K4E Systemconfig

[Kaffee4Eck]

I got my Windows 10 Enterprise from my company license MSDN...

My Harddrives:

1TB SSD Samsung EVO
128 SSD Samsung Pro 840
1TB WD Black
3TB WD Green
2TB Samsung SpinPoint
2TB WD Green

EDIT: I really forgot something special in here!!

I use a dedicated Firewall-System with IPS and some other great features.

Sophos UTM handles my internet and lan connections same for my wireless users.

I filter my complete traffic for bad ips, attacks and and and. Everything get already scanned by Sophos AV-Engine and Avira AV-Engine if I download something or just visit a site.

I know for private use it seems to be very overpowered but I will never miss my UTM again.

 

[Exterminator]

Enable UAC
CCleaner & Revo Uninstaller Pro should be enough
Thanks for sharing your config

 

[Deleted member 178]

Approved by Staff

lucky you to get Win10 Ent. and Office 2016

as said earlier, enable UAC.

 

[frogboy]

Enable UAC and keep the backups up to date.

Thanks for sharing.

 

[Kaffee4Eck]

Backups are always up-to-date.

I am no friend of UAC. I set my Kaspersky to inform me about changes.. This should be enough to get nerved

 

[DracusNarcrym]

Excellent config - sure seems robust!

I agree that it's not extremely important to enable UAC, as the main security application running on your computer has got you covered by notifying you for changes to your system.
I like the fact that you use system imaging software to backup your system!
I, too, use Acronis True Image and I've come to realize how convenient and powerful it is.

Also, I recommend you stick only to VeraCrypt, which is based on TrueCrypt, since the development of the main TrueCrypt application has been discontinued. (AxCrypt is also based on TrueCrypt and is a good alternative to VeraCrypt)

Thanks for sharing your config with us!

 

[LabZero]

I agree that it's not extremely important to enable UAC, as the main security application running on your computer has got you covered by notifying you for changes to your system.

I'm not fully agree.

If you use security applications that implement and possibly improve the UAC functionality, then it might make sense to configure the level of attention of the UAC, but generally, in the absence of this condition, is absolutely not recommended to disable UAC.

UAC is a security feature to prevent unauthorized changes to the system.
These changes can be made by users, by programs and, unfortunately, by malware (that is the main reason why UAC exist).
When there is a major change of system that requires administrative permissions, Windows displays a warning and UAC asks permission to make this change.
Without approval, the change is denied.

When you see a UAC warning on your screen, you can read the details of the notification to understand what is happening precisely.
Each request shall clearly indicate the name of the program that want to make changes, the source of the file and the author.
By clicking on "View details" you can see more information.
If an unknown file that is in a suspect position to requires authorization with UAC, you should deny access.

It is also true that UAC can be bypassed by malware, but that's not a valid reason for not using it

 

[DracusNarcrym]

I'm not fully agree.

If you use security applications that implement and possibly improve the UAC functionality, then it might make sense to configure the level of attention of the UAC, but generally, in the absence of this condition, is absolutely not recommended to disable UAC.

UAC is a security feature to prevent unauthorized changes to the system.
These changes can be made by users, by programs and, unfortunately, by malware (that is the main reason why UAC exist).
When there is a major change of system that requires administrative permissions, Windows displays a warning and UAC asks permission to make this change.
Without approval, the change is denied.

When you see a UAC warning on your screen, you can read the details of the notification to understand what is happening precisely.
Each request shall clearly indicate the name of the program that want to make changes, the source of the file and the author.
By clicking on "View details" you can see more information.
If an unknown file that is in a suspect position to requires authorization with UAC, you should deny access.

It is also true that UAC can be bypassed by malware, but that's not a valid reason for not using it

I'm saying that most security software offer alert and protection mechanisms for host intrusions (behavior blockers/HIPS) which provide the same level of security as UAC. In which case, UAC is made mostly redundant.
The greatest advantage of UAC is that it works at a kernel-level; this would mean that UAC is authorized to attain elevated privileges, which in turn allow it to intercept the actions of suspicious software more efficiently than other security software which operate at a more regular privilege level.
Again, I am not against using UAC, however when other proper security software is installed, disabling it increases the overall usability of the system without sacrificing too much protection.

