Advanced Plus Security Divine Barakah's Laptop Security Config 2021

Last updated
May 2, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Kaspersky Total Security 21.3.10.391(b)
Firewall security
About custom security
- Trust group for applications that could not be added to existing groups (Untrusted).
- Trust group for applications started before startup of Kaspersky Total Security (High restricted).
- Trust digitally signed applications (unticked).
- Disabled Anti Banner.
Periodic malware scanners
ADW Cleaner
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Browsers
  • Microsoft Edge
  • Firefox
  • Vivaldi
Extensions
IDM
  • Mendeley
Secure DNS
Cloudflare DNS over HTTPS using Adguard Desktop.
Desktop VPN
BULLETVPN
Password manager
Kaspersky Password Manager.
Maintenance tools
Revo Uninstaller Pro Portable
File and Photo backup
Koofr & Microsoft One Drive
System recovery
AOMEI Backupper Pro
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Streaming audio/video content from shady sites
Computer specs
  • Acer Aspire ES1-572-586C
  • Intel Core i5-7200U
  • Intel HD graphics 620
  • Adata 8 GBs RAM
  • Adata Ultimate SU630 480 GBs SSD
What I'm looking for?

Looking for maximum feedback.

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
When @Evjl's Rain was still active in testing and we all participated AdGuard blocked almost nothing compared to Google Safe Browsing and Microsoft SmartScreen.
See this thread and/or do your own tests:
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Yes, you need an internet connection for Microsoft Defender to perform, but that's the case for almost all Antivirus software nowadays.
Of course, that's true but for major AV vendors, local BB as own system process is able to work properly even offline to block suspicious files...

I'm using on my daily laptop, MD/WD as my AV, so my intention is never to bash any product, but it's wrong to claim that F-Secure has no advantage compared to MD/WD, we should always mention all points of view, and it's a fact that MD/WD doesn't includes a certain module like BB, default there aren't any settings available, we have to tweak via Group-Policy or the easier way just using tools like Configure-Defender.
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
When @Evjl's Rain was still active in testing and we all participated AdGuard blocked almost nothing compared to Google Safe Browsing and Microsoft SmartScreen.
See this thread and/or do your own tests:
Yes, I know. But I'm talking about the browser security option in Adguard Desktop. See How malware protection works
So, what I said before, in that way Google Safe Browsing also can be used.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
pointed out in his review that it doesn't have system wide web protection (only in browsers), I was disappointed.
Sad to hear, but you and anybody else should try to understand that reviews here on MT comes with a specific disclaimer that is very important to understand. Let me try help and quote :
Any views or opinions expressed are that of the member giving the information and may be subjective.
 
F

ForgottenSeer 89360

Just to makes things more clear to anyone who may didn't know before:
We should mention that MD/WD doesn't includes a certain module like Behavior Blocker, MD/WD uploads suspicious files to own cloud-behavior-analysis by Microsoft, that's a different way to check files compared to a local module like DeepGuard by F-Secure.
It uses cloud-based processing like McAfee, AVG, Symantec and many others, but it doesn't need a whole file to be sent to the cloud. This is only if the verdict is inconclusive.

How client behavioral blocking works​

Microsoft Defender Antivirus can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.

Sad to hear, but you and anybody else should try to understand that reviews here on MT comes with a specific disclaimer that is very important to understand. Let me try help and quote :
So are you claiming that F-Secure does have system-wide web blocking?


Browsing Protection helps you browse the internet safely by providing safety ratings for websites on your browser and blocking access to websites that have been rated harmful.

Note: Browsing Protection requires that the Browsing Protection extension is turned on in the web browser that you use.
 
Last edited by a moderator:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
It uses cloud-based processing like McAfee, AVG, Symantec and many others, but it doesn't need a whole file to be sent to the cloud. This is only if the verdict is inconclusive.

How client behavioral blocking works​

Microsoft Defender Antivirus can detect suspicious behavior, malicious code, fileless and in-memory attacks, and more on a device. When suspicious behaviors are detected, Microsoft Defender Antivirus monitors and sends those suspicious behaviors and their process trees to the cloud protection service. Machine learning differentiates between malicious applications and good behaviors within milliseconds, and classifies each artifact. In almost real time, as soon as an artifact is found to be malicious, it's blocked on the device.
My point was just to mention that MD/WD doesn't includes a local BB which is able to work even offline to block suspicious files, that's a real downside compared to other major AVs. That is a fact and nothing like claiming my personal opinion as true ;)
 
F

ForgottenSeer 89360

My point was just to mention that MD/WD doesn't includes a local BB which is able to work even offline to block suspicious files, that's a real downside compared to other major AVs. That is a fact and nothing like claiming my personal opinion as true ;)
According to official Microsoft Whitepaper, found here: http://download.microsoft.com/download/3/0/8/3085D641-1CA8-4E21-92DB-3D17F231D252/Windows security on disconnected devices whitepaper.pdf

Windows Defender AV also performs real-time scanning – identifying threats as soon as they are seen on the device. It doesn’t require Internet connectivity to perform this and other behavioral detection activities.
It also has local behavioural detections added to database such as this: Behavior:Win32/SenseToVDMCreateFile20122522112.A threat description - Microsoft Security Intelligence
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
So are you claiming that F-Secure does have system-wide web blocking?
The review sections disclaimer and extra so what I quoted is for All software reviews posted here on MT. That is important to understand. The review section here on MT is not created as something that automatic is more valuable and worth then everything else said, done or ever tested either on this forum or anywhere else. That's partially why the disclaimers exist to help explain.

