SECURITY: Complete Divine Barakah's Laptop Security Config 2021

Last updated
May 2, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Other users
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Kaspersky Total Security 21.3.10.391(b)
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
- Trust group for applications that could not be added to existing groups (Untrusted).
- Trust group for applications started before startup of Kaspersky Total Security (High restricted).
- Trust digitally signed applications (unticked).
- Disabled Anti Banner.
Malware testing
No malware samples
Periodic security scanners
ADW Cleaner
Secure DNS
Cloudflare DNS over HTTPS using Adguard Desktop.
VPN
BULLETVPN
Password manager
Kaspersky Password Manager.
Browsers, Search and Addons
Browsers
  • Microsoft Edge
  • Firefox
  • Vivaldi
Extensions
IDM
  • Mendeley
Maintenance and Cleaning
Revo Uninstaller Pro Portable
Personal Files & Photos backup
Koofr & Microsoft One Drive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
AOMEI Backupper Pro
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Downloading software. 
  7. Streaming. 
Computer specs
  • Acer Aspire ES1-572-586C
  • Intel Core i5-7200U
  • Intel HD graphics 620
  • Adata 8 GBs RAM
  • Adata Ultimate SU630 480 GBs SSD
Feedback Response

Most critical feedback

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,908
When @Evjl's Rain was still active in testing and we all participated AdGuard blocked almost nothing compared to Google Safe Browsing and Microsoft SmartScreen.
See this thread and/or do your own tests:
 

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,312
Yes, you need an internet connection for Microsoft Defender to perform, but that's the case for almost all Antivirus software nowadays.
Of course, that's true but for major AV vendors, local BB as own system process is able to work properly even offline to block suspicious files...

I'm using on my daily laptop, MD/WD as my AV, so my intention is never to bash any product, but it's wrong to claim that F-Secure has no advantage compared to MD/WD, we should always mention all points of view, and it's a fact that MD/WD doesn't includes a certain module like BB, default there aren't any settings available, we have to tweak via Group-Policy or the easier way just using tools like Configure-Defender.
 

Jan Willy

Level 7
Jul 5, 2019
286
When @Evjl's Rain was still active in testing and we all participated AdGuard blocked almost nothing compared to Google Safe Browsing and Microsoft SmartScreen.
See this thread and/or do your own tests:
Yes, I know. But I'm talking about the browser security option in Adguard Desktop. See How malware protection works
So, what I said before, in that way Google Safe Browsing also can be used.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,425
pointed out in his review that it doesn't have system wide web protection (only in browsers), I was disappointed.
Sad to hear, but you and anybody else should try to understand that reviews here on MT comes with a specific disclaimer that is very important to understand. Let me try help and quote :
Any views or opinions expressed are that of the member giving the information and may be subjective.
 
F

ForgottenSeer 89360

Just to makes things more clear to anyone who may didn't know before:
We should mention that MD/WD doesn't includes a certain module like Behavior Blocker, MD/WD uploads suspicious files to own cloud-behavior-analysis by Microsoft, that's a different way to check files compared to a local module like DeepGuard by F-Secure.
It uses cloud-based processing like McAfee, AVG, Symantec and many others, but it doesn't need a whole file to be sent to the cloud. This is only if the verdict is inconclusive.

How client behavioral blocking works​

Microsoft Defender Antivirus can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.

Sad to hear, but you and anybody else should try to understand that reviews here on MT comes with a specific disclaimer that is very important to understand. Let me try help and quote :
So are you claiming that F-Secure does have system-wide web blocking?


Browsing Protection helps you browse the internet safely by providing safety ratings for websites on your browser and blocking access to websites that have been rated harmful.

Note: Browsing Protection requires that the Browsing Protection extension is turned on in the web browser that you use.
 
Last edited by a moderator:

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,312
It uses cloud-based processing like McAfee, AVG, Symantec and many others, but it doesn't need a whole file to be sent to the cloud. This is only if the verdict is inconclusive.

How client behavioral blocking works​

Microsoft Defender Antivirus can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.
My point was just to mention that MD/WD doesn't includes a local BB which is able to work even offline to block suspicious files, that's a real downside compared to other major AVs. That is a fact and nothing like claiming my personal opinion as true ;)
 
F

ForgottenSeer 89360

My point was just to mention that MD/WD doesn't includes a local BB which is able to work even offline to block suspicious files, that's a real downside compared to other major AVs. That is a fact and nothing like claiming my personal opinion as true ;)
According to official Microsoft Whitepaper, found here: http://download.microsoft.com/download/3/0/8/3085D641-1CA8-4E21-92DB-3D17F231D252/Windows security on disconnected devices whitepaper.pdf

Windows Defender AV also performs real-time scanning – identifying threats as soon as they are seen on the device. It doesn’t require Internet connectivity to perform this and other behavioral detection activities.
It also has local behavioural detections added to database such as this: Behavior:Win32/SenseToVDMCreateFile20122522112.A threat description - Microsoft Security Intelligence
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,425
So are you claiming that F-Secure does have system-wide web blocking?
The review sections disclaimer and extra so what I quoted is for All software reviews posted here on MT. That is important to understand. The review section here on MT is not created as something that automatic is more valuable and worth then everything else said, done or ever tested either on this forum or anywhere else. That's partially why the disclaimers exist to help explain.

