Latest changes
Apr 1, 2020
Daily driver
My primary device
Operating system
Windows 10 Enterprise
OS version
1809
System type
64-bit operating system; x64-based processor
Security updates
Automatically allow security and feature updates
Windows UAC
Default - Notify me only when programs try to make changes to my computer
Firewall protection
Custom - Provided by a third-party security vendor
Account privileges
Administrator account
Account type
Sign in with local account
Account log-in
  • Account Password
  • Exposure to malware
    No malware samples are downloaded
    Real-time Malware protection
    Not sure, default Windows.
    RTP configuration
    Not sure what this is
    Periodic scanners
    Malwarebytes Antimalware
    Browser and Add-ons
    HTTPS Everywhere
    uBlock Origin
    New Tab Override
    Search by Image
    Tags for Youtube
    Clear URLS
    Privacy tools and VPN
    HTTPS Everywhere
    Clear URLS
    uBlock Origin
    Password manager
    none
    Search engine
    google
    Maintenance tools
    None
    Photos and Files backup
    None
    File Backup schedule
    No data backups
    Backup and Restore
    None
    Backup schedule
    No system backups
    Computer Activity
  • Playing computer games
  • Online banking
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Downloading files from different websites
  • Recording and editing video or photos
  • Computer Specifications
    CPU: 3950x
    GPU: 1660 Super
    RAM: 32GB Tridentz Neo
    Storage: 970 Evo Plus + 2TB Crucial MX500
    PSU: Corsair RM750x
    Your changelog
    -Disabled WebRTC
    -Installed Bitdefender TrafficLight for Firefox

    inzane

    New Member
    Any ideas to improve this ? Is there something like Tinywall but for sandbox? I want to isolate Firefox so im protected from javascript and other exploits but without being too overkill (like resorting to an VM)

    Do I need anything else? What I do is gaming, video and audio production, and I do my taxes and business stuff here too so that is why I wanted some extra security from whatever standard Windows anti virus stuff it comes.

    I like Tinywall because it blocks everything by default and you manually allow things, that is why I added it, it gives me a peace of mind knowing everything is blocked unless I allow it. noScript has the same philosophy for the browser its just too annoying to go page by page doing it that is why I wanted some sandbox. Ideally free.

    I also downloaded malwarebytes, but the free version, so I just run full scans monthly or so just in case. That's about it. Im not sure if Windows has realtime protection similar to malwarebytes does.

    The SO is LTSC Windows 10 Enterprise so it only has the basic security updates, not the cluttered "new epic features" that I dont like.

    I've uncluttered everything I could find in Window's settings in the privacy tab, disabled everything, telemetry related, allowing webcam, mic, allow remote desktop etc.. all I could find is disabled.

    I don't have a set plan of backing up, I back up randomly when I remember to backup.

    I also need to learn how to use a non Admin account by default. I can't change it so I assume i need to create a separate account.

    Btw: Should I enable this?



    It comes "off" by default, im not sure if I enabled or disabled it. Im just not sure with Windows 10. When I enable something, im not sure if this also means "send your files to Microsoft to develop a database of threats" or something.
     
    Last edited:

    DJ Panda

    Level 29
    Verified
    I would use Windows Defender and Firewall together. Add a privacy and browser cleanup like Bleachbit, and use a cloud storage and or USB to backup any important files, and make sure system restore is enabled. Also using a password manager would be ideal. Another on demand scanner like Emsisoft Emergency Kit would add another 2nd opinion if Malwarebytes were to miss anything.
     

    LDogg

    Level 32
    Verified
    Things which are optional, you should consider to change:

    UAC:
    - change to Always Notify

    Backup:
    - no excuse to not have any sort of backup solution, Macrium Reflect and Aomei Backupper are free and highly recommended

    MBAM:
    - use something else alongside Malwarebytes

    AV:
    - Use Kaspersky Cloud Free, excellent protection and very light

    I think the idea of using Window Defender alone w/o proper setup and FW as well is a set up to fail imho.

