Advanced Plus Security Divine_Barakah's PC Security Config 2026

Last updated
Jul 4, 2026
How it's used?
For work or educational use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Enabled
About WiFi router
ISP-provided router.
Real-time security
Webroot Internet Security Plus
NVT OSArmor Personal
Firewall security
Other - Internet Security (3rd-party)
About custom security
* Webroot
- protected settings with a password
- increased heuristics sensitivity
- changed firewall settings to ask for unknown applications

*OSArmor
- Default settings for now.
Periodic malware scanners
EEK
Malware sample testing
I do not participate in malware testing
Environment for malware testing
I don't do malware testing.
Browser(s) and extensions
Browsers
1- Vivaldi with multiple profile
2- Helium

Extensions
1- Floccus
2- Password Boss
3- Endnote
Secure DNS
Adguard Private DNS set in Win 11 settings and in browsers.
Desktop VPN
Adguard VPN
Password manager
Password Boss (main)

Enpass (backup)
Maintenance tools
Smarty Uninstaller
Kerish Doctor
Dell Command Update Universal
Hard Disk Sentinel Pro Portable
Bleachbit
Hibit Uninstaller
File and Photo backup
Koofr (Cryptomator)
Filejump (Cryptomator)
Cyberduck
Subscriptions
    • Google One AI Premium 2TB
System recovery
AOMEI Backupper Pro
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
Computer specs
Dell Latitude 7450
Ultra 7 155U
16 GB DDR5 Ram 6400
1TB Micron nVMe Gen4
Notable changes
Webroot and the inclusion of OSArmor.
Changed main password manager
Ditched Kerish Doctor
Managing Windows updates through GP.
What I'm looking for?

Looking for maximum feedback.

I will be very surprised if you don't have issues with the WRDATA folder growing in size, IMHO its the largest flaw in Webroot, I will watch this thread with interest as each time I've used WR I have had issues with that folder growing, however I may well be wrong as my wife often says :)
You're wife is wise 😂

I am monitoring it and I will keep sharing insights.
 
This is the list of my block rules in OSA

IMG_20260706_002912.jpgIMG_20260706_002954.jpgIMG_20260706_003005.jpgIMG_20260706_003006.jpgIMG_20260706_003014_1.jpgIMG_20260706_003024.jpgIMG_20260706_003030.jpgIMG_20260706_003036.jpg

@Dave Russo here is the list you requested.
 
This is the list of my block rules in OSA
The question to ask is not 'what if I one day use a program that does this? Then I should not checkmark this ...." . The question to ask is "this should never happen normally. So I should checkmark this." E.g. Hackers like to fool around with processes that have System rights and exploit them so it does things they want, because SYSTEM rights allow them to do ANYTHING. So a process with SYSTEM rights should never be running an unsigned program, because Windows does not do this.
 
Last edited:
The question to ask is not 'what if I one day use a program that does this? Then I should not checkmark this ...." . The question to ask is "this should never happen normally. So I should checkmark this." E.g. Hackers like to fool around with processes that have System rights and make them do things they want, because SYSTEM rights allow them to do ANYTHING. So a process with SYSTEM rights should never be running an unsigned program, because Windows does not do this.
As far as I know not everything inside Windows is digitally signed, but what we can do is never give full trust to digitally signed applications.

Kaspersky has this option.

As I mentioned before, my aim is to achieve a balance between security and usability. I am an academic not a security researcher. This is my production machine and I use it to write research papers. I believe my current config is more than adequate.

I have spent more than 12 hours yesterday reading OSA documentation and consulting AI to build the list of block rules.
 
You know if you repeatedly tell AI that security is less important than usability the AI will obey you and give you a less secure config. But then some of those rules are preparing you to go to war :)

My preferred security tool is WDAC. There is no debate on which rules to turn on. You make a whitelist of apps on your machine and from then on, only those apps plus windows will run. Malware and other foreign software will fail - a good portion of the problem is gone. It is built into Windows, and the tools are free.
 
Last edited:
You know if you repeatedly tell AI that security is less important than usability the AI will obey you and give you a less secure config. But then some of those rules are preparing you to go to war :)
Nah that's not how I do it. I don't ask AI to tell me what to do. I consult documentation. I see what other users are saying. Then I ask AI to clarify what the rule does. Then I try it and decide for myself to see if suits me.

Go to war? So be it hahahahha
 
One more update

Now I am syncing my Enpass vault to my Koofr account via WebDav. This is convenient. But to increase security I am protecting my Enpass vault with a local keyfile that I do not sync to Koofr. It is strictly kept offline.

I wanted to use Sticky Password and use WiFi sync, but unfortunately Sticky Password does not feature custom fields nor allow me to store TOTP.

One more advantage for Enpass is the fact it supports Linux. I plan to install KaOS on my Thinkpad.
 

You may also like...