Advanced Plus Security Kongo's Computer Security Config 2024

Last updated
Feb 25, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Deep Instinct Endpoint Protection
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code: 
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)
- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, X-Sec and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- Valkyrie
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- Docguard.iO
- PolySwarm
- Yomi
- Neiki.Dev
- ThreatZone
- UnpacMe

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 124.0.2

Extensions:
- uBlock Origin Lite
- SafeToOpen
- Bitwarden


Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)


Desktop VPN
Proton VPN with Secure Core, NetShield and Permanent Kill Switch
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Active subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2024
What I'm looking for?

Looking for minimum feedback.

Kongo

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
My security config for 2021/2022. Probably people will hate me for using Cylance, but it's working well for me at the moment. The false positives aren't that bad anymore and its really light on my system. :)
 
Last edited:
  • Like
  • +Reputation
  • Applause
Reactions: BobM, Trident, Zero Knowledge and 30 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
About the Honey extension, please read this:
Original Blog post:
palant.info

What would you risk for free Honey?

The Honey browser extension allows its server to run arbitrary code on any website, via at least four different mechanisms and obfuscating the code being loaded.
palant.info palant.info
MalwareTips discusssion:
malwaretips.com

Q&A - Honey: a privacy & security madness extension

This nice blog post is about the Honey extension and display the security and privacy problems with it: https://palant.info/2020/10/28/what-would-you-risk-for-free-honey/ The post is very long but detailed so I don't quote it here.
malwaretips.com malwaretips.com
 
  • Like
  • Wow
  • Applause
Reactions: LennyFox, windows1064, brambedkar59 and 11 others
Kongo

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
Gandalf_The_Grey said:
About the Honey extension, please read this:
Original Blog post:
palant.info

What would you risk for free Honey?

The Honey browser extension allows its server to run arbitrary code on any website, via at least four different mechanisms and obfuscating the code being loaded.
palant.info palant.info
MalwareTips discusssion:
malwaretips.com

Q&A - Honey: a privacy & security madness extension

This nice blog post is about the Honey extension and display the security and privacy problems with it: https://palant.info/2020/10/28/what-would-you-risk-for-free-honey/ The post is very long but detailed so I don't quote it here.
malwaretips.com malwaretips.com
Click to expand...
Deleted. :LOL:
 
  • Like
  • Applause
Reactions: LennyFox, bayasdev, Cortex and 7 others
Kongo

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
Thiag0 said:
Well, the only cons i've seen is Cylance and a iObit software (iObit Uninstaller), I don't find iObit products too trustworthy after the Malwarebytes incident. Anyways it looks good
Click to expand...
Totally understandable, but Cylance is really light and works well for me at the moment. I also ditched most Iobit products but the Software Updater is the only not bloated software by iobit. Also I'm not using Iobit Uninstaller, I'm using HiBit Uninstaller. Thanks for your tips, might remove Iobit Software Updater in the future as there are better software updaters anyway. :)
 
  • Like
Reactions: bayasdev, show-Zi, Cortex and 4 others
T

Thiag0

Level 1
Jan 2, 2021
11
SecureKongo said:
Totally understandable, but Cylance is really light and works well for me at the moment. I also ditched most Iobit products but the Software Updater is the only not bloated software by iobit. Also I'm not using Iobit Uninstaller, I'm using HiBit Uninstaller. Thanks for your tips, might remove Iobit Software Updater in the future as there are better software updaters anyway. :)
Click to expand...
Accidentally wrote uninstaller instead of software updater, and if Cylance is working good for you without problems, i don't see any problems on keeping it right now (y)
 
Last edited:
  • Like
Reactions: Cortex, Nevi, Venustus and 3 others
Kongo

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
FireHammer said:
Real Nice Configuration, but some of the Config I am not technically good enough to fully understand, but thanks.o_O
But I don't share the opinion about IObit software, IMHO Driver Booster is pretty good considering...:)
Click to expand...
True, it's pretty good in what its supposed to do. The problem for me was always the ads and unnecessary tools that are included. :)
 
  • Like
  • Thanks
Reactions: bayasdev, Cortex, FireHammer and 4 others
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
Last edited:
  • Like
Reactions: bayasdev, Cortex, Nevi and 4 others
Kongo

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
+ added new about:config tweaks. (geo.enabled = false, browser.cache.offline.enable = false, network.http.referer.trimmingPolicy = 2)
+ added FirewallHardening by AndyFul
 
Last edited:
  • Like
  • Applause
Reactions: bayasdev, plat, Protomartyr and 4 others
Kongo

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,498
Tiamati said:
My tests showed that BTL blocks more than pishing URLs. I suggest you test MBG and BTL here AMTSO Security Features Check Tools | AMTSO

You'll notice that BTL blocks the download of malicious files.
Click to expand...
Thanks for sharing that testing site, was looking for this one for a long time, as the one I used shut down. The reason I use MBG is the aggressiveness and the way it's blocking infecting content. It also seems to have some kind of behavioural web protection which you can see here:
 

Attachments

  • Malwarebytes.PNG
    Malwarebytes.PNG
    62.6 KB · Views: 565
Last edited:
  • Like
Reactions: Trident, brambedkar59, Nevi and 6 others

Similar threads

Kongo
    • Like
    • Applause
Advanced Security Kongo's Mobile Security Config 2024
Replies
9
Views
579
Mobile Setup Configuration Help & Showcase
Kongo
Kongo
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review ArcaBit Internet Security 2024
Replies
4
Views
888
Video Reviews - Security and Privacy
Trident
Trident
Victor M
    • Like
Advanced Plus Security Victor M - Aging PC Security Config
Replies
5
Views
1,096
PC Setup Configuration Help & Showcase
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top