Latest Changes
Dec 1, 2019
Windows Edition
Pro
Version or Build no.
Version 1909 OS Build 18363.476
System type
64-bit operating system; x64-based processor
Security Updates
Automatic Updates (recommended)
User Access Control
Always Notify
Network Security (Firewall)
Windows Defender Firewall
User Account
Administrator
Sign-in Accounts
Microsoft (@outlook.com)
Sign-in Options
  • Password
  • Windows Hello PIN (recommended)
  • Windows Hello Fingerprint
  • Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    Ziggo Safe Online (F-Secure Safe) 17.7 and VoodooShield 5.52 beta
    RTP - Custom security settings
  • Minor changes for Increased security
  • RTP - Details of Custom security settings
    Removed Internet Explorer 11.
    Ziggo Safe Online switched off Banking protection.
    VoodooShield enabled WhitelistCloud and added the new Edge to web apps
    Virus and Malware Removal Tools
    HitmanPro and AdwCleaner (for the kids)
    Browsers and Extensions
    Microsoft Edge Dev with uBlock Origin, F-Secure Browsing Protection, Netcraft Extension, Certificate Info and Bitwarden.
    Privacy-focused Apps and Extensions
    Microsoft Edge Dev Tracking Prevention at recommended and uBlock Origin in medium mode:
    Password Managers
  • Bitwarden
  • Web Search
  • Google
  • System Utilities
    O&O ShutUp10, Patch My PC, Autoruns, Bandizip, Driver Easy Pro, CCleaner Pro and Disk Cleanup
    Data Backup
    OneDrive, File History
    Frequency of Data backups
    Always-on Sync
    System Backup
    Windows system image
    Frequency of System backups
    Occasionally
    Computer Activity
  • Online banking
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Shared computer is used by other family members
  • Office and other work-related software (Work from Home)
  • Recording and editing video or photos
  • Computer Specifications
    Acer Aspire VN7-791G-576X
    Intel Core i5-4210H
    Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
    Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
    Samsung SSD 850 EVO M.2 250GB
    Seagate HDD ST1000LM014-1EJ164 1TB
    Realtek High Definition Audio

    Gandalf_The_Grey

    Level 28
    Verified
    Yes, H_C thread is best place for questions. BTW: you copied my config! :LOL: except for VoodooShield. Nice setup! (y)

    Edit: Whitelisting is easy by process or hash. My main gripe is CFA. Exclusions are possible but don't always seem to work. I'm on the fence with enabling it or not.
    Yeah, like your setup. Went away from VS because Dan got himself banned from almost everywhere. It's still a great program.
    Any tips where to do the whitelisting in H_C?
     

    Andy Ful

    Level 57
    Verified
    Trusted
    Content Creator
    There are two buttons: <Whitelist By Path> and <Whitelist By Hash>.(y)
    What do you want to whitelist? Is something blocked?
    Please read the help about whitelisting buttons, and let me know if anything is not clear (the help files are written in Polish-English).:giggle:
     
    Last edited:

    Gandalf_The_Grey

    Level 28
    Verified
    There are two buttons: <Whitelist By Path> and <Whitelist By Hash>.
    What do you want to whitelist? Is something blocked?
    Okay, thanks. Do I have to to press APPLY CHANGES after that?
    A block I see at the moment:
    Access to C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter\37.186.201\software_reporter_tool.exe has been restricted by your Administrator by the default software restriction policy level.
    I also have a lot of lsass.exe messages like this one:
    Windows Defender Antivirus audited an operation that is not allowed by your IT administrator.
    For more information please contact your IT administrator.
    ID: 9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2
    Detection time: 2019-01-18T18:12:47.683Z
    User: xxx\xxx
    Path: C:\Windows\System32\lsass.exe
    Process Name: C:\Windows\System32\Taskmgr.exe
    Signature Version: 1.283.3241.0
    Engine Version: 1.1.15500.2
    Product Version: 4.18.1812.3
    I have other warnings for for example CCleaner HitmanPro and Zemana AntiMalware portable.
     

    Andy Ful

    Level 57
    Verified
    Trusted
    Content Creator
    Okay, thanks. Do I have to to press APPLY CHANGES after that?
    A block I see at the moment:

    I also have a lot of lsass.exe messages like this one:

    I have other warnings for for example CCleaner HitmanPro and Zemana AntiMalware portable.
    You have to apply changes - they will require log off from the account.

