Advanced Plus Security Divine_Barakah's PC Security Config 2026

Last updated
Jul 4, 2026
How it's used?
For work or educational use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Enabled
About WiFi router
ISP-provided router.
Real-time security
Webroot Internet Security Plus
NVT OSArmor Personal
Firewall security
Other - Internet Security (3rd-party)
About custom security
* Webroot
- protected settings with a password
- increased heuristics sensitivity
- changed firewall settings to ask for unknown applications

*OSArmor
- Default settings for now.
Periodic malware scanners
EEK
Malware sample testing
I do not participate in malware testing
Environment for malware testing
I don't do malware testing.
Browser(s) and extensions
Browsers
1- Vivaldi with multiple profile
2- Helium

Extensions
1- Floccus
2- Password Boss
3- Endnote
Secure DNS
Adguard Private DNS set in Win 11 settings and in browsers.
Desktop VPN
Adguard VPN
Password manager
Password Boss (main)

Enpass (backup)
Maintenance tools
Smarty Uninstaller
Kerish Doctor
Dell Command Update Universal
Hard Disk Sentinel Pro Portable
Bleachbit
Hibit Uninstaller
File and Photo backup
Koofr (Cryptomator)
Filejump (Cryptomator)
Cyberduck
Subscriptions
    • Google One AI Premium 2TB
System recovery
AOMEI Backupper Pro
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
Computer specs
Dell Latitude 7450
Ultra 7 155U
16 GB DDR5 Ram 6400
1TB Micron nVMe Gen4
Notable changes
Webroot and the inclusion of OSArmor.
Changed main password manager
Ditched Kerish Doctor
Managing Windows updates through GP.
What I'm looking for?

Looking for maximum feedback.

I diable the whole web guard of Avast during the limited periods I use; I prefer to wait until the malware land safely.
I believe https scanning deployed by vendors undermines security. It causes too many issues. I am restoring a clean system image now and I will test MD for a while. If I do not like it, I will install TM as I still have 3 years in my subscription.
 
Oh Lord forgive me for I have sinned. I installed Webroot 😅

IMG_20260704_123818.jpg
 
One more update. I blocked installing Driver in Windows Update and deferred quality updates for 14 days.

For drivers updates, I am using Dell Command Update. I have had issues with Windows Update pushing generic drivers.
 
So according to this link, Webroot is a blessing in disguise?

Analysing the results shows that Webroot extension accounts for %96.91 of detection. Only %3.09 slipped through and allowed to run only to be detected by Webroot's cloud detection.

It is weird that this is the only testing lab that gives Webroot a favourable rating and awards it "product of the year" 😅
 
The problem I see with AV's is that they weigh several factors before issuing a deny. For example, if script file is obfuscated AND file resides in C:\Users\<YourUsername>\AppData\ AND .... then quarantine it. Whereas you can use HIDS or similar and make a hard rule to say no executables allowed in AppData period. (because you never install per user apps). Then it wouldn't matter if the AV cannot figure out the obfuscation and the other 5 conditions don't match because an AV has to be oh so careful so as to not make a false positive. You know how you use your system. A hard rule is easier to enforce. And you will be safer for it.

Also hackers make discreet actions. Their work may not follow a recognizable malware chain of attack, it may follow a TTP. Thus a hard rule also stops hands on keyboard attacks. Whereas AV's traditionally fail against live human adversaries.
 
Last edited:
The problem I see with AV's is that they weigh several factors before issuing a deny. For example, if script file is obfuscated AND file resides in C:\Users\<YourUsername>\AppData\ AND .... then quarantine it. Whereas you can use HIDS or similar and make a hard rule to say no executables allowed in AppData period. (because you never install per user apps). Then it wouldn't matter if the AV cannot figure out the obfuscation and the other 5 conditions don't match because an AV has to be oh so careful so as to not make a false positive. You know how you use your system. A hard rule is easier to enforce. And you will be safer for it.

Also hackers make discreet actions. Their work may not follow a recognizable malware chain of attack, it may follow a TTP. Thus a hard rule also stops hands on keyboard attacks. Whereas AV's traditionally do not work against live human adversaries.
I believe I will get OS Armor to bridge the gap.
 
Have you used OSArmor before? How do you like it, is the rule language powerful and flexible ?
No it is my first time using it. I have always felt tempted to use it and now it is time. I need some time to learn more about and get used to it. I will share more later.
 
  • Like
Reactions: Victor M

You may also like...