Advanced Plus Security Kongo's Computer Security Config 2024

Last updated
Jul 17, 2024
How it's used?
For home and private use
Operating system
macOS 15 Sequoia
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Deep Instinct Endpoint Protection
WhitelistCloud
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code: 
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)
- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, X-Sec and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- Neiki.Dev
- ThreatZone
- UnpacMe

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 132.0.0

Extensions:
- Ghostery
- SafeToOpen
- Bitwarden


Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)


Desktop VPN
Proton VPN with Secure Core, NetShield and Permanent Kill Switch
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2024
What I'm looking for?

Looking for minimum feedback.

M

Momus

Level 2
Verified
Oct 21, 2017
61
Kongo said:
As a company name you can just mention your name.
Click to expand...
I just ordered one single license for 42 dollars, great service I have to admit! Just for documentation and to be fair with the company here is the offer:
-------------------
Hello XXX,

Yes, we can offer you one license of Deep Instinct. Attached is the quote that represents a one year subscription for 1 license of Deep Instinct. Please sign and return and we will spin up your Deep Instinct console. We can use the remaining month of May for testing and your start date will be June 1st (Invoice payment due May 25th 2023). Thank you and please let me know if you have any questions.
....................
Many thanks "Kongo", I will install Deep Instinct tonight and will share my experience...
 
  • Like
  • Applause
Reactions: simmerskool, silversurfer, Gandalf_The_Grey and 2 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Momus said:
I just ordered one single license for 42 dollars, great service I have to admit! Just for documentation and to be fair with the company here is the offer:
-------------------
Hello XXX,

Yes, we can offer you one license of Deep Instinct. Attached is the quote that represents a one year subscription for 1 license of Deep Instinct. Please sign and return and we will spin up your Deep Instinct console. We can use the remaining month of May for testing and your start date will be June 1st (Invoice payment due May 25th 2023). Thank you and please let me know if you have any questions.
....................
Many thanks "Kongo", I will install Deep Instinct tonight and will share my experience...
Click to expand...
Enjoy Deep Instinct my friend! :)
 
  • Like
Reactions: simmerskool, Neutrophil, plat and 3 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Momus said:
Quick update, checking my configuration (console) right now, client gives me an error code message "waiting for token..", so I guess I missed something...
Click to expand...
When you access the deploy page you should see a subpoint called "Installation Token" and at the buttom of the page in the box the server that you have to enter when installing the client. When you installed the client without it being able to establish a connection, then you need to uninstall the client and reinstall it. Unfortunately you can only uninstall it over CMD:
Screenshot 2023-05-11 213150.png

After uninstalling the client follow these steps.

1. Download the client from the deployment page

2. Run the installer

3. Enter the token (deployment page)

4. Enter the Tenant (basically the name of the PC --> example: Jason-PC)

5. Enter the server (buttom of the deployment page)

After that you should be able to install
 
Last edited:
  • Like
  • Hundred Points
Reactions: Nevi, silversurfer, oldschool and 4 others
M

Momus

Level 2
Verified
Oct 21, 2017
61
Kongo said:
When you access the deploy page you should see a subpoint called "Installation Token" and at the buttom of the page in the box the server that you have to enter when installing the client. When you installed the client without it being able to establish a connection, then you need to uninstall the client and reinstall it. Unfortunately you can only uninstall it over CMD:
View attachment 275296

After uninstalling the client follow these steps.

1. Download the client from the deployment page

2. Run the installer

3. Enter the token (deployment page)

4. Enter the Tenant (basically the name of the PC --> example: Jason-PC)

5. Enter the server (buttom of the deployment page. Should be: cyberforce.customers.deepinstinctweb.com)

After that you should be able to install
Click to expand...
Many, many thanks Kongo!!!! I honestly appreciate your time and efforts a lot in helping me out and saving a lot of time. You are perfectly, right, I inserted the wrong server address (used the link of provided in the email). I will give it a go tomorrow and let you know!

Have a nice evening and again, thank you very much!
 
  • +Reputation
  • Applause
Reactions: silversurfer and Kongo
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Momus said:
Many, many thanks Kongo!!!! I honestly appreciate your time and efforts a lot in helping me out and saving a lot of time. You are perfectly, right, I inserted the wrong server address (used the link of provided in the email). I will give it a go tomorrow and let you know!

