Recent changes
Apr 1, 2020
Device priority
Primary device
Operating system
Sign-in account
Sign in with local account
Log-in security
    • Account password
Account permissions
Administrator account
Security updates
Automatically allow security and feature updates
Windows UAC
Default - Notify me only when programs try to make changes to my computer
Malware samples
No - Malware samples are not purposely downloaded
Real-time Malware protection
Not sure, default Windows.
Firewall protection
Custom - Provided by a third-party security vendor
RTP configuration
Not sure what this is
Periodic scanners
Malwarebytes Antimalware
VPN and Privacy
HTTPS Everywhere
Clear URLS
uBlock Origin
Browser(s) and Add-ons
HTTPS Everywhere
uBlock Origin
New Tab Override
Search by Image
Tags for Youtube
Clear URLS
Maintenance tools
None
Photos and Files backup
None
File backup schedule
No photo or file backups
Backup and rollback
None
Backup schedule
None
Activity usage
  1. Computer games
  2. Financial and sensitive documents
  3. Generic web browsing
  4. Streaming audio and video content from the Internet
  5. Downloading files from unfamiliar sites
  6. Video and photo editing
Computer hardware
CPU: 3950x
GPU: 1660 Super
RAM: 32GB Tridentz Neo
Storage: 970 Evo Plus + 2TB Crucial MX500
PSU: Corsair RM750x
Your changelog
-Disabled WebRTC
-Installed Bitdefender TrafficLight for Firefox

inzane

New Member
Any ideas to improve this ? Is there something like Tinywall but for sandbox? I want to isolate Firefox so im protected from javascript and other exploits but without being too overkill (like resorting to an VM)

Do I need anything else? What I do is gaming, video and audio production, and I do my taxes and business stuff here too so that is why I wanted some extra security from whatever standard Windows anti virus stuff it comes.

I like Tinywall because it blocks everything by default and you manually allow things, that is why I added it, it gives me a peace of mind knowing everything is blocked unless I allow it. noScript has the same philosophy for the browser its just too annoying to go page by page doing it that is why I wanted some sandbox. Ideally free.

I also downloaded malwarebytes, but the free version, so I just run full scans monthly or so just in case. That's about it. Im not sure if Windows has realtime protection similar to malwarebytes does.

The SO is LTSC Windows 10 Enterprise so it only has the basic security updates, not the cluttered "new epic features" that I dont like.

I've uncluttered everything I could find in Window's settings in the privacy tab, disabled everything, telemetry related, allowing webcam, mic, allow remote desktop etc.. all I could find is disabled.

I don't have a set plan of backing up, I back up randomly when I remember to backup.

I also need to learn how to use a non Admin account by default. I can't change it so I assume i need to create a separate account.

Btw: Should I enable this?



It comes "off" by default, im not sure if I enabled or disabled it. Im just not sure with Windows 10. When I enable something, im not sure if this also means "send your files to Microsoft to develop a database of threats" or something.
 
Last edited:

DJ Panda

Level 29
Verified
I would use Windows Defender and Firewall together. Add a privacy and browser cleanup like Bleachbit, and use a cloud storage and or USB to backup any important files, and make sure system restore is enabled. Also using a password manager would be ideal. Another on demand scanner like Emsisoft Emergency Kit would add another 2nd opinion if Malwarebytes were to miss anything.
 

LDogg

Level 33
Verified
Things which are optional, you should consider to change:

UAC:
- change to Always Notify

Backup:
- no excuse to not have any sort of backup solution, Macrium Reflect and Aomei Backupper are free and highly recommended

MBAM:
- use something else alongside Malwarebytes

AV:
- Use Kaspersky Cloud Free, excellent protection and very light

I think the idea of using Window Defender alone w/o proper setup and FW as well is a set up to fail imho.

~LDogg
 
Last edited:

oldschool

Level 57
Verified
I suggest you consider a Standard User Account. To do this, go to Settings>Accounts>Family and other users > Add a new account. Use it for your daily work and use Administrator Account only for admin tasks.

Also, you can add:

- ConfigureDefender to easily access/enable Windows Defender's advanced settings.

- EdgeChromium at least for sensitive usage like banking, etc. It is secure and protected by Smartscreen. You can harden it with built-in settings and edge://flags. You may disable Javascript globally and allow only on sites you visit. See relevant MT threads for more info.

- a good web filtering extension for Chrome and Firefox since these have no Smartscreen. Bitdefender Trafficlight or Windows Defender Browser Protection (this for Chrome/Chromium only.

- Brave browser is a very good Chromium browser with many built-in privacy protections. I'm a shameless Brave fanboy and you may read more about it here

You'll need to wait for other suggestions on sandboxing as I don't use one.
 

Protomartyr

Level 6
Verified
Is there something like Tinywall but for sandbox? I want to isolate Firefox so im protected from javascript and other exploits but without being too overkill (like resorting to an VM)
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.