    You probably do not need the blocked application software_reporter_tool.exe, see there:
    How to block the Chrome Software Reporter Tool (software_reporter_tool.exe) - gHacks Tech News
    This tool is installed in unsafe location 'C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter', which can be writable by any malware. It is a very popular unsafe location, so it is better to avoid whitelisting it. I have installed Google Chrome and have the folder 'C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter', totally empty.

    You can change the four Audit settings in ConfigureDefender to Disabled, if you do not want to see the Audit alerts . Those settings are set to Audit, because the user can see if enabling them can make some problems.
     

    Gandalf_The_Grey

    Level 28
    Verified
    You have to apply changes - they will require log off from the account.

    You probably do not need the blocked application software_reporter_tool.exe, see there:
    How to block the Chrome Software Reporter Tool (software_reporter_tool.exe) - gHacks Tech News
    This tool is installed in unsafe location 'C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter', which can be writable by any malware. It is a very popular unsafe location, so it is better to avoid whitelisting it. I have installed Google Chrome and have the folder 'C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter', totally empty.

    You can change the four Audit settings in ConfigureDefender to Disabled, if you do not want to see the Audit alerts . Those settings are set to Audit, because the user can see if enabling them can make some problems.
    Thank again for your great support (y)
    I have put the 4 audit settings in ConfigureDefender to disabled.
    Will see tomorrow if there are still any blocks and/or warnings.
     

    Windows_Security

    Level 23
    Verified
    Trusted
    Content Creator
    @Gandalf_The_Grey

    What did you do? You mentioned the new Adguard Beta extension with Stealth of which I was completely unaware! I am in my second day of the Browser Extension Anonymous rehab program. I can't sleep, I can't watch my favourite series, I am just staring at the twitter post of Adguard Beta in this thread. I don't dare to touch the keyboard or mouse. I am talking loud repeating my rehab mantra: don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, . . . .

    My name is Kees and I am . . .
     

    Gandalf_The_Grey

    Level 28
    Verified
    @Gandalf_The_Grey

    What did you do? You mentioned the new Adguard Beta extension with Stealth of which I was completely unaware! I am in my second day of the Browser Extension Anonymous rehab program. I can't sleep, I can't watch my favourite series, I am just staring at the twitter post of Adguard Beta in this thread. I don't dare to touch the keyboard or mouse. I am talking loud repeating my rehab mantra: don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, don't right click remove smart adblocker and install Adguard beta, . . . .

    My name is Kees and I am . . .
    Sorry Kees. It just looked so cool and shiny.... :oops: Have to be more careful when posting these things :D
    Maybe @Jack can block those posts especially for you :unsure:
     

    Windows_Security

    Level 23
    Verified
    Trusted
    Content Creator
    @oldschool,

    Not yet, one of my legs is shorter than the other and both my feet's too long, but tomorrow (Saturday) Bobby Brown will give me a lift to the Browser Extension Anonymous Meeting (BEAM). Your line about CyberHosT tempted me to try Adguard Beta in a VM. I thought a VM is only virtual, not persistant, so running Adguard beta in a VM would not count as a relapse, but only a slip from rehab?

    Stealth mode really impressive
    1547856904931.png

    Regards Kees
     

    oldschool

    Level 49
    Verified
    @oldschool,

    Not yet, one of my legs is shorter than the other and both my feet's too long, but tomorrow (Saturday) Bobby Brown will give me a lift to the Browser Extension Anonymous Meeting (BEAM). Your line about CyberHosT tempted me to try Adguard Beta in a VM. I thought a VM is only virtual, not persistant, so running Adguard beta in a VM would not count as a relapse, but only a slip from rehab?

    Stealth mode really impressive
    View attachment 206684

    Regards Kees
    :LOL::LOL::LOL:
     

    Gandalf_The_Grey

    Level 28
    Verified
    You have to apply changes - they will require log off from the account.

    You probably do not need the blocked application software_reporter_tool.exe, see there:
    How to block the Chrome Software Reporter Tool (software_reporter_tool.exe) - gHacks Tech News
    This tool is installed in unsafe location 'C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter', which can be writable by any malware. It is a very popular unsafe location, so it is better to avoid whitelisting it. I have installed Google Chrome and have the folder 'C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter', totally empty.

