SECURE Evjl's Rain's security config

Discussion in 'PC Security Configuration' started by Evjl's Rain, Feb 15, 2017.

  1. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    #1 Evjl's Rain, Feb 15, 2017
    Last edited: Dec 1, 2017
    Most recent changes:
    24/12/2017
    Operating System:
    • Windows 8.1
    OS Edition:
    Pro
    OS Architecture:
    64-bit
    User Access Control:
    Disabled
    Firewall:
    3rd Party Firewall
    OS Security Updates:
    Check for Updates, but do not auto-download or install
    OS File Reputation:
    • SmartScreen for Windows 10
    Type of User Account:
    Local Account
    Recent Malware Attacks:
    No
    Testing AV's with Malware Samples:
    Inside a Virtual Machine
    Real-time Malware Protection:
    Kaspersky Internet Security, NVT OSArmor, Sandboxie, Adguard DNS + Norton DNS
    On-demand Scanners:
    Zemana portable, herdProtect, Emsisoft EK, VT Hash Check, Hitman Pro, Norton Power Eraser
    Security Product Settings:
    Custom
    Browsers and Extensions:
    Slimjet, uBlock Origin, Popup Blocker (strict), Notifier for Gmail™, h264ify, Violentmoney, Nano Defender, Google Translate, Norton Safe Web, Enhancer for Youtube, EagleGet, VTchromizer
    Preferred Search Engine:
    Google, duckduckgo
    Password Manager:
    My Brain
    Content Blocker (Ads, Scripts, Trackers):
    ublock origin with many additional filters
    Frequently used System Utilities:
    CCleaner + CCEnhancer (scheduled autoclean every Sunday 6PM), Privazer, Wise Disk Cleaner, Shadow Defender (rarely use), SunsetScreen
    Frequency of Data Backups:
    Custom Backups
    Frequency of System Image Backups:
    Manual / On-demand Backups
    System Image Backup Software:
    Norton Ghost (Hirenboot CD on USB), Macrium Reflect free
    Machine Specs:
    https://malwaretips.com/threads/rains-laptop.61841/
    All of these configurations are designed for PERFORMANCE AND USABILITY. Security is in the second place

    Tweaks:

    1/ Process Lasso: disallowed wscript, cscript, powershell.exe, powershell_ise.exe, java.exe, javaw.exe
    2/ Group Policy (SRP): blocked some extensions: .hta, .jar, .scr
    3/ Regedit: blocked windows script host
    4/ Windows Firewall:
    - blocked all inbound connections
    - block outbound: msra.exe, msha.exe, wscript, cscript, powershell, powershell_ise, conhost, cmd


    All other machines' fully automated configurations (for parents and friends who don't know much about computer)

    - Windows 7 Pro/Ultimate (x86, x64)
    - Avast Free (tweaked) without Hardened Mode (any mode) -> too many false positives for them to handle
    - CheckMAL Appcheck Anti-ransomware Free
    - Unchecky
    - Windows Firewall
    - CocCoc browser with uBlock Origin and uBlock Origin Extra + additional security filters
    - Avira Browser Safety
    - Windows Updates are disabled => broke or slowed down their machines significantly in the past + they don't want W10 or W10's upgrade nags
    - CCleaner + CCEnhancer -> scheduled autoclean every Sunday 6PM

    None of these machines have had malwares for years. Perhaps a few PUPs which hijacked the browsers
     
  2. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,344
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Thanks for sharing :)
    I see a high security level and well-balanced, but sorry why is Windows update disabled? :)
     
  3. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,680
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    hehe CocCoc browser (Vietnamese chromium fork) :)
     
  4. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    :D the best browser for vietnamese with built-in download accelerator + FB censorship bypassing :D
    because Windows Update broke/slowed down some of the machines and made them malfunctioned (+ some of them use cracked windows, not me :) ). It's like a malware for average users if they don't know what they are doing :D. I went to the computer repair shop last week and saw 6 people came to install W7 because they couldn't use W8.1 or 10 or they had annoying bugs (many people in my country can't speak/understand english). The computer guy also said my W10 was slow for all its power -> asked me to install W7 o_O (he was right but I knew he just wanted to get some extra $$$ for installing windows)
     
