Advanced Plus Security Kongo's Computer Security Config 2023

Last updated
May 20, 2023
How it's used?
For home and private use
OS (desktop)
Windows 11
On-device encryption
Windows BitLocker
Log-in security
    • Local password or PIN
Security updates
Automatic - allow all updates
Update channels
Allow stable updates
Windows UAC
Always notify
Windows 11 SAC
Turned Off by choice (Note: cannot be re-enabled by the user)
WiFi network firewall
Router firewall is On
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Firewall security
Microsoft Defender Firewall
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by Smartscreen (forces Smartscreen to scan files of choice)

- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox + Sandboxie Plus

System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled

- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)

- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, RogueKiller and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 113.0.2 (Running isolated in Sandboxie Plus)

- AdGuard Extension (AdGuard Base filter + AdGuard Tracking filter)
- Skip Redirect (Skip all redirects except for URLs matching any of the lines in the no-skip-urls-list)
(2FA enabled)

Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled (also in about:config)
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled

about:config tweaks:
- network.dns.echconfig.enabled =
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true (enabled by default in Firefox 94+)
- privacy.resistFingerprinting =
- pdfjs.enableScripting = false
- browser.send_pings = false
- plugin.scan.plid.all = false
- browser.urlbar.speculativeConnect.enabled = false
- dom.event.clipboardevents.enabled = false
- dom.webnotifications.enabled = false
- browser.urlbar.groupLabels.enabled = false
- media.navigator.enabled = false
- media.peerconnection.enabled = false
- network.dns.disablePrefetch = true
- network.prefetch-next = false
- webgl.disabled = true
- browser.sessionstore.privacy_level = 2
- beacon.enabled = false
- browser.safebrowsing.downloads.remote.enabled = false
- network.IDN_show_punycode = true
- geo.enabled = false
- browser.cache.offline.enable = false
- browser.newtabpage.activity-stream.feeds.telemetry = false
- = false
- browser.tabs.crashReporting.sendReport = false
- toolkit.telemetry.enabled = false
- toolkit.telemetry.server (URL removed)
- toolkit.telemetry.unified =
- extensions.pocket.enabled = false
- security.ssl.require_safe_negotiation = true
- network.trr.mode = 3 (NextDNS)

Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)

VPN & Protocol used
Mullvad VPN
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, SUMo, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2023
What I'm looking for?

Looking for minimum feedback.


Level 85
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014

first I've heard of it... :unsure:

Highly recommended, I am using RuckZuck since two years after @harlan4096 suggested this software to me (y)


Level 29
Top Poster
Sep 13, 2018
Highly recommended, I am using RuckZuck since two years after @harlan4096 suggested this software to me

Thank you so much! I was curious about it, so I d/l the portable and it actually found an update to an obscure software used to find bulky useless files. Installed it also, a big plus. And that would be WinDirStat! Good job, RuckZuck!

Sorry Kongo, hope it's OK that I comment on your thread.


Level 32
Thread author
Top Poster
Feb 25, 2017
Thank you so much! I was curious about it, so I d/l the portable and it actually found an update to an obscure software used to find bulky useless files. And that would be WinDirStat! Good job, RuckZuck!

Sorry Kongo, hope it's OK that I comment on your thread.
How dare you commenting on MY thread! :mad:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.