    ~LDogg
     
    Last edited:

    oldschool

    Level 54
    Verified
    I suggest you consider a Standard User Account. To do this, go to Settings>Accounts>Family and other users > Add a new account. Use it for your daily work and use Administrator Account only for admin tasks.

    Also, you can add:

    - ConfigureDefender to easily access/enable Windows Defender's advanced settings.

    - EdgeChromium at least for sensitive usage like banking, etc. It is secure and protected by Smartscreen. You can harden it with built-in settings and edge://flags. You may disable Javascript globally and allow only on sites you visit. See relevant MT threads for more info.

    - a good web filtering extension for Chrome and Firefox since these have no Smartscreen. Bitdefender Trafficlight or Windows Defender Browser Protection (this for Chrome/Chromium only.

    - Brave browser is a very good Chromium browser with many built-in privacy protections. I'm a shameless Brave fanboy and you may read more about it here

    You'll need to wait for other suggestions on sandboxing as I don't use one.
     

    Protomartyr

    Level 6
    Verified
    Is there something like Tinywall but for sandbox? I want to isolate Firefox so im protected from javascript and other exploits but without being too overkill (like resorting to an VM)
    Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.

    I also downloaded malwarebytes, but the free version, so I just run full scans monthly or so just in case. That's about it. Im not sure if Windows has realtime protection similar to malwarebytes does.
    Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

    As @oldschool mentioned, the easiest way to configure Windows Defender is through @Andy Ful 's tool, ConfigureDefender. This tool is geared towards Windows 10 Home users, but can also be used on the Pro and Enterprise version. Please see Andy's comments about this below:
    ConfigureDefender utility may be used also on Windows 10 Professional and Enterprise editions, if Administrator did not apply Defender policies via Group Policy Management Console. Normally all those policies are set to 'Not configured'. So, if Administrator applied Defender policies, then they must be set first to 'Not configured' before using ConfigureDefender.
    .
    Those settings can be found in Group Policy Management Console:
    Computer configuration >> Policies >> Administrative templates >> Windows components >> Windows Defender Antivirus.
    The tabs: MAPS, MpEngine, Real-time Protection, Reporting, Scan, Spynet, and Windows Defender Exploit Guard, should be examined.
    The tool is needed for Windows 10 Home users as these options are not configurable since Group Policy Management Console (GPMC) is not available. On Windows 10 Pro/Enterprise, GPMC is available so you can manually set these polices so ConfigureDefender isn't needed. However, the tool is still useful for setting up these policies quickly instead of manually configuring each option. 'Protection Levels' set to High in ConfigureDefender is a good baseline for users.

    I don't have a set plan of backing up, I back up randomly when I remember to backup.
    I would at least do a monthly backup of your system. The free version of Macrium Reflect does the job well. Please see my comments on the matter for more info.

    Btw: Should I enable this?
    Controlled Folder Access is prone to a lot of false positives. If you have the time to troubleshoot any false positives that may pop up, then you can leave the feature on. If not, then leave the feature off.

    Note: 'Protection Levels' set to Max in ConfigureDefender also enables Controlled Folder Access which is why I recommended you start with 'Protection Levels' set to High instead.
     

    pablozi

    Level 25
    Verified
    Trusted
    I think the idea of using Window Defender alone w/o proper setup and FW as well is a set up to fail imho.
    I see you are repeating this nonsense like some kind of mantra.
    Can you tell me why you think that WD is not sufficient?
    Myself I have 2 laptops protected by slightly hardened WD only and haven't seen any infections in years.
    Same config is used by my sister, my parents and many of my friends and coworkers and they share the same experience as me so what are we doing wrong?
     