  5. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,344
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Yeah, for sure MS should work in better way before release some updates.
    A few months ago I was blocked without being able to work because during the restart for the updates installation, the system went into loop mode.
    At the end, forced shutdown :D
     
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,680
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Inded very common practice over there, they are very good at fixing hardware but in term of OS deployment and optimization, many are clueless :D
     
  7. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,493
    Retired
    Central US
    Linux Mint
    Default-Deny
    Cool setup Rain, Thanks for the share brother.
     
  8. Andytay70

    Andytay70 Level 13

    Jul 6, 2015
    646
    3,288
    Electricial engineer
    UK
    Windows 10
    Avast
    Well covered, Thanks for sharing.
     
  9. aragornnnn

    aragornnnn Level 11

    Aug 18, 2016
    524
    6,236
    Warehouse Employee @ Nike ELC Belgium
    Belgium
    Windows 10
    Kaspersky
    Nice and strong config, thanks for the share! :)
     
  10. Parsh

    Parsh Level 24
    Trusted AV Tester

    Dec 27, 2016
    1,328
    12,035
    7 Islands of Bombay
    Windows 10
    Default-Deny
    With enough care, this may be the simplest yet solid protection. Awesome :)
    Do you have hardened mode (and if yes, which one) in AP enabled, having VDS alongside?
     
  11. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    #11 Evjl's Rain, Feb 15, 2017
    Last edited: Feb 15, 2017
    yes, I have hardened mode aggressive enabled
    VS in autopilot can help to catch those malwares which are missed by HM. Sometimes, HM allows some new malwares for unknown reasons
     
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,282
    13,628
    Utopia
    scripts?
     
  13. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    #13 Evjl's Rain, Feb 15, 2017
    Last edited: Feb 15, 2017
    probably scripts but scripts eventually download .exe in order to work, mostly


    I saw HM blocked most undetected samples but slipped 1 sample => she stopped the video then
    I don't know why it failed. Was the payload .exe missed by HM or did it use another kind of attack without an exe file?
     
  14. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    Strong & effective config my frd...:)Nothing to add from my side...;)
     
  15. Exterminator

    Exterminator Super Moderator
    Staff Member

    Oct 23, 2012
    12,283
    46,671
    USA
    Windows 10
    Kaspersky
    Very nice config!!! Thanks for sharing it with us :)
     
  16. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,755
    13,979
    SecureMyBit Developer
    Unknown
    Good config, all layers are well covered.

    Thanks for sharing.
     
    rockstarrocks, frogboy, SHvFl and 4 others like this.
  17. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    Added:
    - Avast Premier -> Avast Free (with adblock tweak)
    - Windows Firewall only
    - (Right Click) Allow, Block or Remove - Windows Firewall (better than WFC :D)

    Removed:
    - Avast's Game Mode - potential cause of many problems
     
  18. Sr. Normal 2.0

    Sr. Normal 2.0 Level 5
    Trusted

    Sep 14, 2016
    235
    6,281
    Talavera, España
    Windows 10
    Norton
    Very good config my Rainsomware friend ;)

    Thanks for sharing! :)
     
  19. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    Added:
    - Zemana antilogger
    - Comodo firewall (proactive)
    - Norton safe web
    - Youtube Plus

    Removed:
    - Avast free
    - VTchromizer
     
  20. Evjl's Rain

    Evjl's Rain Level 29
    Trusted AV Tester

    Apr 18, 2016
    1,815
    13,233
    Vietnam
    Windows 8.1
    Avast
    to test this combo :D
    faster than avast alone so far

    zemana for basic signatures and lightness
    comodo for the rest. Now without avast, I hope it won't cause BSODs
     
Loading...
Similar Threads Forum Date
Evjl's Rain's security config SCW Archive May 30, 2016
Evjl's Rain Zemana Report - January 2017 Zemana Jan 11, 2017
Android Rain's S7 Mobile Security Configuration Aug 4, 2017