That said, it does not mean that everything posted, said or stated on members reviews are wrong, but one should understand that, again :
Any views or opinions expressed are that of the member giving the information and may be subjective.
 
F

ForgottenSeer 89360

@McMcbrad When I was using F-Secure it used to block IDM from downloading its updates. F-Secure has an option to block applications from downloading harmful content. Can this be considered a system-wide web protection?
I haven't tested it with IDM as I do not use any. System-wide web blocking will work on all apps, regardless of the port and not only when they download files, but when they issue any connection whatsoever.

E.g. Malware.exe wants to connect to 192.168.088.011 on port 65536. The related IP address is already in blacklist and connection is aborted, before any download/upload is initiated. This can prevent not only secondary payload download, but can also stop malware from uploading personal data, such as files, credentials, etc.

Just blocking a download can't be considered system-wide web blocking.
 
Last edited by a moderator:

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,312
According to official Microsoft Whitepaper, found here: http://download.microsoft.com/download/3/0/8/3085D641-1CA8-4E21-92DB-3D17F231D252/Windows security on disconnected devices whitepaper.pdf
Windows Defender AV also performs real-time scanning – identifying threats as soon as they are seen on the device. It doesn’t require Internet connectivity to perform this and other behavioral detection activities.
Where are the settings of "behavioral detection" that isn't fully enabled by default, we need tools like Configure-Defender or tweaking via Group-Policy.


My tests shows me the opposite, unknown malware can't be detected by Microsoft without active internet connection, that shows me it doesn't work offline, but everyone is free to believe what he want...
 
Last edited:
F

ForgottenSeer 89360

Where are the settings of "behavioral detection" that isn't fully enabled by default, we need tools like Configure-Defender or tweaking via Group-Policy.

My tests shows me the opposite, unknown malware can't be detected by Microsoft without active internet connection, that shows me it doesn't work offline, but everyone is free to believe what he want...
Tweaking is indeed needed, but F-Secure in their DeepGuard whitepaper, McAfee in their RealProtect documentation, Symantec in their Endpoint Protection help files all mention that cloud look-ups are performed. It's not guaranteed that without connection, the performance of their behavioural blocking will be the same as online.
 
Last edited by a moderator:

DDE_Server

Level 22
Verified
Sep 5, 2017
1,095
Tweaking is indeed needed, but F-Secure in their DeepGuard whitepaper, McAfee in their RealProtect documentation, Symantec in their Endpoint Protection help files all mention that cloud look-ups are performed. It's not guaranteed that without connection, the performance of their behavioural blocking will be the same as online.
What about Kaspersky , Do you have any idea ??
 
F

ForgottenSeer 89360

What about Kaspersky , Do you have any idea ??
I believe @harlan4096 is the best person to ask here, but Kaspersky and Bitdefender help files/whitepapers don't mention anything about internet connection anywhere. When I tested Kaspersky, malware removal was triggered after connection to a blacklisted C&C server was attempted, but I did not test whether it will be blocked without internet connection. The information wouldn't be relevant to anyone, as the malware itself was cloud-reliant.
 

DDE_Server

Level 22
Verified
Sep 5, 2017
1,095
I believe @harlan4096 is the best person to ask here, but Kaspersky and Bitdefender help files/whitepapers don't mention anything about internet connection anywhere. When I tested Kaspersky, malware removal was triggered after connection to a blacklisted C&C server was attempted, but I did not test whether it will be blocked without internet connection. The information wouldn't be relevant to anyone, as the malware itself was cloud-reliant.
most APT or silent Trojans will mostly need C&C to downloads their tasks/Other components unless if they are type of worms to make botnet network however ransomware would be good test case and best scenario to test malware which may not need to to communicate with C&C in its first stages :) :)
 
F

ForgottenSeer 89360

most APT or silent Trojans will mostly need C&C to downloads their tasks/Other components unless if they are type of worms to make botnet network however ransomware would be good test case and best scenario to test malware which may not need to to communicate with C&C in its first stages :) :)
Unfortunately I forgot to turn off Kaspersky cloud telemetry whilst writing custom ransomware, my executable was uploaded and was detected the next day (I was just finishing the file iterator), so I couldn't test it against truly unseen ransomware :D
I had to change the whole key generator logic + the note writer module and it's too much hassle.

The ransomware I discovered/did before was all detected by heuristics set to max. It could be stopped by Application Control as well.
 
Top