FrankS Security Config

Last updated
Dec 31, 1969
Windows Edition
Pro
User Access Control
Always notify
Real-time security
Kaspersky Total Security 2017
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
AdwCleaner, Emsisoft Emergency Kit, HitmanPro, JRT, Zemana AntiMalware
Malware sample testing
Browser(s) and extensions
Mozilla Firefox: uBlock Origin, NoScript, Kaspersky Protection, Kaspersky Password Manager
Maintenance tools
CCleaner, O&O Defrag, Wise Care 365
File and Photo backup
AOMEI Backupper Pro
System recovery
AOMEI Backupper Pro
Computer specs
https://malwaretips.com/threads/franks-pc.62089/
FrankS

FrankS

Level 3
Thread author
Verified
Well-known
Dec 22, 2015
148
615
169
37
Germany
O&O ShutUp10 Setup (config attached*)
I activated all functions except the following:
- App notifications disabled
- Cortana reset and disabled
- Activate deferring of upgrades
- Automatic driver updates through Windows Update disabled
- Automatic app updates through Windows Update disabled
- Automatic Windows Updates disabled (1 of 2)
- Automatic Windows Updates disabled (2 of 2)
- Windows Updates for other products (e.g. Microsoft Office) disabled
The above-mentioned functions are still original as configured by Windows.

*If you want to use this configuration for your own O&O ShutUp10-Setup, download the ooshutup10.txt to your desktop, rename it to "ooshutup10.cfg" and import it at O&O ShutUp10

Mozilla Firefox Setup
Options -> Privacy -> Tracking -> Do Not Track: Enabled (default: disabled)
Options -> Privacy -> Tracking -> Change Block List: strict protection (default: basic protection)
Options -> Privacy -> History: Use custom settings for history
Options -> Privacy -> History -> Use custom settings for history: Always use private browsing mode enabled (default: disabled)
Options -> Privacy -> History -> Use custom settings for history -> Accept third-party cookies: From visited (default: Always)
Options -> Advanced -> Data choices: "Enable Firefox Health Report" and "Enable Crash Reporter" disabled (default: enabled)
adress bar -> "about:config" -> privacy.trackingprotection.enabled: true (default false)

Added extensions:
uBlock Origin
added Addblock Warning Removal List, Anti-Adblock Killer | Reek and all Malware/malvertising filter lists
NoScript
default setup, only cleared the url-whitelist

Router Setup (ASUS RT-AC88U with Asuswrt-Merlin Firmware)
AiProtection -> Network Protection:
Vulnerability Protection and Infected Device Prevention and Blocking enabled,
Malicious Site blocking disabled (because of too much false positives)
Wireless: WLAN MAC Filter: enabled, Hide SSID: enabled
Firewall: DoS Protection: Enabled, Respond Ping Request from WAN: No
VPN: OpenVPN with OpenDNS, Provider: HideMyAss

Unknown/untrusted files will be checked for viruses by Kaspersky, Emsisoft, HitmanPro, Zemana and after it, if the scanning-results are clean, I run it in a virtual machine before running on my real system.

sincerely,
Kenny 'FrankS'
 

Attachments

Last edited:
  • Like
Reactions: shukla44, Logethica, Venustus and 3 others
You can remove TuneUP if it ain’t a paid version. Modern OS needs little or no tweaking at all to keep peak performance all day. Why would anyone disable toast notification on w10? Consider doing a backup or atleast backup imp. files to prevent losing in an event of disk failure. I guess you're using multiple HDDs and SSDs in RAID? Am i correct?
 
  • Like
Reactions: Logethica
Vasudev said:
You can remove TuneUP if it ain’t a paid version. Modern OS needs little or no tweaking at all to keep peak performance all day. Why would anyone disable toast notification on w10? Consider doing a backup or atleast backup imp. files to prevent losing in an event of disk failure. I guess you're using multiple HDDs and SSDs in RAID? Am i correct?
Click to expand...
Hello Vasudev. Thanks for your Reply
I like PC TuneUp by AVG. It got much important windows features at one window (like chkdsk, setting Windows-Design configuration for good performance and anymore). Also I like the AVG Shredder. I use it for deleting on every file. It's a nice small tool.
I got one SSD by SanDisk (1TB). I never got a disk or other hardware failure. I think it's because my hardware is and will never be old. I upgrade my hardware like all 2 years. For example my last upgrade: I was using a SATA II Disk Drive until...öhm I guess August 2015. Then I wanted more speed and upgraded with new graphic card and SSD. And I think 2 years later there will be much newer hardware technology again - and I will upgrade my computer or will buy a new one again. I configure/build my computers always self. Two important rules for preventing hardware failures is: cooling and cleaning. Every of my self-configured computers has always minimum 2 case fans (or more) and I'm cleaning it every 2-3 months with compressed air spray.

sincerely,
Kenny
 
  • Like
Reactions: Logethica and Deleted Member 333v73x
Follow the instructions others have said and apart from that, nice configuration - thanks for sharing @FrankS :)
 
  • Like
Reactions: Venustus
Umbra said:
A system backup is necessary unless you like to clean install everytime like me :D
Click to expand...
Of course I prefer a clean install. Before upgrading from Windows 7 to Windows 10 I formatted with Win7-CD, installed the updates and installed Windows 10 with media creation tool. And on media creation tool setup I selected "Delete all".

