Advanced Plus Security dronefox1166 configuration 2024/2025

Last updated
Jun 9, 2025
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Home x64
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Smart App Control
On
Network firewall
Enabled
Real-time security
Windows Defender (ConfigureDefender and FirewallHardening by H_C) + - Portmaster (free version)
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Windows Defender + Fort Firewall + (ConfigureDefender and FirewallHardening+ Simple Windows Hardening)
---
WIN 11 privacy tweak :
- Optimizer
- BloatyNosy
...
main telemetry off
Periodic malware scanners
- Malwarebytes
Malware sample testing
I do not participate in malware testing
Environment for malware testing
/
Browser(s) and extensions
Firefox, Chrome (used), Edge, Ungoogled Chromium (not use for the moment) :

search : Duckduckgo

extensions FF : uBlock Origin, Decentreleyes, Language Tool, Bitwarden, Keepa, Fakespot (for Amazon), h264ify (for Youtube), IDM extension, DarkReader, BetterRYM, cat-catch, AutoTabDiscard
Secure DNS
NextDNS (into browser : DoH)
Desktop VPN
/
Password manager
Bitwarden (2FA authentification)
Maintenance tools
PrivaZer Pro, PatchMyPC, Windows Repair Toolbox, Windows Repair, HiBit Uninstaller portable + UniGetUI
File and Photo backup
"Synology DS720+" NAS and cloud like 'MEGA(.nz)", "OneDrive", "Google drive", "Proton drive", "MEGA.nz"...
Subscriptions
    • Microsoft 365 Personal 1TB
System recovery
N/A
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Requesting and accepting remote access
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Motherboard : msi-b550m-pro-vdh-wifi-micro-atx-am4-motherboard
CPU model : amd-ryzen-5-5600g-39-ghz-6-core-processor
GPU model : to CPU
RAM :
G.Skill Flare X Black (2x8 GB) DDR4-3200 CL16 Memory
storage : 1 Tb SAMSUNG 990 EVO Plus (Win 11 system)
1 Tb HDD 2,5' WD (storage)
1 Tb SSD M.2 CRUCIAL P3 Plus (Storage)
Notable changes
add some changes

VT4Browser, Shoptimate... extension ...

UAC minimum notify

HiBit Uninstaller portable

06/2022 : new material and Win 11

12/2022 : new NAS DS720+

04/2023 : Portmaster free


09/2023 : AdGuard Home

10/2023 : custom security : Hard_Configurator

12/2023 : Kaspersky Free, ScreenWings add to security software, BloatyNoisy, Windhawk, Wireguard, DefenderUI...
+ new materiel : SSD 1 Tb Crucial P3 Plus, WIngetUI

01/2024 : HitmanPro Alert

01/2024 : Malwarebytes anti exploit and uninstalled HitmanPro Alert

11/01/2024 : MB anti ransomware + OSArmor 1.4.3 replace HitmanPro Alert and MB anti exploit...

10/02/2024 : removed osarmor and mb premium
add SpyShelter Pro

07/2024 : remove SpyShelter, remove AdGuard Home

11/2024 : NextDNS and H_C removed (only ConfigureDefender and FirewallHardening from H_c tools)

- Fort Firewall and HostsMan

- Office 365

12/2024 : AdGuard DNS, PrivaZer Pro...

01/2025 : NextDNS

03/2025 : Portmaster add and Fort Firewall removed

06/2025 : Fort Firewall, SimpleWindowsHardening added
What I'm looking for?

Looking for maximum feedback.

Parkinsond

Parkinsond

Level 18
Dec 6, 2023
885
Andy Ful said:
What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?



Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
  1. Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
    This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.
  2. You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
  3. If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
  4. You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
  5. Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
  6. Learn to recognize phishing attempts.
Be safe.(y)
Click to expand...
The first step after install of Office is to disable add-ons; macros are disabled by default; is this enough?
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
9,042
Parkinsond said:
The first step after install of Office is to disable add-ons; macros are disabled by default; is this enough?
Click to expand...
Only macros with MotW are disabled by default. However, malicious macros are not currently as prevalent as they were in 2022, when I wrote the advice you referred to.
Two years ago, weaponized Microsoft Office documents were a dangerous initial attack vector. Currently, they are dangerous as payloads (fortunately, not so prevalent).
For example, the attacker can use tricks disguised as a document opening:

Read_this_document.bat ----> weaponized DOC file downloaded with no MotW -----> DOC file opened ----> macro executed

ClickFix ----> PowerShell code ----> weaponized DOC file downloaded with no MotW -----> DOC file opened ----> macro executed

In the above examples, the user expects that the document is going to be opened. Most people will not notice anything suspicious.
 
  • +Reputation
  • Like
Reactions: dronefox1166, Parkinsond and simmerskool
Parkinsond

Parkinsond

Level 18
Dec 6, 2023
885
Victor M said:
So why is the countermeasure so dependent on motw? Shouldnt we disable macros altogether? Who uses them anyways, not the avergage joe. We just use MS Word as a glorified notepad.
Click to expand...
Disabled all the time
Capture.PNG
Capture2.PNG
 
  • Like
Reactions: [correlate] and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
9,042
Victor M said:
So why is the countermeasure so dependent on motw? Shouldnt we disable macros altogether? Who uses them anyways, not the avergage joe. We just use MS Word as a glorified notepad.
Click to expand...
Dependence on MotW is practical, especially in Enterprises (documents downloaded from the Internet are restricted, but local resources are not). Security layers must be usable.
However, most people do not need macros. Disabling macros is a good prevention against dangerous threats.
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool, [correlate] and Parkinsond
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
9,042
Generally, Microsoft Office is vulnerable to exploitation. For example, it contains VBA support, which can be used as a programming language (similar to Python, Java, etc.). The attackers can use scripting or a simple loader to enable access to Visual Basic Object Model (VBOM) in MS Office and silently run VBA malware without running MS Office applications or opening documents.
 
Last edited:
  • +Reputation
  • Like
Reactions: simmerskool, [correlate] and Parkinsond

Similar threads

aries91
    • Like
Advanced Security Aries91's Security Configuration 2025
Replies
7
Views
985
PC Setup Configuration Help & Showcase
lokamoka820
lokamoka820
Adrian Ścibor
    • Like
    • Thanks
    • +Reputation
AVLab.pl Product Of The Year 2025 – Summary of Advanced In-The-Wild Malware Test
Replies
16
Views
2,204
Security Statistics and Reports
mlnevese
mlnevese
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Kaspersky Plus Antivirus 2025
Replies
41
Views
2,779
Video Reviews - Security and Privacy
Parkinsond
Parkinsond

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top