Advanced Plus Security Divine_Barakah's PC Security Config 2026

Last updated
Jul 4, 2026
How it's used?
For work or educational use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Enabled
About WiFi router
ISP-provided router.
Real-time security
Webroot Internet Security Plus
NVT OSArmor Personal
Firewall security
Other - Internet Security (3rd-party)
About custom security
* Webroot
- protected settings with a password
- increased heuristics sensitivity
- changed firewall settings to ask for unknown applications

*OSArmor
- Default settings for now.
Periodic malware scanners
EEK
Malware sample testing
I do not participate in malware testing
Environment for malware testing
I don't do malware testing.
Browser(s) and extensions
Browsers
1- Vivaldi with multiple profile
2- Helium

Extensions
1- Floccus
2- Password Boss
3- Endnote
Secure DNS
Adguard Private DNS set in Win 11 settings and in browsers.
Desktop VPN
Adguard VPN
Password manager
Password Boss (main)

Enpass (backup)
Maintenance tools
Smarty Uninstaller
Kerish Doctor
Dell Command Update Universal
Hard Disk Sentinel Pro Portable
Bleachbit
Hibit Uninstaller
File and Photo backup
Koofr (Cryptomator)
Filejump (Cryptomator)
Cyberduck
Subscriptions
    • Google One AI Premium 2TB
System recovery
AOMEI Backupper Pro
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
Computer specs
Dell Latitude 7450
Ultra 7 155U
16 GB DDR5 Ram 6400
1TB Micron nVMe Gen4
Notable changes
Webroot and the inclusion of OSArmor.
Changed main password manager
Ditched Kerish Doctor
Managing Windows updates through GP.
What I'm looking for?

Looking for maximum feedback.

Under my local user account, I created a folder called (App Data) in which I store the portable apps such as Hard Disk Sentinel.

Now when I tried to run HDS, OSArmor blocked it and adding HDS to exclusions did not fix the block.

The rule that blocked HDS was "Block processes located in suspicious folders"

And the parent process was explorer.exe

To correctly exclude HDS I had to create a manual rule in exclusions [%PROCESSNAME%: HD Sentinel.exe] [%SIGNER% Janis Mathe].

What this rule basically does is add a process to exclusions regardless of its path.

Now step by step I am building my rules and I am experimenting. I am installing my apps and J am monitoring how OSA reacts.
Now I realised that I should not use to rule to exclude an app if it is not digitally signed. The absence of %SIGNER% creates a vulnerability.

Instead, one should use the %PROCESS% followed by the app storage path to add it to exclusions.

I am using ABDownloadManager which is an open source download manager that is not digitally signed. It was blockes by OSA and I added it to exclusions using the %PROCESS% rule.
 
I am using Peazip as the main archiver. Whenever I unzip a file using Peazip, it triggers a block in OSA.

When you extract and archive using Peazip, it creates a temporary working directory inside your user profile. Once it finishes processing, PeaZip attempts to quietly clean up after itself.

To wipe out those temporary folders, PeaZip spawns a native Windows command string:

cmd /c rmdir "C:\Users\USER\AppData\Local\Temp\peazip-tmp\.pztmp\" /s /q
 
Updated list of installed Applications:

***Security***
- Webroot Internet Security Plus
- OSA Personal
- Cryptomator
- Adguard VPN

***Productivity***
- Microsoft Office 2024 Standard LAST
- Betterbird
- Onlyoffice
- Swifdoo PDF
- Wondershare PDFelement 11
- ABDownloadManager
- Xyplorer
- Cyberduck
- Koofr

***Browsers***
- Vivaldi
- Helium
- Waterfox

***System Maintenance***
- Bleachbit
- Hard Disk Sentinel Pro Portable
- Smarty Uninstaller
- Patch My PC
- AOMEI Backupper

***Password Managers***
- Password Boss
- Enpass Pro

***Other Tools***
- Musicbee
- Peazip

***Extensions***
- Webroot Web Shield
- Password Boss
 
Been watching the WRData folder closely and its size grew to 700 MB. I opened the WRlog.log and found the culprit. The PDFEngine.exe process (part of Swifdoo PDF) was monitored by Webroot. I changed the process status from monitored to allowed and everything is running as intended now.
 
Removed the extension of Password Boss after reading the following link.

Now I manually copy and paste my credentials from within Enpass Desktop app

 
Peazip installer and even after installation, get flagged and blocked by MD; I suspect the built-in scripts for extra tasks such as secure deletion.
No that's not the case. MD blocks newer versions of Peazip because of the absence of a digital signature. It even warns you when you download the installer.
 
OSA can provide different degrees of security based on your settings. Go through the setting and trusted vendors and decide on your balance of usability and security.
Yes I indeed did enable many rules. Over the last day I have been experimenting with rules and I believe I managed to achieve the perfect balance between securrity and usability.
 

You may also like...