To our Zemana Fans:
I'm currently thinking about replacing Malwarebytes through Zemana. But at first I will do a malware-detection-test on my virtual system.
I have 779 Samples for testing and I will do a real simulation test for me - that means:
At first I will install KIS, HMP, MBAM then I extract the malware, let kaspersky delete all detected files, then right-click-scan with HMP and then with Malwarebytes and note then how many files left.
Then I'll uninstall MBAM, delete the samples, install Zemana and do this test again.
 
  • Like
Reactions: Logethica
FrankS said:
Hello Vasudev. Thanks for your Reply
I like PC TuneUp by AVG. It got much important windows features at one window (like chkdsk, setting Windows-Design configuration for good performance and anymore). Also I like the AVG Shredder. I use it for deleting on every file. It's a nice small tool.
I got one SSD by SanDisk (1TB). I never got a disk or other hardware failure. I think it's because my hardware is and will never be old. I upgrade my hardware like all 2 years. For example my last upgrade: I was using a SATA II Disk Drive until...öhm I guess August 2015. Then I wanted more speed and upgraded with new graphic card and SSD. And I think 2 years later there will be much newer hardware technology again - and I will upgrade my computer or will buy a new one again. I configure/build my computers always self. Two important rules for preventing hardware failures is: cooling and cleaning. Every of my self-configured computers has always minimum 2 case fans (or more) and I'm cleaning it every 2-3 months with compressed air spray.

sincerely,
Kenny
Click to expand...
Shredding the files is not required on SSD, since TRIM will perform cleanup even if you do a simple permanent deletion using shift + delete. In you case backup isn't needed since you upgrade your PC every 2 years which means your system is in top condition even with heavy workloads. I keep my PC for 5 years or more, so backing up is important for me otherwise I'm literally dead. Even w10 has one click features(not exactly, you'll need couple of keystrokes) like hitting ctrl + X gives you shortcuts for most accessed system properties or even more.
 
  • Like
Reactions: Logethica
Nice! You're safe ;)

When I download a file which I don't know or trust, I scan it with HitmanPro, Malwarebytes and Kaspersky.
If it is a big file or software I run it on VirtualBox at first for testing what it does.
If it is a small file I upload and analyse it on virustotal.
Generally I run and test unknown/untrusted files or programs on VirtualBox before running on my "real" system.
Click to expand...
Very good plan!
Have a good day @FrankS
 
  • Like
Reactions: Logethica, Deleted Member 333v73x and Venustus
Updated my Security Config - 09/08/2016
Code: 
- Replaced Kaspersky Internet Security by Kaspersky Anti-Virus
- Replaced Microsoft Safety Scanner by Emsisoft Emergency Kit (for regular system-scanning)
- Added HitmanPro.Alert and VoodooShield Pro
- Replaced the browser extension Adblock Plus (and Popup-Addon) by uBlock Origin
- Added the browser extension NoScript
- Added Wise Care 365
 
  • Like
Reactions: Logethica
Update #2 - 10 /08 /2016
Code: 
- Set Windows UAC from Do not dim (Minimum) to Always Notify (Maximum)
- Added Acronis True Image for data and image-backups
 
Last edited:
  • Like
Reactions: Logethica and King Alpha
Darlene said:
Looks very solid. Only thing I would not do is running Hitmanpro.Alert together with kaspersky antivirus. I really would ask the support if the two combining needs some special configuration (exclusions), which I did with bitdefender and malwarebytes Anti-Exploit .

List of programs incompatible with Kaspersky Anti-Virus 2017

Why is there "PC: Take caution" next to your config title? ;)
Click to expand...

I don't know. I think it's set to "Take Caution" by operator/moderator.
I excluded Kaspersky Anti-Virus 2016 (2017 isn't yet available in Germany) at HitmanPro.Alert.
HitmanPro.Alert is set to trusted by Kaspersky automatically. I also tested Kaspersky with HMP.Alert in Action on a virtual machine, by running ransomware with disabled realtime-scanning of kaspersky. Kaspersky blocked it. By disabling Kaspersky's Anti-Exploit, HitmanPro.Alert also blocked it. So both programs are running right I guess.
 
  • Like
Reactions: ForgottenSeer 54422 and Logethica
You must log in or register to reply here.

You may also like...