At-Risk inzane's desktop setup 2020

Last updated
Apr 1, 2020
How it's used?
For home and private use
Operating system
Windows 11
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
Not sure, default Windows.
Firewall security
About custom security
Not sure what this is
Periodic malware scanners
Malwarebytes Antimalware
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
HTTPS Everywhere
uBlock Origin
New Tab Override
Search by Image
Tags for Youtube
Clear URLS
Maintenance tools
None
File and Photo backup
None
System recovery
None
Risk factors
    • Gaming
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
    • Browsing to unknown / untrusted / shady sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
CPU: 3950x
GPU: 1660 Super
RAM: 32GB Tridentz Neo
Storage: 970 Evo Plus + 2TB Crucial MX500
PSU: Corsair RM750x
Notable changes
-Disabled WebRTC
-Installed Bitdefender TrafficLight for Firefox

inzane

New Member
Thread author
Apr 21, 2020
9
Any ideas to improve this ? Is there something like Tinywall but for sandbox? I want to isolate Firefox so im protected from javascript and other exploits but without being too overkill (like resorting to an VM)

Do I need anything else? What I do is gaming, video and audio production, and I do my taxes and business stuff here too so that is why I wanted some extra security from whatever standard Windows anti virus stuff it comes.

I like Tinywall because it blocks everything by default and you manually allow things, that is why I added it, it gives me a peace of mind knowing everything is blocked unless I allow it. noScript has the same philosophy for the browser its just too annoying to go page by page doing it that is why I wanted some sandbox. Ideally free.

I also downloaded malwarebytes, but the free version, so I just run full scans monthly or so just in case. That's about it. Im not sure if Windows has realtime protection similar to malwarebytes does.

The SO is LTSC Windows 10 Enterprise so it only has the basic security updates, not the cluttered "new epic features" that I dont like.

I've uncluttered everything I could find in Window's settings in the privacy tab, disabled everything, telemetry related, allowing webcam, mic, allow remote desktop etc.. all I could find is disabled.

I don't have a set plan of backing up, I back up randomly when I remember to backup.

I also need to learn how to use a non Admin account by default. I can't change it so I assume i need to create a separate account.

Btw: Should I enable this?

tomi56u1vbrn9sgfdani.png


It comes "off" by default, im not sure if I enabled or disabled it. Im just not sure with Windows 10. When I enable something, im not sure if this also means "send your files to Microsoft to develop a database of threats" or something.
 
Last edited:

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
I would use Windows Defender and Firewall together. Add a privacy and browser cleanup like Bleachbit, and use a cloud storage and or USB to backup any important files, and make sure system restore is enabled. Also using a password manager would be ideal. Another on demand scanner like Emsisoft Emergency Kit would add another 2nd opinion if Malwarebytes were to miss anything.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Things which are optional, you should consider to change:

UAC:
- change to Always Notify

Backup:
- no excuse to not have any sort of backup solution, Macrium Reflect and Aomei Backupper are free and highly recommended

MBAM:
- use something else alongside Malwarebytes

AV:
- Use Kaspersky Cloud Free, excellent protection and very light

I think the idea of using Window Defender alone w/o proper setup and FW as well is a set up to fail imho.

~LDogg
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,624
I suggest you consider a Standard User Account. To do this, go to Settings>Accounts>Family and other users > Add a new account. Use it for your daily work and use Administrator Account only for admin tasks.

Also, you can add:

- ConfigureDefender to easily access/enable Windows Defender's advanced settings.

- EdgeChromium at least for sensitive usage like banking, etc. It is secure and protected by Smartscreen. You can harden it with built-in settings and edge://flags. You may disable Javascript globally and allow only on sites you visit. See relevant MT threads for more info.

- a good web filtering extension for Chrome and Firefox since these have no Smartscreen. Bitdefender Trafficlight or Windows Defender Browser Protection (this for Chrome/Chromium only.

- Brave browser is a very good Chromium browser with many built-in privacy protections. I'm a shameless Brave fanboy and you may read more about it here

You'll need to wait for other suggestions on sandboxing as I don't use one.
 

Protomartyr

Level 7
Sep 23, 2019
314
Is there something like Tinywall but for sandbox? I want to isolate Firefox so im protected from javascript and other exploits but without being too overkill (like resorting to an VM)
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.