Have a nice evening and again, thank you very much!
Click to expand...
Nothing to thank me for. I hope it works! :)
 
  • Like
Reactions: simmerskool, plat, silversurfer and 2 others
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Kongo said:
When you access the deploy page you should see a subpoint called "Installation Token" and at the buttom of the page in the box the server that you have to enter when installing the client. When you installed the client without it being able to establish a connection, then you need to uninstall the client and reinstall it. Unfortunately you can only uninstall it over CMD:
View attachment 275296

After uninstalling the client follow these steps.

1. Download the client from the deployment page

2. Run the installer

3. Enter the token (deployment page)

4. Enter the Tenant (basically the name of the PC --> example: Jason-PC)

5. Enter the server (buttom of the deployment page)

After that you should be able to install
Click to expand...

In the DeepInstinct console you can also uninstall the agent :)
 
  • Like
Reactions: simmerskool, silversurfer, oldschool and 1 other person
M

Momus

Level 2
Verified
Oct 21, 2017
61
Kongo said:
Only if it registered correctly. And as his client doesn't seem to able to establish a connection, I assumed that he can't uninstall from there...
Click to expand...
Yes, I uninstalled cia cmd command. But still no connection (client does not install), so I assume I missed something. Just deleted and recreated a new tennant, let's see...
 
  • Sad
  • Like
Reactions: simmerskool and Kongo
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Kongo said:
Only if it registered correctly. And as his client doesn't seem to able to establish a connection, I assumed that he can't uninstall from there...
Click to expand...
Just an idea and zero requirement, but maybe add this good installation how to info also in the new thread for Deep Instinct? I thought that thread would be full by now. 😜

malwaretips.com

Serious Discussion - Deep Instinct | Deep Learning AI Cybersecurity Platform

I opened this thread to discuss the newly Deep Instinct AV. https://www.deepinstinct.com/
malwaretips.com malwaretips.com
 
  • Like
  • Applause
Reactions: Nevi, simmerskool, plat and 4 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
upnorth said:
Just an idea and zero requirement, but maybe add this good installation how to info also in the new thread for Deep Instinct? I thought that thread would be full by now. 😜
Click to expand...
Great idea. My config has already enough pages of comments. 😅

So if anyone has further questions about Deep Instinct I would appreciate it if you could also use the new Deep Instinct thread. (y)
 
  • Like
  • Applause
  • +Reputation
Reactions: simmerskool, plat, silversurfer and 5 others
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,604
Neutrophil said:
Interesting! I want to try this. Is this reinstall friendly? i tend to go back and forth between windows 10 and 11 due to tinkering.
Click to expand...
fwiw, support said eg that you can transfer your Deepi license from VM to hardware Host, but if you want to run it on both then you need 2 licenses. How "friendly" this is remains to be seen, I think it that issue is related to your experience / time using their dashboard.
 
  • Like
Reactions: Neutrophil and Kongo
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,604
Momus said:
Quick update, checking my configuration (console) right now, client gives me an error code message "waiting for token..", so I guess I missed something...
Click to expand...
I have same problem, support said I needed to first config the tenant and license info, and then Deepi D-Client would install with token and management server info. I've been otherwise busy and haven't tried again yet, but plan to later today or tomorrow. I think the process is friendly if you have used it, but I don't find it intuitive even with the Deployment Guide open, at least not yet. I think it's me, and not DI :unsure:
 
  • Like
Reactions: Kongo
M

Momus

Level 2
Verified
Oct 21, 2017
61
simmerskool said:
I have same problem, support said I needed to first config the tenant and license info, and then Deepi D-Client would install with token and management server info. I've been otherwise busy and haven't tried again yet, but plan to later today or tomorrow. I think the process is friendly if you have used it, but I don't find it intuitive even with the Deployment Guide open, at least not yet. I think it's me, and not DI :unsure:
Click to expand...
Yeah, probably I should do a license transfer, as I now feel I checked everything. Tenant is configure but client does not install….
 
  • Like
Reactions: Kongo

Similar threads

Divine_Barakah
    • Like
    • Applause
Advanced Security Divine Barakah's PC Security Config 2024
Replies
97
Views
4,113
PC Setup Configuration Help & Showcase
Divine_Barakah
Divine_Barakah
Smoke
    • Like
Advanced Plus Security Smoke's Security Config 2024
Replies
3
Views
350
PC Setup Configuration Help & Showcase
harlan4096
harlan4096
DJ Stylbator
    • Like
Basic Security DJ Stylbator Security Config 2024
Replies
7
Views
697
PC Setup Configuration Help & Showcase
harlan4096
harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top