I also downloaded malwarebytes, but the free version, so I just run full scans monthly or so just in case. That's about it. Im not sure if Windows has realtime protection similar to malwarebytes does.
Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

As @oldschool mentioned, the easiest way to configure Windows Defender is through @Andy Ful 's tool, ConfigureDefender. This tool is geared towards Windows 10 Home users, but can also be used on the Pro and Enterprise version. Please see Andy's comments about this below:
ConfigureDefender utility may be used also on Windows 10 Professional and Enterprise editions, if Administrator did not apply Defender policies via Group Policy Management Console. Normally all those policies are set to 'Not configured'. So, if Administrator applied Defender policies, then they must be set first to 'Not configured' before using ConfigureDefender.
.
Those settings can be found in Group Policy Management Console:
Computer configuration >> Policies >> Administrative templates >> Windows components >> Windows Defender Antivirus.
The tabs: MAPS, MpEngine, Real-time Protection, Reporting, Scan, Spynet, and Windows Defender Exploit Guard, should be examined.
The tool is needed for Windows 10 Home users as these options are not configurable since Group Policy Management Console (GPMC) is not available. On Windows 10 Pro/Enterprise, GPMC is available so you can manually set these polices so ConfigureDefender isn't needed. However, the tool is still useful for setting up these policies quickly instead of manually configuring each option. 'Protection Levels' set to High in ConfigureDefender is a good baseline for users.

I don't have a set plan of backing up, I back up randomly when I remember to backup.
I would at least do a monthly backup of your system. The free version of Macrium Reflect does the job well. Please see my comments on the matter for more info.

Btw: Should I enable this?
Controlled Folder Access is prone to a lot of false positives. If you have the time to troubleshoot any false positives that may pop up, then you can leave the feature on. If not, then leave the feature off.

Note: 'Protection Levels' set to Max in ConfigureDefender also enables Controlled Folder Access which is why I recommended you start with 'Protection Levels' set to High instead.
 

pablozi

Level 26
Verified
Trusted
I think the idea of using Window Defender alone w/o proper setup and FW as well is a set up to fail imho.
I see you are repeating this nonsense like some kind of mantra.
Can you tell me why you think that WD is not sufficient?
Myself I have 2 laptops protected by slightly hardened WD only and haven't seen any infections in years.
Same config is used by my sister, my parents and many of my friends and coworkers and they share the same experience as me so what are we doing wrong?
 

LDogg

Level 33
Verified
I see you are repeating this nonsense like some kind of mantra.
Can you tell me why you think that WD is not sufficient?
Myself I have 2 laptops protected by slightly hardened WD only and haven't seen any infections in years.
Same config is used by my sister, my parents and many of my friends and coworkers and they share the same experience as me so what are we doing wrong?
Because many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice. It's more about user adaptability than protection (overall). You have to think this user isn't a Spawn or advanced user. We are here to help those who need help, suggesting something like "Use WD w/ Window Firewall" is like going for your first Impact Wrestling match without sufficient training and knowledge.

Plus if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.

~LDogg
 

LDogg

Level 33
Verified
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.


Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

As @oldschool mentioned, the easiest way to configure Windows Defender is through @Andy Ful 's tool, ConfigureDefender. This tool is geared towards Windows 10 Home users, but can also be used on the Pro and Enterprise version. Please see Andy's comments about this below:

The tool is needed for Windows 10 Home users as these options are not configurable since Group Policy Management Console (GPMC) is not available. On Windows 10 Pro/Enterprise, GPMC is available so you can manually set these polices so ConfigureDefender isn't needed. However, the tool is still useful for setting up these policies quickly instead of manually configuring each option. 'Protection Levels' set to High in ConfigureDefender is a good baseline for users.


I would at least do a monthly backup of your system. The free version of Macrium Reflect does the job well. Please see my comments on the matter for more info.


Controlled Folder Access is prone to a lot of false positives. If you have the time to troubleshoot any false positives that may pop up, then you can leave the feature on. If not, then leave the feature off.

Note: 'Protection Levels' set to Max in ConfigureDefender also enables Controlled Folder Access which is why I recommended you start with 'Protection Levels' set to High instead.
This is the type of help this individual needed. Thanks brother! :)

~LDogg
 

pablozi

Level 26
Verified
Trusted
if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.
many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice.
I agree with that.
WD evolved into very good AV and it's only a matter of few clicks to make it even more secure ;)
 

Tutman

Level 7
Verified
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.
Yes I second that idea! I have it installed but hardly use it. I do have the shortcut it installs to sandbox your browser and it works like a charm!
 

inzane

New Member
Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.


Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

Thanks for input, im looking at all this. Where can I download the latest Sandboxie build? I have to compile it?

Also, if I use MBAM and Premium Trial passes and I lose realtime protection, is Windows aware of this and its own realtime protection kicks in?
 