    LDogg

    Level 32
    Verified
    I see you are repeating this nonsense like some kind of mantra.
    Can you tell me why you think that WD is not sufficient?
    Myself I have 2 laptops protected by slightly hardened WD only and haven't seen any infections in years.
    Same config is used by my sister, my parents and many of my friends and coworkers and they share the same experience as me so what are we doing wrong?
    Because many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice. It's more about user adaptability than protection (overall). You have to think this user isn't a Spawn or advanced user. We are here to help those who need help, suggesting something like "Use WD w/ Window Firewall" is like going for your first Impact Wrestling match without sufficient training and knowledge.

    Plus if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.

    ~LDogg
     

    LDogg

    Level 32
    Verified
    Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.


    Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.

    As @oldschool mentioned, the easiest way to configure Windows Defender is through @Andy Ful 's tool, ConfigureDefender. This tool is geared towards Windows 10 Home users, but can also be used on the Pro and Enterprise version. Please see Andy's comments about this below:

    The tool is needed for Windows 10 Home users as these options are not configurable since Group Policy Management Console (GPMC) is not available. On Windows 10 Pro/Enterprise, GPMC is available so you can manually set these polices so ConfigureDefender isn't needed. However, the tool is still useful for setting up these policies quickly instead of manually configuring each option. 'Protection Levels' set to High in ConfigureDefender is a good baseline for users.


    I would at least do a monthly backup of your system. The free version of Macrium Reflect does the job well. Please see my comments on the matter for more info.


    Controlled Folder Access is prone to a lot of false positives. If you have the time to troubleshoot any false positives that may pop up, then you can leave the feature on. If not, then leave the feature off.

    Note: 'Protection Levels' set to Max in ConfigureDefender also enables Controlled Folder Access which is why I recommended you start with 'Protection Levels' set to High instead.
    This is the type of help this individual needed. Thanks brother! :)

    ~LDogg
     

    pablozi

    Level 25
    Verified
    Trusted
    if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.
    many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice.
    I agree with that.
    WD evolved into very good AV and it's only a matter of few clicks to make it even more secure ;)
     

    Tutman

    Level 6
    Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.
    Yes I second that idea! I have it installed but hardly use it. I do have the shortcut it installs to sandbox your browser and it works like a charm!
     

    inzane

    New Member
    Sandboxie might be what you're looking for. Sophos recently released the source code to the open source commnity. You can try the last build that Sophos released here. The Sophos build will no longer be updated. Now that it's open source, you can follow future development here.


    Only Malwarebytes Premium (not the free version) has real-time protection. Windows Defender has real-time protection as well.
    Thanks for input, im looking at all this. Where can I download the latest Sandboxie build? I have to compile it?

    Also, if I use MBAM and Premium Trial passes and I lose realtime protection, is Windows aware of this and its own realtime protection kicks in?
     

    Digmor Crusher

    Level 7
    Verified
    Because many will not know how to use the mild advanced settings inside Windows Defender, suggesting oneself to use @Andy Ful's Configure Defender would of been a more logical choice. It's more about user adaptability than protection (overall). You have to think this user isn't a Spawn or advanced user. We are here to help those who need help, suggesting something like "Use WD w/ Window Firewall" is like going for your first Impact Wrestling match without sufficient training and knowledge.

    Plus if the user wishes to use WD that's fine, but one could of shared knowledge on how to use it.

    ~LDogg
    I don't know, I find Defender with or without Configure Defender quite simple to understand, no harder than any AV and a lot easier than some. With Configure Defender it provides excellent protection and no bloat.
     

    Protomartyr

    Level 6
    Verified
    Thanks for input, im looking at all this. Where can I download the latest Sandboxie build? I have to compile it?

    Also, if I use MBAM and Premium Trial passes and I lose realtime protection, is Windows aware of this and its own realtime protection kicks in?
    The build from Sophos has an installer (check the section titled 'Downloads') but that won't be updated anymore. Now that Sandboxie is open source, Tom Brown (one of the original devs) is maintaining a fork here: sandboxie/sandboxie. Currently you have to compile and build the installer yourself but that may change soon. The source code was only released 10 days ago.