    You can change the four Audit settings in ConfigureDefender to Disabled, if you do not want to see the Audit alerts . Those settings are set to Audit, because the user can see if enabling them can make some problems.
    The only warning left on my system after setting the 4 audit settings to disabled is for the software_reporter_tool.exe. (y)
    Access to C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter\37.186.201\software_reporter_tool.exe has been restricted by your Administrator by the default software restriction policy level.
    I don't want to block it.
    Should I Whitelist it by hash?
    What is the best option here?
     

    Windows_Security

    Level 23
    Verified
    Trusted
    Content Creator
    Options
    1. Most secure - no hassle: Leave it as it is (Software Restriction Policies will block it, elevated Chrome update is allowed to update it)
    2. Secure with hassle: Allow by hash, after an update the hash is probably changed, so you need to recreate an allow by hash rule
    3. Less secure with no hassle: Allow by path name, name remains the same, but processes spoofing this name could sneak through SRP

    I would follow Andy's advice (option 1) and set the chrome flag "Extension Content Verification" to "Enforce strict (if we can get hashes ...".or simular text. This should prevent sneaky side loading of extensions. Since you only use some (three?) reputable extensions, you should be fine.
     

    Andy Ful

    Level 57
    Verified
    Trusted
    Content Creator
    ...
    I don't want to block it.
    Should I Whitelist it by hash?
    What is the best option here?
    You can whitelist it, because such vulnerability could be exploited in practice only in the targeted attacks. If you do not want to see it blocked after the Chrome update, then you can whitelist that executable by path with wildcards.
    Use <Whitelist By Path><Add Path*Wildcards> and write the path to the executable, with ??.???.??? instead of 37.186.201 and your account name instead xxx:
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter\??.???.???\software_reporter_tool.exe
     
    Last edited:

    Gandalf_The_Grey

    Level 28
    Verified
    You can whitelist it, because such vulnerability could be exploited in practice only in the targeted attacks. If you do not want to see it blocked after the Chrome update, then you can whitelist that executable by path with wildcards.
    Use <Whitelist By Path><Add Path*Wildcards> and write the path to the executable, with ??.???.??? instead of 37.186.201 and your account name instead xxx:
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter\??.???.???\software_reporter_tool.exe
    Thank you, that seems to work and learned something new about using wildcards. (y)
     

    Gandalf_The_Grey

    Level 28
    Verified
    Options
    1. Most secure - no hassle: Leave it as it is (Software Restriction Policies will block it, elevated Chrome update is allowed to update it)
    2. Secure with hassle: Allow by hash, after an update the hash is probably changed, so you need to recreate an allow by hash rule
    3. Less secure with no hassle: Allow by path name, name remains the same, but processes spoofing this name could sneak through SRP

    I would follow Andy's advice (option 1) and set the chrome flag "Extension Content Verification" to "Enforce strict (if we can get hashes ...".or simular text. This should prevent sneaky side loading of extensions. Since you only use some (three?) reputable extensions, you should be fine.
    Did option 2 with wildcards (and the help from Andy) and set the chrome flag "Extension Content Verification" to "Enforce strict.
    Using currently 4 extensions (AdGuard, Emsisoft, Windows Defender and LastPass) and try hard to keep that number... ;)
     

    Handsome Recluse

    Level 23
    Verified
    @oldschool,

    Not yet, one of my legs is shorter than the other and both my feet's too long, but tomorrow (Saturday) Bobby Brown will give me a lift to the Browser Extension Anonymous Meeting (BEAM). Your line about CyberHosT tempted me to try Adguard Beta in a VM. I thought a VM is only virtual, not persistant, so running Adguard beta in a VM would not count as a relapse, but only a slip from rehab?

    Stealth mode really impressive
    View attachment 206684

    Regards Kees
    What does it have over the original version other than Stealth Mode and a new UI?
     