I also downloaded malwarebytes, but the free version, so I just run full scans monthly or so just in case. That's about it. Im not sure if Windows has realtime protection similar to malwarebytes does.
Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

As @oldschool mentioned, the easiest way to configure Windows Defender is through @Andy Ful 's tool, ConfigureDefender. This tool is geared towards Windows 10 Home users, but can also be used on the Pro and Enterprise version. Please see Andy's comments about this below:
ConfigureDefender utility may be used also on Windows 10 Professional and Enterprise editions, if Administrator did not apply Defender policies via Group Policy Management Console. Normally all those policies are set to 'Not configured'. So, if Administrator applied Defender policies, then they must be set first to 'Not configured' before using ConfigureDefender.
.
Those settings can be found in Group Policy Management Console:
Computer configuration >> Policies >> Administrative templates >> Windows components >> Windows Defender Antivirus.
The tabs: MAPS, MpEngine, Real-time Protection, Reporting, Scan, Spynet, and Windows Defender Exploit Guard, should be examined.
The tool is needed for Windows 10 Home users as these options are not configurable since Group Policy Management Console (GPMC) is not available. On Windows 10 Pro/Enterprise, GPMC is available so you can manually set these polices so ConfigureDefender isn't needed. However, the tool is still useful for setting up these policies quickly instead of manually configuring each option. 'Protection Levels' set to High in ConfigureDefender is a good baseline for users.

I don't have a set plan of backing up, I back up randomly when I remember to backup.
I would at least do a monthly backup of your system. The free version of Macrium Reflect does the job well. Please see my comments on the matter for more info.

Btw: Should I enable this?
Controlled Folder Access is prone to a lot of false positives. If you have the time to troubleshoot any false positives that may pop up, then you can leave the feature on. If not, then leave the feature off.

Note: 'Protection Levels' set to Max in ConfigureDefender also enables Controlled Folder Access which is why I recommended you start with 'Protection Levels' set to High instead.
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,861
I think the idea of using Window Defender alone w/o proper setup and FW as well is a set up to fail imho.
I see you are repeating this nonsense like some kind of mantra.
Can you tell me why you think that WD is not sufficient?
Myself I have 2 laptops protected by slightly hardened WD only and haven't seen any infections in years.
Same config is used by my sister, my parents and many of my friends and coworkers and they share the same experience as me so what are we doing wrong?
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I see you are repeating this nonsense like some kind of mantra.
Can you tell me why you think that WD is not sufficient?
Myself I have 2 laptops protected by slightly hardened WD only and haven't seen any infections in years.
Same config is used by my sister, my parents and many of my friends and coworkers and they share the same experience as me so what are we doing wrong?
Because many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice. It's more about user adaptability than protection (overall). You have to think this user isn't a Spawn or advanced user. We are here to help those who need help, suggesting something like "Use WD w/ Window Firewall" is like going for your first Impact Wrestling match without sufficient training and knowledge.

Plus if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.

~LDogg
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.


Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

As @oldschool mentioned, the easiest way to configure Windows Defender is through @Andy Ful 's tool, ConfigureDefender. This tool is geared towards Windows 10 Home users, but can also be used on the Pro and Enterprise version. Please see Andy's comments about this below:

The tool is needed for Windows 10 Home users as these options are not configurable since Group Policy Management Console (GPMC) is not available. On Windows 10 Pro/Enterprise, GPMC is available so you can manually set these polices so ConfigureDefender isn't needed. However, the tool is still useful for setting up these policies quickly instead of manually configuring each option. 'Protection Levels' set to High in ConfigureDefender is a good baseline for users.


I would at least do a monthly backup of your system. The free version of Macrium Reflect does the job well. Please see my comments on the matter for more info.


Controlled Folder Access is prone to a lot of false positives. If you have the time to troubleshoot any false positives that may pop up, then you can leave the feature on. If not, then leave the feature off.

Note: 'Protection Levels' set to Max in ConfigureDefender also enables Controlled Folder Access which is why I recommended you start with 'Protection Levels' set to High instead.
This is the type of help this individual needed. Thanks brother! :)

~LDogg
 

enaph

Level 29
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,861
if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.
many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice.
I agree with that.
WD evolved into very good AV and it's only a matter of few clicks to make it even more secure ;)
 

Tutman

Level 12
Verified
Top Poster
Well-known
Apr 17, 2020
542
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.
Yes I second that idea! I have it installed but hardly use it. I do have the shortcut it installs to sandbox your browser and it works like a charm!
 

inzane

New Member
Thread author
Apr 21, 2020
9
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.


Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

Thanks for input, im looking at all this. Where can I download the latest Sandboxie build? I have to compile it?

Also, if I use MBAM and Premium Trial passes and I lose realtime protection, is Windows aware of this and its own realtime protection kicks in?
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,414
Because many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice. It's more about user adaptability than protection (overall). You have to think this user isn't a Spawn or advanced user. We are here to help those who need help, suggesting something like "Use WD w/ Window Firewall" is like going for your first Impact Wrestling match without sufficient training and knowledge.

Plus if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.

