared to other major AVs. That is a fact and nothing like claiming my personal opinion as true ;)
Click to expand...
According to official Microsoft Whitepaper, found here: http://download.microsoft.com/download/3/0/8/3085D641-1CA8-4E21-92DB-3D17F231D252/Windows security on disconnected devices whitepaper.pdf

Windows Defender AV also performs real-time scanning – identifying threats as soon as they are seen on the device. It doesn’t require Internet connectivity to perform this and other behavioral detection activities.
Click to expand...
It also has local behavioural detections added to database such as this: Behavior:Win32/SenseToVDMCreateFile20122522112.A threat description - Microsoft Security Intelligence
 
  • Like
  • +Reputation
  • Applause
Reactions: Nagisa, Cortex, Divine_Barakah and 6 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
McMcbrad said:
So are you claiming that F-Secure does have system-wide web blocking?
Click to expand...
The review sections disclaimer and extra so what I quoted is for All software reviews posted here on MT. That is important to understand. The review section here on MT is not created as something that automatic is more valuable and worth then everything else said, done or ever tested either on this forum or anywhere else. That's partially why the disclaimers exist to help explain.

That said, it does not mean that everything posted, said or stated on members reviews are wrong, but one should understand that, again :
Any views or opinions expressed are that of the member giving the information and may be subjective.
Click to expand...
 
  • Like
Reactions: Cortex, Divine_Barakah, Protomartyr and 3 others
F

ForgottenSeer 89360

The Cog in the Machine said:
@McMcbrad When I was using F-Secure it used to block IDM from downloading its updates. F-Secure has an option to block applications from downloading harmful content. Can this be considered a system-wide web protection?
Click to expand...
I haven't tested it with IDM as I do not use any. System-wide web blocking will work on all apps, regardless of the port and not only when they download files, but when they issue any connection whatsoever.

E.g. Malware.exe wants to connect to 192.168.088.011 on port 65536. The related IP address is already in blacklist and connection is aborted, before any download/upload is initiated. This can prevent not only secondary payload download, but can also stop malware from uploading personal data, such as files, credentials, etc.

Just blocking a download can't be considered system-wide web blocking.
 
Last edited by a moderator:
  • Like
  • Thanks
Reactions: Cortex, Protomartyr, Venustus and 1 other person
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
McMcbrad said:
According to official Microsoft Whitepaper, found here: http://download.microsoft.com/download/3/0/8/3085D641-1CA8-4E21-92DB-3D17F231D252/Windows security on disconnected devices whitepaper.pdf
Windows Defender AV also performs real-time scanning – identifying threats as soon as they are seen on the device. It doesn’t require Internet connectivity to perform this and other behavioral detection activities.
Click to expand...
Click to expand...
Where are the settings of "behavioral detection" that isn't fully enabled by default, we need tools like Configure-Defender or tweaking via Group-Policy.

docs.microsoft.com

Turn on cloud protection in Microsoft Defender Antivirus - Microsoft Defender for Endpoint

Turn on cloud protection to benefit from fast and advanced protection features.
docs.microsoft.com
docs.microsoft.com

Enable block at first sight to detect malware in seconds - Microsoft Defender for Endpoint

Turn on the block at first sight feature to detect and block malware within seconds.
docs.microsoft.com

My tests shows me the opposite, unknown malware can't be detected by Microsoft without active internet connection, that shows me it doesn't work offline, but everyone is free to believe what he want...
 
Last edited:
  • Like
  • +Reputation
Reactions: Cortex, Divine_Barakah, Protomartyr and 5 others
F

ForgottenSeer 89360

silversurfer said:
Where are the settings of "behavioral detection" that isn't fully enabled by default, we need tools like Configure-Defender or tweaking via Group-Policy.

My tests shows me the opposite, unknown malware can't be detected by Microsoft without active internet connection, that shows me it doesn't work offline, but everyone is free to believe what he want...
Click to expand...
Tweaking is indeed needed, but F-Secure in their DeepGuard whitepaper, McAfee in their RealProtect documentation, Symantec in their Endpoint Protection help files all mention that cloud look-ups are performed. It's not guaranteed that without connection, the performance of their behavioural blocking will be the same as online.
 
Last edited by a moderator:
  • Like
Reactions: Cortex, Protomartyr, Venustus and 6 others
DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
McMcbrad said:
Tweaking is indeed needed, but F-Secure in their DeepGuard whitepaper, McAfee in their RealProtect documentation, Symantec in their Endpoint Protection help files all mention that cloud look-ups are performed. It's not guaranteed that without connection, the performance of their behavioural blocking will be the same as online.
Click to expand...
What about Kaspersky , Do you have any idea ??
 
  • Like
Reactions: Cortex, Divine_Barakah, Protomartyr and 2 others
F

ForgottenSeer 89360

DDE_Server said:
What about Kaspersky , Do you have any idea ??
Click to expand...
I believe @harlan4096 is the best person to ask here, but Kaspersky and Bitdefender help files/whitepapers don't mention anything about internet connection anywhere. When I tested Kaspersky, malware removal was triggered after connection to a blacklisted C&C server was attempted, but I did not test whether it will be blocked without internet connection. The information wouldn't be relevant to anyone, as the malware itself was cloud-reliant.
 
  • Like
Reactions: Cortex, Divine_Barakah, Protomartyr and 3 others
DDE_Server

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
McMcbrad said:
I believe @harlan4096 is the best person to ask here, but Kaspersky and Bitdefender help files/whitepapers don't mention anything about internet connection anywhere. When I tested Kaspersky, malware removal was triggered after connection to a blacklisted C&C server was attempted, but I did not test whether it will be blocked without internet connection. The information wouldn't be relevant to anyone, as the malware itself was cloud-reliant.
Click to expand...
most APT or silent Trojans will mostly need C&C to downloads their tasks/Other components unless if they are type of worms to make botnet network however ransomware would be good test case and best scenario to test malware which may not need to to communicate with C&C in its first stages :) :)
 
  • Like
Reactions: Cortex, Divine_Barakah, Protomartyr and 5 others
F

ForgottenSeer 89360

DDE_Server said:
most APT or silent Trojans will mostly need C&C to downloads their tasks/Other components unless if they are type of worms to make botnet network however ransomware would be good test case and best scenario to test malware which may not need to to communicate with C&C in its first stages :) :)
Click to expand...
Unfortunately I forgot to turn off Kaspersky cloud telemetry whilst writing custom ransomware, my executable was uploaded and was detected the next day (I was just finishing the file iterator), so I couldn't test it against truly unseen ransomware :D
I had to change the whole key generator logic + the note writer module and it's too much hassle.

The ransomware I discovered/did before was all detected by heuristics set to max. It could be stopped by Application Control as well.
 
  • Like
  • HaHa
Reactions: Nevi, bayasdev, Divine_Barakah and 4 others
You must log in or register to reply here.

Similar threads

Nautilus
    • Like
    • Applause
Advanced Plus Security Nautilus Security Config 2024
Replies
1
Views
361
PC Setup Configuration Help & Showcase
Nautilus
Nautilus
lokamoka820
Serious Discussion Which is More Accurate as a Network Monitor: GlassWire or Windows Network Data Usage?
Replies
3
Views
215
Other security for Windows, Mac, Linux
lokamoka820
lokamoka820
RRlight
    • Like
Advanced Security RRlight gaming laptop config 2024
Replies
4
Views
294
PC Setup Configuration Help & Showcase
RRlight
RRlight

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top