    Gandalf_The_Grey

    Level 28
    Verified
    What does it have over the original version other than Stealth Mode and a new UI?
    From: AdguardTeam/AdguardBrowserExtension :
    Improved] Renewed design
    Fresh icon and menu designs that make interface more natural and user-friendly, with a big "On/Off" switch. Brand-new “Statistics” tab creates charts based on your blocked ads statistics, with the ability to show different types of data: total, filter-specific etc.
    What's more, user filter editor has undergone a few changes too. Luminous element highlighting and auto-save function as well as unified filtering rules' text field should make editing more convinient.
    [Improved] Get rid of the tabs in the filters settings
    Now, each filter category (group of filters with similar purpose e.g. Ad blocking, Social Widgets etc.) has an icon and is easier to access. In addition, it can be turned on/off at once, thus making filter management smoother.
    [Added] Merge StealthMode Extension code
    We took online privacy protection in our extension to the next level by adding the Privacy module, which until this day existed only in the standalone AdGuard for Windows app. Although it doesn’t have the full capabilities of its desktop parent yet, it still makes the extension all the more effective for protecting privacy against trackers and analytical systems.
    [Added] "Filters update period" setting
    Before, filters were automatically updated every 48 hours (default period), now you can adjust the frequency of automatic updates (by choosing from options: every 1/6/12/24/48 hours) or disable them completely, in case you prefer to update them manually.
    [Added] An option to disable integration mode while keeping the extension up
    If you already have the AdGuard app, our browser extension may become a very useful additional tool, which can completely replace the browser-based “AdGuard Assistant” module (learn more). It’s called Integration mode and now you can turn it on or off in the “Other settings” tab.
    And lots more added, changed, fixed and improved (under Common)
    [*][Added] Notifications for various actions, e.g. filter updates #1167
    [*][Added] A notification with changelog after an update #1025
    [*][Added] "About" screen #1135
    [*][Added] $cookie modifier support #961
    [*][Added] "Submit a complaint" item to the right-click menu #1072
    [*][Added] Update filter after enabling it #1181
    [*][Added] Show notify when checking for filters update using context menu #1073
    [*][Changed] Wording for manual blocking tool options #1169
    [*][Changed] A forwarder is now used for all links #1109
    [*][Changed] Localizations have been updated #1174
    [*][Fixed] Assistant advanced settings button doesn't respond #1091
    [*][Fixed] $extension modifier prevents first-party URL blocking #1122
    [*][Fixed] Invalid exclusions are created using Filtering Log #1131
    [*][Fixed] "Third-party" icon size in Filtering Log #1069
    [*][Fixed] Some hidden elements are not shown in the Filtering Log #1123
    [*][Fixed] Some requests are not visible in the Filtering Log #1138
    [*][Fixed] While in integration mode, new rules are not imported to the desktop AG User filter #10
    [*][Fixed] Incorrect file types are accepted when you try to import a User filter #1039
    [*][Fixed] AdGuard settings are not fully visible when accessing them from the overflow menu #970
    [*][Improved] $csp rules are now disabled if there's a document-level exception applied to the website #1093
    [*][Improved] Extension is now more friendly towards visually impaired users #953
    [*][Improved] Multiple $replace rules can be applied to a single web request now #1092
    [*][Improved] Network requests excluded by a rule in a custom filter can now be blocked #1044
    [*][Improved] "abp:subscribe" links are now intercepted properly #1149
    50401638-46c5ad80-07a1-11e9-9dca-95aa8ef2eb06.png50401666-7674b580-07a1-11e9-8de8-ece53875daa9.png50424262-8b6d4980-0872-11e9-8053-ba4c68f189f6.png50424316-cd968b00-0872-11e9-8b20-e46a414f564c.png
     
    Last edited:

    notabot

    Level 15
    You can whitelist it, because such vulnerability could be exploited in practice only in the targeted attacks. If you do not want to see it blocked after the Chrome update, then you can whitelist that executable by path with wildcards.
    Use <Whitelist By Path><Add Path*Wildcards> and write the path to the executable, with ??.???.??? instead of 37.186.201 and your account name instead xxx:
    C:\Users\xxx\AppData\Local\Google\Chrome\User Data\SwReporter\??.???.???\software_reporter_tool.exe
    Why for a targeted attack this shouldn’t be whitelisted ?
     

    Andy Ful

    Level 57
    Verified
    Trusted
    Content Creator
    Why for a targeted attack this shouldn’t be whitelisted ?
    The path of the software_reporter_tool.exe is writable. If there is a danger of targeted attacks (like in organizations), then any writable path should not be executable, except the files whitelisted by hash.
    If not, then the attacker could get the information or simply guess the whitelisted path to replace silently the whitelisted file with the malware, and then he could successfully execute the malware. Furthermore, the malware could be started with Windows.
    In the home environment with default deny setup, such scenario is rather improbable.
     
    Top