~LDogg

I don't know, I find Defender with or without Configure Defender quite simple to understand, no harder than any AV and a lot easier than some. With Configure Defender it provides excellent protection and no bloat.
 

Protomartyr

Level 7
Sep 23, 2019
314
Thanks for input, im looking at all this. Where can I download the latest Sandboxie build? I have to compile it?

Also, if I use MBAM and Premium Trial passes and I lose realtime protection, is Windows aware of this and its own realtime protection kicks in?
The build from Sophos has an installer (check the section titled 'Downloads') but that won't be updated anymore. Now that Sandboxie is open source, Tom Brown (one of the original devs) is maintaining a fork here: sandboxie/sandboxie. Currently you have to compile and build the installer yourself but that may change soon. The source code was only released 10 days ago.

Windows Defender should automatically activate its real-time protection once the Malwarebytes Premium trial expires. You can actually run both with real-time protection on (that's what I do) by going into Malwarebytes settings and making sure the below option is unchecked.

malwarebytes-register-security-center.png
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
I don't know, I find Defender with or without Configure Defender quite simple to understand, no harder than any AV and a lot easier than some. With Configure Defender it provides excellent protection and no bloat.
I don't think some understood my point :p, the point was one needs to evaluate the level of advice they give to someone based on the assumed computer knowledge & what their needs are. I this case the user has a Free 30 day trial of MBAM, the user wishes to have WD, my point was referencing the first reply to this post from a user whom stated "try Windows Defender + Firewall" w/o any other information or advice on how to utilise it properly.

~LDogg
 

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,414
I don't think some understood my point :p, the point was one needs to evaluate the level of advice they give to someone based on the assumed computer knowledge & what their needs are. I this case the user has a Free 30 day trial of MBAM, the user wishes to have WD, my point was referencing the first reply to this post from a user whom stated "try Windows Defender + Firewall" w/o any other information or advice on how to utilise it properly.

~LDogg
ok.
 

inzane

New Member
Thread author
Apr 21, 2020
9
I suggest you consider a Standard User Account. To do this, go to Settings>Accounts>Family and other users > Add a new account. Use it for your daily work and use Administrator Account only for admin tasks.



Do I click there? I have to add an email address? This is strange. I have to click on "I don't have the data for this person" and then "add an user without a Microsoft account"? Why is Microsoft hiding this obvious "create a new account" thing into this obscure thing? this is nonsense. Also this translates as "add another person to this computer" when it should be "add another account" because it sounds like im giving remote PC access to someone by adding them in there... at least thats how it translates in spanish to english.


- EdgeChromium at least for sensitive usage like banking, etc. It is secure and protected by Smartscreen. You can harden it with built-in settings and edge://flags. You may disable Javascript globally and allow only on sites you visit. See relevant MT threads for more info.

- a good web filtering extension for Chrome and Firefox since these have no Smartscreen. Bitdefender Trafficlight or Windows Defender Browser Protection (this for Chrome/Chromium only.

Can you tell me what good web filtering extension to use in Firefox?

Im going to be using Sandboxie. The last release because I can't be bothered to compile the new one tbh. I hope they start compiling soon and add checksums to verify you can trust the compilation.

Also its so annoying how they ask you a bunch of stuff to download Sandboxie. Thats ridiculous.
 
  • Like
Reactions: Protomartyr

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,624
Do I click there?
Yes.

This is strange. I have to click on "I don't have the data for this person" and then "add an user without a Microsoft account"?
M$ now places many obstacles in the way of the user trying to configure accounts. They really want you to use a M$ account so they can "keep you connected" (track you :LOL:)

it sounds like im giving remote PC access to someone by adding them in there... at least thats how it translates in spanish to english.
Yes, probably a translation issue. It is safe to proceed.
Can you tell me what good web filtering extension to use in Firefox?

Emsisoft Browser Security, Bitdefender Trafficlight or Malwarebytes Browser Guard
 

Vitali Ortzi

Level 25
Verified
Top Poster
Well-known
Dec 12, 2016
1,404
Those specs are insane is this PC used for editing ?
LTSC was a really smart choice 👍.
Oh and I would recommend trying out Comodo firewall (cruel settings) since it's a really nice whitelisting based auto sandbox with a nice firewall built in .
hopefully what you were looking for :) .
 
Last edited:

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
Those specs are insane is this PC used for editing ?
LTSC was a really smart choice 👍.
Oh and I would recommend trying out Comodo firewall (cruel settings) since it's a really nice whitelisting based auto sandbox with a nice firewall built in .
hopefully what you were looking for :) .

3950x is a monster. 16 cores/32 threads. You can run multi vm and play triple A title game at the same time no problem.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top