Advanced Plus Security Geminis3's Security Config 2020

Last updated
Dec 13, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
PUP detection
Periodic malware scanners
  • MBAM Free
  • EEK
  • Hitman.Pro
  • NPE
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox, Chrome and Edge:
  • uBlock Origin
  • Bitwarden
Maintenance tools
Cleanmgr+
CCleaner portable
File and Photo backup
Google Drive
System recovery
Macrium Reflect
Risk factors
    • Browsing to popular websites
    • Downloading software and files from reputable sites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Acer Predator Helios 300 (G3-571-77QK):
  • i7-7700HQ
  • GTX 1060 6GB
  • 16GB DDR4
  • 1TB WD Blue SN550 NVMe
  • 120GB Kingston SSD
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
geminis3 said:
29/05/2020
  • Replaced 7zip with Bandizip, cause I use WD and WD protects better with MOTW
  • Blocked web32.exe with Windows Firewall (block Bandizip ads)
Click to expand...
I did the exact same things 2/3 weeks ago but I still have 7zip for the handy hash detection tool available on right click and even inside archives.
 
Last edited:
  • Like
Reactions: Step 1, Gandalf_The_Grey, harlan4096 and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,514
geminis3 said:
@Andy Ful is it possible to perform BONUS (behavior blocker) tests with WD?
Click to expand...
Andy Ful said:
Most of the behavior detections are made in the cloud backend. That is true for most AVs, so the offline behavior blocking is usually weaker.
Click to expand...
When considering the Bonus tests, I think that the idea is related to the proactive (non-signature) part of protection, even when the cloud backend is used. Such tests can be done for WD on files with MOTW. You can use RunBySmartscreen to run the sample and next ignore the SmartScreen alert. Many samples will be first detected by WD BAFS feature and for such samples, the Bonus tests cannot be done. But, If you will see the alert that WD blocks the file for 20 s, then it means that WD behavior detection against the cloud backend was started.
 
  • Like
  • +Reputation
Reactions: Nevi, Step 1, Protomartyr and 6 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Chrome

  • Trash software, I just use it when a website doesn't works on another browser.
Click to expand...
😂😂

Andy Ful said:
But, If you will see the alert that WD blocks the file for 20 s, then it means that WD behavior detection against the cloud backend was started.
Click to expand...
I see this happening for new exe files everytime. So, it's related to the cloud backend behavior blocker! Great. It often triggers before any direct execution attempt is made. Yesterday, I downloaded a malware which had a .bin extension upon extraction but it was an exe malware. So, I renamed it to .exe and immediately received that 20 sec (60 sec in my case) timeout notification and 10 sec later it was detected and removed by WD.
 
  • Like
Reactions: Nevi, Step 1, Protomartyr and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,514
SeriousHoax said:
😂😂


I see this happening for new exe files everytime. So, it's related to the cloud backend behavior blocker! Great. It often triggers before any direct execution attempt is made. Yesterday, I downloaded a malware which had a .bin extension upon extraction but it was an exe malware. So, I renamed it to .exe and immediately received that 20 sec (60 sec in my case) timeout notification and 10 sec later it was detected and removed by WD.
Click to expand...
We probably should not use the term "Behavior blocker". WD and other advanced AVs do not use a separate module which could be called a "Behavior blocker". They use behavior monitoring (locally and in the cloud) together with advanced heuristics and file reputation - the output of all of this makes behavior-based detection. If the file is running, then the detection is extended to parent and child processes (postexecution detection). The closer to the "Behavior blocker" would be WD ASR rules or Kaspersky's HIPS.

The malwares in the wild often use a multi-stage infection chain, to avoid behavior-based detection. So, the infection is often stopped not on the first chain link, but on the subsequent link. Of course, this cannot sometimes prevent the infection of the first victim.
A good example would be advanced multistage malware started by the Java (.jar) file.
I observed on Malware Hub how WD fights such attacks (in your tests) - some payloads were detected by behavior-based detections, some were blocked by ASR rules, etc.
 
  • Like
  • +Reputation
Reactions: Step 1, Protomartyr, simmerskool and 7 others
bayasdev

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
07/06/2020

  • Cleanly installed my homebrew updated LTSC ISO, after boot I ran a script to install MS Store and installed basic UWP apps like photos, movies, camera, calculator, voice recorder, etc).
  • Latest Nvidia and Intel drivers
  • Latest Office 365 provided by my uni
  • Installed Redistributable C++ AIO
  • Removed Chrome, Brave and Vivaldi

(IDLE) RAM consumption, 2004 idled at 3.1GB

1591547634571.png


Windows Update went painlessly since my ISO already contained all the cumulative updates, so it just downloaded drivers, Intel microcode, MRT and WD updates.

ConfigureDefender worked without problems :cool:

EDIT: I forgot to say that I set telemetry level to 0 in gpedit which according to MS only sends information that’s required for Malicious Software Removal Tool, and Windows Defender. (source)

1591548287207.png
 
Last edited:
  • Like
  • Applause
Reactions: amico81, Protomartyr, SeriousHoax and 7 others
Vitali Ortzi

Vitali Ortzi

Level 25
Verified
Top Poster
Well-known
Dec 12, 2016
1,405
geminis3 said:
07/06/2020

  • Cleanly installed my homebrew updated LTSC ISO, after boot I ran a script to install MS Store and installed basic UWP apps like photos, movies, camera, calculator, voice recorder, etc).
  • Latest Nvidia and Intel drivers
  • Latest Office 365 provided by my uni
  • Installed Redistributable C++ AIO
  • Removed Chrome, Brave and Vivaldi

(IDLE) RAM consumption, 2004 idled at 3.1GB

View attachment 242335

Windows Update went painlessly since my ISO already contained all the cumulative updates, so it just downloaded drivers, Intel microcode, MRT and WD updates.

ConfigureDefender worked without problems :cool:

EDIT: I forgot to say that I set telemetry level to 0 in gpedit which according to MS only sends information that’s required for Malicious Software Removal Tool, and Windows Defender. (source)

View attachment 242342
Click to expand...
Nice.
LTSC has no feature updates that reduce stability /increase attack surface.
Only security updates are present .
I done other things in my build like replacing built in tools with ones who have better functionality or security .
Unfortunately ones that have better functionality increase my attack surface but it's more convenient for usability like replacing notepad with notepad++.
 
  • Like
Reactions: Protomartyr, bayasdev and oldschool
bayasdev

bayasdev

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 10, 2015
901
Vitali Ortzi said:
Thanks I will try using it with a custom shell.
Click to expand...
Don't forget to integrate all the updates in the ISO, it's a PITA to manually update an OS from 2018
EDIT: The last time I used LTSC, I installed the ISO as is and had to spend like 2 hours with my laptop stuck installing lots of updates, such a time waster.
 
Last edited:
  • Like
  • Thanks
Reactions: Protomartyr, Vitali Ortzi and oldschool
You must log in or register to reply here.

Similar threads

A
    • Like
Question Does Sandboxie Plus Support Advanced Security Tweaks in Windows 11?
Replies
1
Views
1,195
Sandboxie
DavidXanatos
DavidXanatos
oldschool
    • +Reputation
    • Like
    • Thanks
Privacy News Protecting Your Privacy While Eroding Your Democracy: Apple's and Mozilla's PPAs (Privacy Preserving Ad Attribution) Considered Harmful
Replies
2
Views
496
Security News
bazang
bazang
Victor M
New Update Chrome 124 Ubuntu 24.04 LTS Apparmor profile
Replies
1
Views
871
ChromeOS & Linux
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top