Digmor Crusher

Level 8
Verified
Because many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice. It's more about user adaptability than protection (overall). You have to think this user isn't a Spawn or advanced user. We are here to help those who need help, suggesting something like "Use WD w/ Window Firewall" is like going for your first Impact Wrestling match without sufficient training and knowledge.

Plus if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.

~LDogg

I don't know, I find Defender with or without Configure Defender quite simple to understand, no harder than any AV and a lot easier than some. With Configure Defender it provides excellent protection and no bloat.
 

Protomartyr

Level 6
Verified
Thanks for input, im looking at all this. Where can I download the latest Sandboxie build? I have to compile it?

Also, if I use MBAM and Premium Trial passes and I lose realtime protection, is Windows aware of this and its own realtime protection kicks in?
The build from Sophos has an installer (check the section titled 'Downloads') but that won't be updated anymore. Now that Sandboxie is open source, Tom Brown (one of the original devs) is maintaining a fork here: sandboxie/sandboxie. Currently you have to compile and build the installer yourself but that may change soon. The source code was only released 10 days ago.

Windows Defender should automatically activate its real-time protection once the Malwarebytes Premium trial expires. You can actually run both with real-time protection on (that's what I do) by going into Malwarebytes settings and making sure the below option is unchecked.

 

LDogg

Level 33
Verified
I don't know, I find Defender with or without Configure Defender quite simple to understand, no harder than any AV and a lot easier than some. With Configure Defender it provides excellent protection and no bloat.
I don't think some understood my point :p, the point was one needs to evaluate the level of advice they give to someone based on the assumed computer knowledge & what their needs are. I this case the user has a Free 30 day trial of MBAM, the user wishes to have WD, my point was referencing the first reply to this post from a user whom stated "try Windows Defender + Firewall" w/o any other information or advice on how to utilise it properly.

~LDogg
 

Digmor Crusher

Level 8
Verified
I don't think some understood my point :p, the point was one needs to evaluate the level of advice they give to someone based on the assumed computer knowledge & what their needs are. I this case the user has a Free 30 day trial of MBAM, the user wishes to have WD, my point was referencing the first reply to this post from a user whom stated "try Windows Defender + Firewall" w/o any other information or advice on how to utilise it properly.

~LDogg
ok.
 

inzane

New Member
I suggest you consider a Standard User Account. To do this, go to Settings>Accounts>Family and other users > Add a new account. Use it for your daily work and use Administrator Account only for admin tasks.



Do I click there? I have to add an email address? This is strange. I have to click on "I don't have the data for this person" and then "add an user without a Microsoft account"? Why is Microsoft hiding this obvious "create a new account" thing into this obscure thing? this is nonsense. Also this translates as "add another person to this computer" when it should be "add another account" because it sounds like im giving remote PC access to someone by adding them in there... at least thats how it translates in spanish to english.


- EdgeChromium at least for sensitive usage like banking, etc. It is secure and protected by Smartscreen. You can harden it with built-in settings and edge://flags. You may disable Javascript globally and allow only on sites you visit. See relevant MT threads for more info.

- a good web filtering extension for Chrome and Firefox since these have no Smartscreen. Bitdefender Trafficlight or Windows Defender Browser Protection (this for Chrome/Chromium only.

Can you tell me what good web filtering extension to use in Firefox?

Im going to be using Sandboxie. The last release because I can't be bothered to compile the new one tbh. I hope they start compiling soon and add checksums to verify you can trust the compilation.

Also its so annoying how they ask you a bunch of stuff to download Sandboxie. Thats ridiculous.
 

oldschool

Level 57
Verified
Do I click there?
Yes.

This is strange. I have to click on "I don't have the data for this person" and then "add an user without a Microsoft account"?
M$ now places many obstacles in the way of the user trying to configure accounts. They really want you to use a M$ account so they can "keep you connected" (track you :LOL:)

it sounds like im giving remote PC access to someone by adding them in there... at least thats how it translates in spanish to english.
Yes, probably a translation issue. It is safe to proceed.
Can you tell me what good web filtering extension to use in Firefox?

Emsisoft Browser Security, Bitdefender Trafficlight or Malwarebytes Browser Guard
 

Vitali Ortzi

Level 20
Verified
Those specs are insane is this PC used for editing ?
LTSC was a really smart choice 👍.
Oh and I would recommend trying out Comodo firewall (cruel settings) since it's a really nice whitelisting based auto sandbox with a nice firewall built in .
hopefully what you were looking for :) .
 
Last edited:

SumTingWong

Level 24
Verified
Those specs are insane is this PC used for editing ?
LTSC was a really smart choice 👍.
Oh and I would recommend trying out Comodo firewall (cruel settings) since it's a really nice whitelisting based auto sandbox with a nice firewall built in .
hopefully what you were looking for :) .

3950x is a monster. 16 cores/32 threads. You can run multi vm and play triple A title game at the same time no problem.