Advanced Security Gizmo's PC Config 2025

Last updated
Apr 6, 2025
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
A consumer router running the latest stable version of OpenWRT, configured as an AP bridge over ethernet. The device is directly connected to a managed switch and operates on its own dedicated VLAN. The wireless interfaces are configured to isolate clients and use WPA3 SAE (CCMP).

Additionally, there is a dedicated OPNsense firewall protecting my home network. The internal side of the network is segmented into three dedicated VLANs that are completely isolated from one another. All devices within a particular VLAN are isolated from each other as well. Pass rules are created if devices need to be able to communicate with each other. However, nearly all devices are allowed to reach out to the Internet.

Suricata (IDS/IPS) is configured to monitor all LAN interfaces and block unwanted traffic. Alerts are logged and forwarded to a local SIEM. The WAN interface is not monitored because all incoming traffic is blocked by default anyway. These are the rules I am currently using:
  • abuse.ch/Feodo Tracker
  • abuse.ch/SSL Fingerprint Blacklist
  • abuse.ch/SSL IP Blacklist
  • abuse.ch/ThreatFox
  • abuse.ch/URLhaus
  • ET open/3coresec
  • ET open/botcc
  • ET open/ciarmy
  • ET open/compromised
  • ET open/emerging-adware_pup
  • ET open/emerging-coinminer
  • ET open/emerging-current_events
  • ET open/emerging-malware
  • ET open/emerging-mobile_malware
  • ET open/emerging-phishing
  • ET open/emerging-user_agents
  • ET open/emerging-worm
  • ET open/threatview_CS_c2
Real-time security
Microsoft Defender Antivirus
Firewall security
Microsoft Defender Firewall
About custom security
  • Block all incoming connections (Defender Firewall)
  • Attack surface reduction rules applied
  • Defender Antivirus sandbox enabled
  • All exploit mitigations enabled
  • High+ blocking level enabled
  • Network Protection enabled
  • Controlled Folder Access enabled
  • Smart App Control enabled
  • SmartScreen enabled
  • Secure Boot enabled
  • Potentially Unwanted Program detection enabled
  • Memory integrity enabled
  • Kernel-mode Hardware-enforced Stack Protection enabled
  • Memory access protection enabled
  • Local Security Authority protection enabled
  • Microsoft Vulnerable Blocklist enabled
Periodic malware scanners
  • Emsisoft Emergency Kit
  • Hitman Pro
Malware sample testing
I do not participate in malware testing
Environment for malware testing
Not applicable
Browser(s) and extensions
Microsoft Edge & uBlock Origin with strict tracking prevention, third-party cookies blocked, enhanced security set to strict, SmartScreen enabled, etc.
Secure DNS
All internal traffic is forced through local DNS and filtered using blocklists before being forwarded to Quad9 over TLS.

The blocklists currently being used are:
  • [hagezi] Multi PRO - Extended protection
  • [hagezi] Threat Intelligence Feeds
  • [hagezi] Badware Hoster blocking
  • [hagezi] Dynamic DNS blocking
Desktop VPN
I do not currently use a VPN.
Password manager
KeePassXC.
Maintenance tools
Built-in Windows utilities.
File and Photo backup
3-2-1 backup strategy. All backups are encrypted and stored in the following locations: One copy on my local computer, one copy on an external hard drive, and another copy in the cloud (Proton Drive).
Subscriptions
    • None
System recovery
Full system image created with Clonezilla.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Coding and development
Computer specs
Ryzen 7 9700x, Radeon RX 7800XT, 64GB DDR5 @ 6000 MT/s, 2TB Samsung 990 PRO, etc.
Notable changes
  • Implemented an emergency system recovery solution
  • Reorganized my original post using new categories
  • Added more detailed information about rules/blocklists
  • Updated log-in security section to better reflect my setup
  • Updated DNS blocklists
What I'm looking for?

Looking for maximum feedback.

Gizmoh

Gizmoh

New Member
Thread author
Apr 5, 2025
3
All of my daily activities are done using a standard user account to further reduce my attack surface. I also make heavy use of virtual machines to do things like random web browsing and software development. This keeps me from polluting my host environment with development tools that could be leveraged against me or exposing myself when visiting potentially untrusted websites.

Please don't hesitate to let me know if you think there is something I could do better.
 
Last edited:
  • Like
  • Applause
Reactions: oldschool, Jonny Quest, Shadowra and 4 others
harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
9,073
I prefer to do a clean OS install instead of restoring from an image. See my comments above about my backup strategy.
Click to expand...

But You can restore a critical system in a few minutes, having a full image system backup solution... less time than to install and set up again a new system from scratch.
 
  • Like
  • Applause
Reactions: Back3, Jonny Quest, Shadowra and 2 others
Gizmoh

Gizmoh

New Member
Thread author
Apr 5, 2025
3
But You can restore a critical system in a few minutes, having a full image system backup solution... less time than to install and set up again a new system from scratch.
Click to expand...

After some consideration, I decided it would be a good idea to at least keep a recent system image lying around just in case I do need to recover in a hurry. I chose to use Clonezilla for this task because it is easy to use and suits my personal needs.

Could You explain, what Suricata rulesets are established and enabled?
Click to expand...

I currently have Suricata monitoring all three LAN interfaces with the following rulesets applied in blocking mode:
  • abuse.ch/Feodo Tracker
  • abuse.ch/SSL Fingerprint Blacklist
  • abuse.ch/SSL IP Blacklist
  • abuse.ch/ThreatFox
  • abuse.ch/URLhaus
  • ET open/3coresec
  • ET open/botcc
  • ET open/ciarmy
  • ET open/compromised
  • ET open/emerging-adware_pup
  • ET open/emerging-coinminer
  • ET open/emerging-current_events
  • ET open/emerging-malware
  • ET open/emerging-mobile_malware
  • ET open/emerging-phishing
  • ET open/emerging-user_agents
  • ET open/emerging-worm
  • ET open/threatview_CS_c2
Click to expand...

These are the following blocklists I am using with Ubound:
  • Hagezi's Multi PRO++ - Maximum protection (The name is a little goofy, but it has been a good, well-rounded blocklist)
Click to expand...

I do make a conscious effort to avoid lists or rules that are overly aggressive because I don't want to be bogged down with false positives. This configuration works well for my current needs, but like anything else, it will be modified and adjusted over time as my needs change.
 
Last edited by a moderator:
  • Like
Reactions: Jonny Quest, Gandalf_The_Grey and harlan4096
Gizmoh

Gizmoh

New Member
Thread author
Apr 5, 2025
3
The Multi PRO++ blocklist has been replaced with the following:
  • [hagezi] Multi PRO - Extended protection
  • [hagezi] Threat Intelligence Feeds
  • [hagezi] Dynamic DNS blocking
  • [hagezi] Badware Hoster blocking

I personally feel like these blocklists will provide excellent coverage while also reducing the potential for false positives.
 
  • Like
Reactions: oldschool and harlan4096

Similar threads

ebocious
    • Like
Advanced Plus Security Ebocious's Yoga 6 Security Config
Replies
18
Views
2,149
PC Setup Configuration Help & Showcase
ebocious
ebocious
silversurfer
    • +Reputation
    • Like
  • Sticky
Serious Discussion The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing
Replies
3
Views
640
General Security Discussions
harlan4096
harlan4096
oldschool
    • Wow
    • Like
Security News Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany
Replies
1
Views
567
Security News
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top