Latest changes
Jun 18, 2020
Daily driver
My primary device
Operating system
Windows 10 Pro
OS build or version
2004.
System type
64-bit operating system; x64-based processor
Update and Security
Allow all automatic updates
User Access Control
Always notify
Firewall and Network protection
Provided by a third-party security vendor
User permissions
Administrator account
User account
Sign in with Microsoft
Sign-in options
  • Windows Hello PIN
  • Malware exposure
    No malware samples are downloaded
    Real-time Malware protection
    Symantec endpoint protection 14.3 managed by Symantec endpoint Manager. Adguard desktop. NextDNS.
    Modified security settings
    Custom virus and spyware protection (maxed out), proactive protection( Sonar in aggressive mode), deception policies and firewall with max security settings. installation from External devises is prevented by using device control. Exploit mitigation uses prevention of running scripts in docx files and pdf files. IPV6 traffic is blocked.Only selected application out bound traffic is allowed. Firewall is set to detect changes in application and to report for re-allowing traffic.
    Periodic scanners
    Norton power eraser. EEK, Hitman pro.
    Browser and Extensions
    Firefox,Chrome, Brave, Edge chromium with adguard, malwarebytes browser guard, lastpass and adguard vpn
    Privacy tools and VPN
    Adguard desktop, adguard vpn.
    Password manager
    lastpass
    Search engine
    Google and duckduckgo.
    Maintenance tools
    reg organizer. Kerish doctor.
    Photos and Files backup
    Windows base Image backup on two external hdds, Macrium Reflect incremental backup. Important data is also on Google drive and One drive as password protected zip file with 256 bit encryption.
    File Backup schedule
    Once or multiple times per month
    Backup and Restore
    Windows base Image backup on two external hdds, Macrium Reflect incremental backup
    Backup schedule
    Once or more per month
    Computer Activity
  • Playing computer games
  • Online banking
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Downloading files from different websites
  • Office and other work-related software (Work from Home)
  • Computer Specifications
    AMD Ryzen 5 3600.
    Asus X570 tuf gaming Mobo.
    Silicon Power 256GB NVMe PCIe Gen3 M2 ssd as boot drive.
    2x 2Tb Thoshiba 7200 rpm Hdd.
    Corsair Vengeance LPX 16GB (16GBx1) 3200MHz DDR4.
    ZOTAC GAMING GeForce GTX 1660 SUPER.
    Your changelog
    1. Removed Fseure safe ( it was going to expire.)
    Edit:
    1. User access Control changed to " always notify"
    2. added "WPD" to control windows privacy settings.
    3.added malwarebytes browser guard
    4. Added firefox with Next Dns DOH enabled.
    5. Using NextDns with YogaDNs system app.
    6. Updated windows to 2004 version.

    Vitali Ortzi

    Level 18
    Verified
    I am extremely thankful @ Vitali-ortzi for suggesting me SEP and also for helping me out with configuration of SEP manager. I Use admin Account since no one else uses this pc.
    Let's start by this is not your average security Configuration.
    Rather one of the best Configuration in this forum!

    I'm very proud that you decided to set up quality policies even including Deception(honeypots).

    If I was an attacker I would s**** my pants right now 😂.

    About improvements,
    no way it's minor changes for increased security.
    Change it to major.
    And make an exclusion to your programs (fingerprint hash).

    import rules from H_C firewall hardening as well in case you haven't already.
    Set client control if some options are presented in a gray color in SEP client GUI.

    Anyway I hope you upload a few screenshots of your policies In case someone is interested.
     
    Last edited:

    Vitali Ortzi

    Level 18
    Verified
    If I make a fingerprint list using "checksum.exe" and import the same to sepm for whitelisting in system lock-down, upon updating an app say chrome.exe, will the fingerprint of that app change? if it changes, do i need to redo the whole fingerprinting again and import it....
    Any modifications to an application /file changes the hash .
    System lockdown is to aggressive for almost any kind of usage.
    I personally use it only in office /banking exclusive computers .
    In case you want system lockdown watch this first
    And always set test mode for two weeks only then production in any policies change you make .
     
    Last edited:

    Vitali Ortzi

    Level 18
    Verified
    Any modifications to an application /file changes the hash .
    System lockdown is to aggressive for almost any kind of usage.
    I personally use it only in office /banking exclusive computers .
    In case you want system lockdown watch this first
    And always set test mode for two weeks only then production in any policies change you make .
    And yes I'm sorry if the so called "premium support" of the leading company in the industry .
    Has a s**** microphone and mediocre explaination.
     

    JoyousBudweiser

    Level 7
    Verified
    Why does this PC have only one stick of ram ?
    Dual channel has best performance.
    Ya I know, Financial trouble my brother... at the time of buying. I spend a lot of money on presonus eris 4.5 powered bookshelf speakers and also on an 8" Blaupunkt Sub-woofers ( I don't repent on both). I thought i shall add one more stick when i have the extra money to spare ( but time now have changed, this corona thing had caused memory prices to skyrocket. Everything is 40 to 50% pricier. I am waiting for the prices to drop to some sane levels)
    IMG_20200530_205348.jpg
    IMG_20200530_205653.jpg
     
    Last edited:

    Nagisa

    Level 4
    Verified
    Hey, I think that the 'Download insight' feature is useless (at such a high level), unless you are sharing your computer with somebody who are a happy clicker. At higher settings, all it does is moving less reputable files to quarantine automatically. At lower settings, you decide yourself wheter you want to keep that file or not. Kind of like dynamic lockdown.
     

    Vitali Ortzi

    Level 18
    Verified
    Hey, I think that the 'Download insight' feature is useless (at such a high level), unless you are sharing your computer with somebody who are a happy clicker. At higher settings, all it does is moving less reputable files to quarantine automatically. At lower settings, you decide yourself wheter you want to keep that file or not. Kind of like dynamic lockdown.
    It's fine as long as he downloads only very popular software.
     

    JoyousBudweiser

    Level 7
    Verified
    Hey, I think that the 'Download insight' feature is useless (at such a high level), unless you are sharing your computer with somebody who are a happy clicker. At higher settings, all it does is moving less reputable files to quarantine automatically. At lower settings, you decide yourself wheter you want to keep that file or not. Kind of like dynamic lockdown.
    Till now it hasn't quarantined anything in my pc except an eicar test file. I am keeping it as a test run to see how does it performs....
     
    Top