That said, it does not mean that everything posted, said or stated on members reviews are wrong, but one should understand that, again :
Any views or opinions expressed are that of the member giving the information and may be subjective.
 
F

ForgottenSeer 89360

@McMcbrad When I was using F-Secure it used to block IDM from downloading its updates. F-Secure has an option to block applications from downloading harmful content. Can this be considered a system-wide web protection?
I haven't tested it with IDM as I do not use any. System-wide web blocking will work on all apps, regardless of the port and not only when they download files, but when they issue any connection whatsoever.

E.g. Malware.exe wants to connect to 192.168.088.011 on port 65536. The related IP address is already in blacklist and connection is aborted, before any download/upload is initiated. This can prevent not only secondary payload download, but can also stop malware from uploading personal data, such as files, credentials, etc.

Just blocking a download can't be considered system-wide web blocking.
 
Last edited by a moderator:

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
According to official Microsoft Whitepaper, found here: http://download.microsoft.com/download/3/0/8/3085D641-1CA8-4E21-92DB-3D17F231D252/Windows security on disconnected devices whitepaper.pdf
Windows Defender AV also performs real-time scanning – identifying threats as soon as they are seen on the device. It doesn’t require Internet connectivity to perform this and other behavioral detection activities.
Where are the settings of "behavioral detection" that isn't fully enabled by default, we need tools like Configure-Defender or tweaking via Group-Policy.


My tests shows me the opposite, unknown malware can't be detected by Microsoft without active internet connection, that shows me it doesn't work offline, but everyone is free to believe what he want...
 
Last edited:
F

ForgottenSeer 89360

Where are the settings of "behavioral detection" that isn't fully enabled by default, we need tools like Configure-Defender or tweaking via Group-Policy.

My tests shows me the opposite, unknown malware can't be detected by Microsoft without active internet connection, that shows me it doesn't work offline, but everyone is free to believe what he want...
Tweaking is indeed needed, but F-Secure in their DeepGuard whitepaper, McAfee in their RealProtect documentation, Symantec in their Endpoint Protection help files all mention that cloud look-ups are performed. It's not guaranteed that without connection, the performance of their behavioural blocking will be the same as online.
 
Last edited by a moderator:

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Tweaking is indeed needed, but F-Secure in their DeepGuard whitepaper, McAfee in their RealProtect documentation, Symantec in their Endpoint Protection help files all mention that cloud look-ups are performed. It's not guaranteed that without connection, the performance of their behavioural blocking will be the same as online.
What about Kaspersky , Do you have any idea ??
 
F

ForgottenSeer 89360

What about Kaspersky , Do you have any idea ??
I believe @harlan4096 is the best person to ask here, but Kaspersky and Bitdefender help files/whitepapers don't mention anything about internet connection anywhere. When I tested Kaspersky, malware removal was triggered after connection to a blacklisted C&C server was attempted, but I did not test whether it will be blocked without internet connection. The information wouldn't be relevant to anyone, as the malware itself was cloud-reliant.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
I believe @harlan4096 is the best person to ask here, but Kaspersky and Bitdefender help files/whitepapers don't mention anything about internet connection anywhere. When I tested Kaspersky, malware removal was triggered after connection to a blacklisted C&C server was attempted, but I did not test whether it will be blocked without internet connection. The information wouldn't be relevant to anyone, as the malware itself was cloud-reliant.
most APT or silent Trojans will mostly need C&C to downloads their tasks/Other components unless if they are type of worms to make botnet network however ransomware would be good test case and best scenario to test malware which may not need to to communicate with C&C in its first stages :) :)
 
F

ForgottenSeer 89360

most APT or silent Trojans will mostly need C&C to downloads their tasks/Other components unless if they are type of worms to make botnet network however ransomware would be good test case and best scenario to test malware which may not need to to communicate with C&C in its first stages :) :)
Unfortunately I forgot to turn off Kaspersky cloud telemetry whilst writing custom ransomware, my executable was uploaded and was detected the next day (I was just finishing the file iterator), so I couldn't test it against truly unseen ransomware :D
I had to change the whole key generator logic + the note writer module and it's too much hassle.

The ransomware I discovered/did before was all detected by heuristics set to max. It could be stopped by Application Control as well.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top