Advanced Plus Security Kongo's Computer Security Config 2024

Last updated
Feb 17, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Basic account password (insecure)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Deep Instinct Endpoint Protection
Firewall security
Microsoft Defender Firewall
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)

- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox



System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled

- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
-
Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled

- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)

- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, X-Sec and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:


- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- Valkyrie
- ANY.RUN
-
Triage
- Kaspersky Threat Intelligence Portal
-
Docguard.iO
- PolySwarm
- Yomi
- Neiki.Dev
- ThreatZone
- UnpacMe


--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 122.0.1

Extensions:
- AdGuard Extension (AdGuard Base filter + AdGuard Tracking filter)
-
Netcraft

- FastForward (Bypassing trackers, blocking IP-loggers and Crowd Bypass enabled)
- Bitwarden (2FA enabled)


Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled



about:config tweaks:
- network.dns.echconfig.enabled =
true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true (enabled by default in Firefox 94+)
- pdfjs.enableScripting =
false
- network.IDN_show_punycode = true
- toolkit.telemetry.enabled = false
- toolkit.telemetry.server (URL removed)
- toolkit.telemetry.unified =
false
- security.ssl.require_safe_negotiation = true
- network.trr.mode = 3 (NextDNS)

ㅤㅤ
Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)


Desktop VPN
Mullvad VPN with WireGuard protocol
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Active subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2023
What I'm looking for?

Looking for minimum feedback.

Momus

Level 2
Verified
Oct 21, 2017
61
As a company name you can just mention your name.
I just ordered one single license for 42 dollars, great service I have to admit! Just for documentation and to be fair with the company here is the offer:
-------------------
Hello XXX,

Yes, we can offer you one license of Deep Instinct. Attached is the quote that represents a one year subscription for 1 license of Deep Instinct. Please sign and return and we will spin up your Deep Instinct console. We can use the remaining month of May for testing and your start date will be June 1st (Invoice payment due May 25th 2023). Thank you and please let me know if you have any questions.
....................
Many thanks "Kongo", I will install Deep Instinct tonight and will share my experience...
 

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,448
I just ordered one single license for 42 dollars, great service I have to admit! Just for documentation and to be fair with the company here is the offer:
-------------------
Hello XXX,

Yes, we can offer you one license of Deep Instinct. Attached is the quote that represents a one year subscription for 1 license of Deep Instinct. Please sign and return and we will spin up your Deep Instinct console. We can use the remaining month of May for testing and your start date will be June 1st (Invoice payment due May 25th 2023). Thank you and please let me know if you have any questions.
....................
Many thanks "Kongo", I will install Deep Instinct tonight and will share my experience...
Enjoy Deep Instinct my friend! :)
 

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,448
Quick update, checking my configuration (console) right now, client gives me an error code message "waiting for token..", so I guess I missed something...
When you access the deploy page you should see a subpoint called "Installation Token" and at the buttom of the page in the box the server that you have to enter when installing the client. When you installed the client without it being able to establish a connection, then you need to uninstall the client and reinstall it. Unfortunately you can only uninstall it over CMD:
Screenshot 2023-05-11 213150.png

After uninstalling the client follow these steps.

1. Download the client from the deployment page

2. Run the installer

3. Enter the token (deployment page)

4. Enter the Tenant (basically the name of the PC --> example: Jason-PC)

5. Enter the server (buttom of the deployment page)

After that you should be able to install
 
Last edited:

Momus

Level 2
Verified
Oct 21, 2017
61
When you access the deploy page you should see a subpoint called "Installation Token" and at the buttom of the page in the box the server that you have to enter when installing the client. When you installed the client without it being able to establish a connection, then you need to uninstall the client and reinstall it. Unfortunately you can only uninstall it over CMD:

After uninstalling the client follow these steps.