 

[LabZero]

I'm saying that most security software offer alert and protection mechanisms for host intrusions (behavior blockers/HIPS) which provide the same level of security as UAC. In which case, UAC is made mostly redundant.
The greatest advantage of UAC is that it works at a kernel-level; this would mean that UAC is authorized to attain elevated privileges, which in turn allow it to intercept the actions of suspicious software more efficiently than other security software which operate at a more regular privilege level.
Again, I am not against using UAC, however when other proper security software is installed, disabling it increases the overall usability of the system without sacrificing too much protection.

Voodooshield for example is designed to be a better alternative to the UAC. Although it is compatible with UAC, VoodooShield works best with UAC disabled, and on computers whose user accounts run as administrator. During installation, VoodooShield will disable UAC so it can run in an optimal state.

But in a general context the average user, using an average configuration, should not disable UAC which is complementary with HIPS, BB as best security implementation.

 

[Soulbound]

For a long time in the past, I have disabled UAC until recently when I moved to WIndows 10. I never really had any software that would give me "alerts" like UAC but I only did gaming. When I did run with ESET however, I had HIPS on Policy Based mode, so I didn't really have any holes to cover.

Like others suggest, give UAC a try, even on default settings.

Been said a few posts up but you have some overlapping apps that makes others redundant, like the uninstallers for example.

Perhaps clean up a bit?

Thanks for sharing your config.

 

[DracusNarcrym]

@Klipsh @Inkurax

Well summed up about UAC.
As it happens with most cases, a middle solution is the best solution - abandoning UAC completely is a pity because it is a great security layer for average users, but sometimes it might need to be disabled for the optimal function of the overall security configuration.

@Kaffee4Eck, depending on how strict you have configured the HIPS module of Kaspersky (or ESET, if you are using that), you may want to lower the UAC notification level for better overall performance/co-ordination between the HIPS of your main security product and UAC.

 

[Kaffee4Eck]

My HIPS settings are strict. And I like Kasperskys Information Screen if some application want to change something you can make directly a rule for the programs.

Its niecer and better than UAC.

ESET too have a really great HIPS with custom Settings it can be stronger than kasperskys but I really like my performance...

EDIT: I added Adguard
Removed µBlock /or\ AdblockPlus, AdMuncher and Greasemonkey

 

[Kaffee4Eck]

Added ZenMate VPN Plugin to Firefox

 

[jamescv7]

For the long issue if UAC is needed or not, then simply the answer is yes a must need component. The purposet is you are aware on the possible programs to execute. Because if one program behaves to install silently hence you should be notified for the changes,

The logic comes when someone knocking to your door and you open it as simultaneously asks for the purpose.

 

[Kaffee4Eck]

I start every new-unknown programm within Sandboxie to show me what happens.

If a file / executable is very very suspect I check it with PEStudio.

 

[Kaffee4Eck]

Added: Cloudmark DesktopOne (Filter Spammails "really nice")
Added: Latest ProcessLasso to test it (For you DarcusNarcrym) "I hope ill see some performance improvements, but so still not many" (Ill test it for 1 Week )

Removed: Ashampoo Uninstaller 6 (Cuz Revo works better )

 

[DracusNarcrym]

Added: Cloudmark DesktopOne (Filter Spammails "really nice")
Added: Latest ProcessLasso to test it (For you DarcusNarcrym) "I hope ill see some performance improvements, but so still not many" (Ill test it for 1 Week )

Removed: Ashampoo Uninstaller 6 (Cuz Revo works better )

Thanks for taking the time to test it, @Kaffee4Eck!
I am testing it right now as well! (no noticeable improvements so far, but I'm still going to keep testing )
Two testers are better than one!

 

[Kaffee4Eck]

Your right bud.

Added some software and removed someone

Start post editied and completed.

I wish you all a nice day.

Added to my Sophos UTM / Microsofts IPs for Windows 10 Spying features.
Added to my Sophos UTM / Bad Hosts IPs and addresses.
Added to my Sophos UTM / SSL and HTTPS scanning
Added to my Sophos UTM / OpenDNS servers, IPs as DNS for all hardware

Thinking about to add AppGuard... I dont know.

 

[Kaffee4Eck]

Removed Kaspersky IS 2016 (Lets see what will happen without)

 

[Kaffee4Eck]

Patched my Sophos UTM... Yes security holes -.-

Added Comodo Internet Security Pro. (Custom HIPS, no Sandbox because of Sandboxie ) (Custom Firewall Settings) (Custom AV Settings)

F..k my PC is faster with Comodo than KIS xD