Advanced Plus Security Geminis3's Security Config 2019

Last updated
Dec 6, 2019
Windows Edition
Pro
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
  • Kaspersky Internet Security 2020
Firewall security
About custom security
  • Check URLs for legitimate apps that can be used by criminals
  • Block camera acess for all aplications
  • Disable animations (for smoother experience)
  • Disable SSL scanning and script injection
  • Disable IM AV (useless in 2019 I guess)
  • Unchecked perform actions automatically
  • No browser extension
Periodic malware scanners
  • Malwarebytes Free
  • Emsisoft Emergency Kit
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome
  • Bitwarden browser extension
  • uBlock Origin (block WebRTC & CSP + CoinBlockerList)
  • Emsisoft Browser Security
Firefox
  • Bitwarden browser extension
  • uBlock Origin Beta with CNAME uncloaking (block WebRTC & CSP + CoinBlockerList)
  • Emsisoft Browser Security
Maintenance tools
  • PatchMyPC
  • ProcessExplorer
  • AutoRuns
  • CCleaner Portable
  • CPU-Z
  • HWMonitor
  • HWINFO64
  • Bandizip
File and Photo backup
  • Google Drive
System recovery
  • Macrium Reflect Free
Risk factors
    • Gaming
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Acer Predator Helios 300 (G3-571-77QK):

  • i7-7700HQ
  • GTX 1060 6GB
  • 16GB DDR4
  • 256GB SSD
  • 1TB HDD

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Looks good to me. Have you applied any OS hardening of any kind? (y)

One suggestion, if you are not already aware of it, is Hard_Configurator. It is a GUI to apply hardening via SRP. It was created and is maintained by @Andy Ful for W10 Home, but you may use it on Pro. You may find it here:

AndyFul/Hard_Configurator
I can't go default deny because I use my laptop for programming but I've tweaked Windows Defender using Group Policy Editor.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
So I'd state from this config you only have 2/3 layers of security done, maybe 1 as Macrium Reflect could be a better source of backing up files to that in comparison of Google Drive, but I believe this is merely personal opinion and not fact.

You have a Firewall which is the default from Microsoft, you have a backup solution in the form of GD, however I believe you have inadequate web protection. I'd recommend Scriptsafe & Emsisoft Browser Security for your web browser and maybe twin Windows Defender with Configure Defender or OSArmor/VoodooShield. Most attack areas now revolve around email and web.

Take the advice as you will, thanks for sharing.

~LDogg
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Update 5/7/2019

Avast was causing me a very strange behaviour when I open a website , first it looks like there's no internet for less than 2 seconds and then the website loads correctly, it didn't happened all time but I prefer to stay 100 KM away from Avast/AVG products.
  • Rolled back to a previous non Avast image and installed Bitdefender Free AV
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Let us know how it goes with BD. (y) It had some bugs when I used it 6 months ago.

This is kind of funny though: "Default - Settings are balanced for security and performance" since that's all there is to it. :)
It started freezing my laptop when I'm on battery so I rolled back and went with Panda Dome Free, I can't even feel that it's running in the background.
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Update
9/7/2019

Removed:
  • BD Free (it's still buggy and freezes my device completely :mad:)

Added:
  • Panda Dome Free (it's extremely light on my system :giggle:)
  • Panda Cloud Cleaner
  • BD TrafficLight (to complement the lack of web protection in Dome Free)

Greetings,
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I don't know what your archiver is but please consider using Bandizip or bandizip portable
It will save you from a lot of infections because Panda free is in a weaker sode compared to other well-known AVs

also please consider installing Windows defender browser protection extension for chrome since panda has a virtually useless webfilter
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
I don't know what your archiver is but please consider using Bandizip or bandizip portable
It will save you from a lot of infections because Panda free is in a weaker sode compared to other well-known AVs
I always use 7-Zip
also please consider installing Windows defender browser protection extension for chrome since panda has a virtually useless webfilter
BitDefender Traffic Light is way better than WDBP also I use CleanBrowsing DNS.
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Update
14/7/2019
  • Replaced Panda Free with F-Secure Safe
  • Added F-Secure Browsing Protection Addon
The last time I used F-Secure was when they used BD engine (Aquarius), now with Avira (Capricorn) engine it feels lighter (not as Panda but lighter than BD or WD) also it's DeepGuard (behavior blocker) and Advanced Network Protection makes it a better option over standalone Avira product which only relies on cloud and signatures.

Another thing which I appreciate is that it doesn't snoops on HTTPS connections (like most AVs nowadays). Looks like I'm going to stick with this config a long time :geek:

Edit (I forgot to list those changes)

  • Removed Panda CloudCleaner, OS Armor
  • Replaced 7-zip with Bandizip
  • Added ProcessExplorer, AutoRuns,


F-Secure Resource Usage on my laptop

216731
 
Last edited:

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Update 7/8/2019

  • Switched from CleanBrowsing DNS to Quad9 (better performance in my case).
  • My router is now running DD-WRT and fowarding DNS queries to a non standard port using built-in dnsmasq, also it removes insecure WPS function and fixes the bufferbloat problem :cool:

Greetings,
Geminis3.
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Update 15/10/2019

I reimaged my laptop with Windows 10 LTSC 2019 (based on v1809) so I reworked almost my entire config (check the summary tab ;))

Some highlights:
  • KSC Free as main protection layer
  • PatchMyPC Home to install and update software updates automatically
  • CCleaner Portable to keep my PC tidy (manual run every month)
  • Nano Adblocker + Nano Defender instead of uBlock (it can bypass some anti-adblocking techniques)
PD: I attached a screenshot of my previous config if you want to compare it.

Greetings,
Geminis3
 

Attachments

  • Old Config.jpg
    Old Config.jpg
    630.6 KB · Views: 381

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
In regards to Nano Defender, the list is already integrated into Nano Adblocker automatically, you are not using the separate extension for this?

~LDogg
 

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
In regards to Nano Defender, the list is already integrated into Nano Adblocker automatically, you are not using the separate extension for this?

~LDogg
I think that Nano Defender is needed to hide Nano Adblocker from websites.
 
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top