    Windows Defender should automatically activate its real-time protection once the Malwarebytes Premium trial expires. You can actually run both with real-time protection on (that's what I do) by going into Malwarebytes settings and making sure the below option is unchecked.

     

    LDogg

    Level 32
    Verified
    I don't know, I find Defender with or without Configure Defender quite simple to understand, no harder than any AV and a lot easier than some. With Configure Defender it provides excellent protection and no bloat.
    I don't think some understood my point :p, the point was one needs to evaluate the level of advice they give to someone based on the assumed computer knowledge & what their needs are. I this case the user has a Free 30 day trial of MBAM, the user wishes to have WD, my point was referencing the first reply to this post from a user whom stated "try Windows Defender + Firewall" w/o any other information or advice on how to utilise it properly.

    ~LDogg
     

    Digmor Crusher

    Level 7
    Verified
    I don't think some understood my point :p, the point was one needs to evaluate the level of advice they give to someone based on the assumed computer knowledge & what their needs are. I this case the user has a Free 30 day trial of MBAM, the user wishes to have WD, my point was referencing the first reply to this post from a user whom stated "try Windows Defender + Firewall" w/o any other information or advice on how to utilise it properly.

    ~LDogg
    ok.
     

    inzane

    New Member
    I suggest you consider a Standard User Account. To do this, go to Settings>Accounts>Family and other users > Add a new account. Use it for your daily work and use Administrator Account only for admin tasks.


    Do I click there? I have to add an email address? This is strange. I have to click on "I don't have the data for this person" and then "add an user without a Microsoft account"? Why is Microsoft hiding this obvious "create a new account" thing into this obscure thing? this is nonsense. Also this translates as "add another person to this computer" when it should be "add another account" because it sounds like im giving remote PC access to someone by adding them in there... at least thats how it translates in spanish to english.


    - EdgeChromium at least for sensitive usage like banking, etc. It is secure and protected by Smartscreen. You can harden it with built-in settings and edge://flags. You may disable Javascript globally and allow only on sites you visit. See relevant MT threads for more info.

    - a good web filtering extension for Chrome and Firefox since these have no Smartscreen. Bitdefender Trafficlight or Windows Defender Browser Protection (this for Chrome/Chromium only.
    Can you tell me what good web filtering extension to use in Firefox?

    Im going to be using Sandboxie. The last release because I can't be bothered to compile the new one tbh. I hope they start compiling soon and add checksums to verify you can trust the compilation.

    Also its so annoying how they ask you a bunch of stuff to download Sandboxie. Thats ridiculous.
     

    oldschool

    Level 54
    Verified
    Do I click there?
    Yes.

    This is strange. I have to click on "I don't have the data for this person" and then "add an user without a Microsoft account"?
    M$ now places many obstacles in the way of the user trying to configure accounts. They really want you to use a M$ account so they can "keep you connected" (track you :LOL:)

    it sounds like im giving remote PC access to someone by adding them in there... at least thats how it translates in spanish to english.
    Yes, probably a translation issue. It is safe to proceed.
    Can you tell me what good web filtering extension to use in Firefox?
    Emsisoft Browser Security, Bitdefender Trafficlight or Malwarebytes Browser Guard
     

    Vitali Ortzi

    Level 20
    Verified
    Those specs are insane is this PC used for editing ?
    LTSC was a really smart choice 👍.
    Oh and I would recommend trying out Comodo firewall (cruel settings) since it's a really nice whitelisting based auto sandbox with a nice firewall built in .
    hopefully what you were looking for :) .
     
    Last edited:

    SumTingWong

    Level 24
    Verified
    Those specs are insane is this PC used for editing ?
    LTSC was a really smart choice 👍.
    Oh and I would recommend trying out Comodo firewall (cruel settings) since it's a really nice whitelisting based auto sandbox with a nice firewall built in .
    hopefully what you were looking for :) .
    3950x is a monster. 16 cores/32 threads. You can run multi vm and play triple A title game at the same time no problem.
     
    Top