1. Download the client from the deployment page

2. Run the installer

3. Enter the token (deployment page)

4. Enter the Tenant (basically the name of the PC --> example: Jason-PC)

5. Enter the server (buttom of the deployment page. Should be: cyberforce.customers.deepinstinctweb.com)

After that you should be able to install
Many, many thanks Kongo!!!! I honestly appreciate your time and efforts a lot in helping me out and saving a lot of time. You are perfectly, right, I inserted the wrong server address (used the link of provided in the email). I will give it a go tomorrow and let you know!

Have a nice evening and again, thank you very much!
 

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,448
Many, many thanks Kongo!!!! I honestly appreciate your time and efforts a lot in helping me out and saving a lot of time. You are perfectly, right, I inserted the wrong server address (used the link of provided in the email). I will give it a go tomorrow and let you know!

Have a nice evening and again, thank you very much!
Nothing to thank me for. I hope it works! :)
 

Shadowra

Level 32
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,146
When you access the deploy page you should see a subpoint called "Installation Token" and at the buttom of the page in the box the server that you have to enter when installing the client. When you installed the client without it being able to establish a connection, then you need to uninstall the client and reinstall it. Unfortunately you can only uninstall it over CMD:

After uninstalling the client follow these steps.

1. Download the client from the deployment page

2. Run the installer

3. Enter the token (deployment page)

4. Enter the Tenant (basically the name of the PC --> example: Jason-PC)

5. Enter the server (buttom of the deployment page)

After that you should be able to install

In the DeepInstinct console you can also uninstall the agent :)
 

Momus

Level 2
Verified
Oct 21, 2017
61
Only if it registered correctly. And as his client doesn't seem to able to establish a connection, I assumed that he can't uninstall from there...
Yes, I uninstalled cia cmd command. But still no connection (client does not install), so I assume I missed something. Just deleted and recreated a new tennant, let's see...
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,447
Only if it registered correctly. And as his client doesn't seem to able to establish a connection, I assumed that he can't uninstall from there...
Just an idea and zero requirement, but maybe add this good installation how to info also in the new thread for Deep Instinct? I thought that thread would be full by now. 😜

 

Kongo

Level 35
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,448
Just an idea and zero requirement, but maybe add this good installation how to info also in the new thread for Deep Instinct? I thought that thread would be full by now. 😜
Great idea. My config has already enough pages of comments. 😅

So if anyone has further questions about Deep Instinct I would appreciate it if you could also use the new Deep Instinct thread. (y)
 

simmerskool

Level 30
Verified
Top Poster
Well-known
Apr 16, 2017
1,988
Interesting! I want to try this. Is this reinstall friendly? i tend to go back and forth between windows 10 and 11 due to tinkering.
fwiw, support said eg that you can transfer your Deepi license from VM to hardware Host, but if you want to run it on both then you need 2 licenses. How "friendly" this is remains to be seen, I think it that issue is related to your experience / time using their dashboard.
 

simmerskool

Level 30
Verified
Top Poster
Well-known
Apr 16, 2017
1,988
Quick update, checking my configuration (console) right now, client gives me an error code message "waiting for token..", so I guess I missed something...
I have same problem, support said I needed to first config the tenant and license info, and then Deepi D-Client would install with token and management server info. I've been otherwise busy and haven't tried again yet, but plan to later today or tomorrow. I think the process is friendly if you have used it, but I don't find it intuitive even with the Deployment Guide open, at least not yet. I think it's me, and not DI :unsure:
 
  • Like
Reactions: Kongo

Momus

Level 2
Verified
Oct 21, 2017
61
I have same problem, support said I needed to first config the tenant and license info, and then Deepi D-Client would install with token and management server info. I've been otherwise busy and haven't tried again yet, but plan to later today or tomorrow. I think the process is friendly if you have used it, but I don't find it intuitive even with the Deployment Guide open, at least not yet. I think it's me, and not DI :unsure:
Yeah, probably I should do a license transfer, as I now feel I checked everything. Tenant is configure but client does not install….
 
  • Like
Reactions: Kongo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top