FrankS Security Config

[FrankS]

O&O ShutUp10 Setup (config attached*)
I activated all functions except the following:
- App notifications disabled
- Cortana reset and disabled
- Activate deferring of upgrades
- Automatic driver updates through Windows Update disabled
- Automatic app updates through Windows Update disabled
- Automatic Windows Updates disabled (1 of 2)
- Automatic Windows Updates disabled (2 of 2)
- Windows Updates for other products (e.g. Microsoft Office) disabled
The above-mentioned functions are still original as configured by Windows.

*If you want to use this configuration for your own O&O ShutUp10-Setup, download the ooshutup10.txt to your desktop, rename it to "ooshutup10.cfg" and import it at O&O ShutUp10

Mozilla Firefox Setup
Options -> Privacy -> Tracking -> Do Not Track: Enabled (default: disabled)
Options -> Privacy -> Tracking -> Change Block List: strict protection (default: basic protection)
Options -> Privacy -> History: Use custom settings for history
Options -> Privacy -> History -> Use custom settings for history: Always use private browsing mode enabled (default: disabled)
Options -> Privacy -> History -> Use custom settings for history -> Accept third-party cookies: From visited (default: Always)
Options -> Advanced -> Data choices: "Enable Firefox Health Report" and "Enable Crash Reporter" disabled (default: enabled)
adress bar -> "about:config" -> privacy.trackingprotection.enabled: true (default false)

Added extensions:
uBlock Origin
added Addblock Warning Removal List, Anti-Adblock Killer | Reek and all Malware/malvertising filter lists
NoScript
default setup, only cleared the url-whitelist

Router Setup (ASUS RT-AC88U with Asuswrt-Merlin Firmware)
AiProtection -> Network Protection:
Vulnerability Protection and Infected Device Prevention and Blocking enabled,
Malicious Site blocking disabled (because of too much false positives)
Wireless: WLAN MAC Filter: enabled, Hide SSID: enabled
Firewall: DoS Protection: Enabled, Respond Ping Request from WAN: No
VPN: OpenVPN with OpenDNS, Provider: HideMyAss

Unknown/untrusted files will be checked for viruses by Kaspersky, Emsisoft, HitmanPro, Zemana and after it, if the scanning-results are clean, I run it in a virtual machine before running on my real system.

sincerely,
Kenny 'FrankS'

 

[Vasudev]

You can remove TuneUP if it ain’t a paid version. Modern OS needs little or no tweaking at all to keep peak performance all day. Why would anyone disable toast notification on w10? Consider doing a backup or atleast backup imp. files to prevent losing in an event of disk failure. I guess you're using multiple HDDs and SSDs in RAID? Am i correct?

 

[FrankS]

You can remove TuneUP if it ain’t a paid version. Modern OS needs little or no tweaking at all to keep peak performance all day. Why would anyone disable toast notification on w10? Consider doing a backup or atleast backup imp. files to prevent losing in an event of disk failure. I guess you're using multiple HDDs and SSDs in RAID? Am i correct?

Hello Vasudev. Thanks for your Reply
I like PC TuneUp by AVG. It got much important windows features at one window (like chkdsk, setting Windows-Design configuration for good performance and anymore). Also I like the AVG Shredder. I use it for deleting on every file. It's a nice small tool.
I got one SSD by SanDisk (1TB). I never got a disk or other hardware failure. I think it's because my hardware is and will never be old. I upgrade my hardware like all 2 years. For example my last upgrade: I was using a SATA II Disk Drive until...öhm I guess August 2015. Then I wanted more speed and upgraded with new graphic card and SSD. And I think 2 years later there will be much newer hardware technology again - and I will upgrade my computer or will buy a new one again. I configure/build my computers always self. Two important rules for preventing hardware failures is: cooling and cleaning. Every of my self-configured computers has always minimum 2 case fans (or more) and I'm cleaning it every 2-3 months with compressed air spray.

sincerely,
Kenny

 

[Exterminator]

Good config! Thanks for sharing it
Consider just using CCleaner and O & O defrag.
Consider some type of system back up solution.

 

[Deleted Member 333v73x]

Follow the instructions others have said and apart from that, nice configuration - thanks for sharing @FrankS

 

[DJ Panda]

Maybe replace Hitmanpro with Zemana Anti- Malware

 

[Deleted member 178]

A system backup is necessary unless you like to clean install everytime like me

 

[safe1st]

Add Zemana AntiMalware, then you're good

 

[Deleted member 178]

Add Zemana AntiMalware, then you're good

not necessary , he uses HMP

 

[FrankS]

A system backup is necessary unless you like to clean install everytime like me

Of course I prefer a clean install. Before upgrading from Windows 7 to Windows 10 I formatted with Win7-CD, installed the updates and installed Windows 10 with media creation tool. And on media creation tool setup I selected "Delete all".

