Hello Friends. I am sharing my System & Security Configuration with you. Please help me with suggestions to improve it. 
- Apr 28, 2015
- 8,915
Enable UAC, at least, at Default, but I would set it to Always Notify...
In Virus and Malware Removal Tools, You may add MalWareBytes Free and/or EmsiSoft Emergengy Kit.
Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing
In Virus and Malware Removal Tools, You may add MalWareBytes Free and/or EmsiSoft Emergengy Kit.
Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing
Interesting setup in regards to replacing uBlock Origin in favor of NextDNS for network-wide ad blocking. It's something that I have also considered previously.
Are there any situations you've encountered where uBlock Origin would have been better? Or does NextDNS basically cover all your needs?
Some features of uBlock Origin that I have come to use a lot include the element picker and cosmetic filtering. Does NextDNS cover this?
Are there any situations you've encountered where uBlock Origin would have been better? Or does NextDNS basically cover all your needs?
Some features of uBlock Origin that I have come to use a lot include the element picker and cosmetic filtering. Does NextDNS cover this?
- Mar 29, 2018
- 7,623
Please consider switching to a Standard User Account. Nice setup.
Enable UAC, at least, at Default, but I would set it to Always Notify...
In Virus and Malware Removal Tools, You may add MalWareBytes Free and/or EmsiSoft Emergengy Kit.
Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing
I was not much aware what UAC used to do apart from disturbing with so many notifications. I have read about it. I have set UAC to Always Notify.
I had added Hitman Pro yesterday but it gave a lot of false positives due to it's Behavior Blocker. I have now added Emsisoft as my second opinion scanner. I do have Malwarebytes multi-year license. I don't install it as it starts up with Windows even if I keep real-time protection disabled & disable it's startup. I think there is some MB service which makes this happen. What is your thoughts on MB vs Emsisoft?
Thank you for all your help. I really appreciate it.
You can't do element picking and cosmetic filtering with a DNS based ad-blocker. I cannot block Youtube ads with NextDNS. I think uBlock Origin is better but I am worried about the upcoming changes from Google where blockers like uBlock may not be effective.
I will update you if I make any further changes in this department. I am still experimenting here.
Please consider switching to a Standard User Account. Nice setup.
Do I really need to switch to a standard user account? I have UAC enabled now and I am also using Trusted Application Mode of Kaspersky which won't allow any unverified app to execute.
- Mar 29, 2018
- 7,623
Your system is really locked down with your extremist configuration so the choice is yours. It depends on how (in)convenient it would be for your type of PC usage. I simply think it's good practice to use SUA.
Thank you very much. I have decided to stick with admin account for now. I will be looking at fine tuning Kaspersky Application Control to make it more harder for malware to get access to the system.
I forgot to mention one thing in my configuration. I am using this android app with it's window client to unlock my PC via fingerprint. Remote Fingerprint Unlock – Apps on Google Play
Any thoughts on the above? I am using this since a year now.
Any thoughts on the above? I am using this since a year now.
I would not use an android app for windows. That's just me though. The only bio-metric applications I would trust are in built ones from Microsoft and Apple.
- Apr 28, 2015
- 8,915
You do mean MWB <> EmsiSoft as real-time security products or as Second Opinion / Virus and Malware Removal Tools ?
As Second Opinion. It seems I have managed to install MBAM properly with Kaspersky this time. Disabled all real time protection modules and disabled all services related to MBAM to manual in services.
- Apr 28, 2015
- 8,915
You may create exclusions in case of still getting issues...
You have highlighted a important aspect of my setup. I did look for options to replace it. I couldn't find something suiting my needs. Microsoft Hello requires you to have a external device for fingerprint unlock. Another alternative from a reputed provider is Duo. We use Duo for our clients. It is very secure. I like Duo but it requires to enter password before prompting for 2FA. My Current Solution (Remote Fingerprint Unlock) allows me to get into my PC without entering any credentials. I click on the app in my mobile and authenticate my fingerprint. It also helps me to wake my PC over WLAN.
App says:
"Be sure to allow incoming and outgoing traffic (both TCP and UDP) in your firewall for the LogonUI.exe process found in C:\Windows\System32. You will be asked at the installation if you want this done automatically for you if you are using Windows Firewall."
I have not noticed any external connection from the desktop app. I need to check for the android app.
- Dec 12, 2016
- 1,404
Update the config once you are done setting up the SPEM server.
hopefully you will enjoy SEP.
BTW if anyone else wants SPEM PM me.
hopefully you will enjoy SEP.
BTW if anyone else wants SPEM PM me.
Similar threads