To our Zemana Fans:
I'm currently thinking about replacing Malwarebytes through Zemana. But at first I will do a malware-detection-test on my virtual system.
I have 779 Samples for testing and I will do a real simulation test for me - that means:
At first I will install KIS, HMP, MBAM then I extract the malware, let kaspersky delete all detected files, then right-click-scan with HMP and then with Malwarebytes and note then how many files left.
Then I'll uninstall MBAM, delete the samples, install Zemana and do this test again.

 

[Smith83]

I'm just gonna leave this here for you.....

Also, AVG PC TuneUp is absolute GARBAGE!

 

[Moose]

Salutations/Greetings!

 

[DJ Panda]

I love both Malwarebytes and Zemana the more scanners you have wouldn't be that bad.

 

[Vasudev]

Hello Vasudev. Thanks for your Reply
I like PC TuneUp by AVG. It got much important windows features at one window (like chkdsk, setting Windows-Design configuration for good performance and anymore). Also I like the AVG Shredder. I use it for deleting on every file. It's a nice small tool.
I got one SSD by SanDisk (1TB). I never got a disk or other hardware failure. I think it's because my hardware is and will never be old. I upgrade my hardware like all 2 years. For example my last upgrade: I was using a SATA II Disk Drive until...öhm I guess August 2015. Then I wanted more speed and upgraded with new graphic card and SSD. And I think 2 years later there will be much newer hardware technology again - and I will upgrade my computer or will buy a new one again. I configure/build my computers always self. Two important rules for preventing hardware failures is: cooling and cleaning. Every of my self-configured computers has always minimum 2 case fans (or more) and I'm cleaning it every 2-3 months with compressed air spray.

sincerely,
Kenny

Shredding the files is not required on SSD, since TRIM will perform cleanup even if you do a simple permanent deletion using shift + delete. In you case backup isn't needed since you upgrade your PC every 2 years which means your system is in top condition even with heavy workloads. I keep my PC for 5 years or more, so backing up is important for me otherwise I'm literally dead. Even w10 has one click features(not exactly, you'll need couple of keystrokes) like hitting ctrl + X gives you shortcuts for most accessed system properties or even more.

 

[FrankS]

I updated my Security config
Deleted AVG PC TuneUp and Wise Care 365
Added Zemana AntiMalware and added the information that my both partitions are encrypted by BitLocker and how I'm saving a confidential file.

 

[safe1st]

Nice! You're safe

When I download a file which I don't know or trust, I scan it with HitmanPro, Malwarebytes and Kaspersky.
If it is a big file or software I run it on VirtualBox at first for testing what it does.
If it is a small file I upload and analyse it on virustotal.
Generally I run and test unknown/untrusted files or programs on VirtualBox before running on my "real" system.

Very good plan!
Have a good day @FrankS

 

[FrankS]

Updated my Security Config - 09/08/2016

- Replaced Kaspersky Internet Security by Kaspersky Anti-Virus
- Replaced Microsoft Safety Scanner by Emsisoft Emergency Kit (for regular system-scanning)
- Added HitmanPro.Alert and VoodooShield Pro
- Replaced the browser extension Adblock Plus (and Popup-Addon) by uBlock Origin
- Added the browser extension NoScript
- Added Wise Care 365

 

[FrankS]

Update #2 - 10 /08 /2016

- Set Windows UAC from Do not dim (Minimum) to Always Notify (Maximum)
- Added Acronis True Image for data and image-backups

 

[Darlene]

Looks very solid. Only thing I would not do is running Hitmanpro.Alert together with kaspersky antivirus. I really would ask the support if the two combining needs some special configuration (exclusions), which I did with bitdefender and malwarebytes Anti-Exploit .

List of programs incompatible with Kaspersky Anti-Virus 2017

Why is there "PC: Take caution" next to your config title?

 

[FrankS]

Looks very solid. Only thing I would not do is running Hitmanpro.Alert together with kaspersky antivirus. I really would ask the support if the two combining needs some special configuration (exclusions), which I did with bitdefender and malwarebytes Anti-Exploit .

List of programs incompatible with Kaspersky Anti-Virus 2017

Why is there "PC: Take caution" next to your config title?

I don't know. I think it's set to "Take Caution" by operator/moderator.
I excluded Kaspersky Anti-Virus 2016 (2017 isn't yet available in Germany) at HitmanPro.Alert.
HitmanPro.Alert is set to trusted by Kaspersky automatically. I also tested Kaspersky with HMP.Alert in Action on a virtual machine, by running ransomware with disabled realtime-scanning of kaspersky. Kaspersky blocked it. By disabling Kaspersky's Anti-Exploit, HitmanPro.Alert also blocked it. So both programs are running right I guess.