Advanced Plus Security Kongo's Computer Security Config 2024

Last updated
Feb 25, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Deep Instinct Endpoint Protection
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code: 
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)
- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, X-Sec and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- Valkyrie
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- Docguard.iO
- PolySwarm
- Yomi
- Neiki.Dev
- ThreatZone
- UnpacMe

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 125.0.2

Extensions:
- uBlock Origin Lite
- SafeToOpen
- Bitwarden


Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)


Desktop VPN
Proton VPN with Secure Core, NetShield and Permanent Kill Switch
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Active subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2024
What I'm looking for?

Looking for minimum feedback.

F

ForgottenSeer 97327

Kongo said:
+ added .zip and .mov to NextDNS blocked TLDs
Click to expand...
FYI LennyFox on github published three TLD blocklists (which I have blocked in NextDNS)
github.com

Blocklists/Block_non_latin_TLDs.txt at master · LennyFox/Blocklists

My personal blocklist. Contribute to LennyFox/Blocklists development by creating an account on GitHub.
github.com github.com
github.com

Blocklists/Block_TLDs_with_bad_reputation.txt at master · LennyFox/Blocklists

My personal blocklist. Contribute to LennyFox/Blocklists development by creating an account on GitHub.
github.com github.com
github.com

Blocklists/Warn_for_countries_with_bad_reputation.txt at master · LennyFox/Blocklists

My personal blocklist. Contribute to LennyFox/Blocklists development by creating an account on GitHub.
github.com github.com

I will browse the list in NextDNS again. Do you have a list of which TLDs you block in NextDNS?
 
  • Like
Reactions: Nevi, [correlate], simmerskool and 5 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,507
Max90 said:
FYI LennyFox on github published three TLD blocklists (which I have blocked in NextDNS)
github.com

Blocklists/Block_non_latin_TLDs.txt at master · LennyFox/Blocklists

My personal blocklist. Contribute to LennyFox/Blocklists development by creating an account on GitHub.
github.com github.com
github.com

Blocklists/Block_TLDs_with_bad_reputation.txt at master · LennyFox/Blocklists

My personal blocklist. Contribute to LennyFox/Blocklists development by creating an account on GitHub.
github.com github.com
github.com

Blocklists/Warn_for_countries_with_bad_reputation.txt at master · LennyFox/Blocklists

My personal blocklist. Contribute to LennyFox/Blocklists development by creating an account on GitHub.
github.com github.com

I will browse the list in NextDNS again. Do you have a list of which TLDs you block in NextDNS?
Click to expand...
Most abused TLD and .zip + .mov

Nothing special
 
  • Like
  • Thanks
Reactions: Nevi, [correlate], Trident and 6 others
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
Kongo said:
Will test it in the coming days. It's using Rising Antivirus engine + its own engine for scanning. To be fair I didn't test it enough to make any assesments. But unlike HitmanPro it can also detect malicious scripts (vbs,js,jar etc.)
Click to expand...
Keep us posted 👍
One thing I noticed is that scans take pretty long. It took 17:36 min for only 30400 files (quick scan). And nothing was bottlenecked in the system (CPU, RAM or SSD).
 
  • Like
Reactions: Nevi, [correlate], cryogent and 3 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,507
Little update:

Made a little test with a few malicious samples with various file types (ps1, js, html, xls)
I intentionally skipped PE-files as those are the easiest to detect for most scanners:

24 samples in total:

- HitmanPro detected as expected 0
- Norton Power Eraser detected 16
- X-Sec detected 13

Even tho Norton performed better, I think X-Sec performed pretty good considering how unknown it is.

Edit: I forgot to remove those shortcuts from the sample folder. So there would be only 22 actual malicious files. But doesn't matter as I just wanted to demonstrate that is also quite effective when you throw malicious scripts at it.

Screenshot 2023-08-14 000123.png
 
  • Like
  • Applause
  • +Reputation
Reactions: Nevi, [correlate], cryogent and 6 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Kongo said:
Will test it in the coming days. It's using Rising Antivirus engine + its own engine for scanning. To be fair I didn't test it enough to make any assesments. But unlike HitmanPro it can also detect malicious scripts (vbs,js,jar etc.)
Click to expand...
You running X-Sec on same machine as DeepInstinct? :unsure: (I did not dig into the details fo your security config)
 
  • Like
Reactions: [correlate], silversurfer, brambedkar59 and 1 other person
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,507
  • Like
  • Applause
Reactions: Nevi, [correlate], silversurfer and 2 others
xywcloud

xywcloud

From X-Sec Antivirus
Verified
Top Poster
Developer
Well-known
Aug 8, 2013
2,817
brambedkar59 said:
I knew the name sounded familiar. Lol, I tried this before in 2017 and had same feedback for the dev.
View attachment 277822
Click to expand...
For slow scan speed, based on these reasons:
- I only use 2 threads for scan
- UI is written in .NET Core, but both X-Sec Antivirus Engine and Rising Antivirus Engine are written in C++, use P/Invoke may lose some performance
- Some modules of X-Sec Antivirus are protected by VMProtect(don't worry, it's genuine version, I renew license every year)
- Some design in scan logic and engine are not good enough, it could be better
 
  • Like
  • Applause
Reactions: [correlate], cryogent, silversurfer and 6 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,507
simmerskool said:
fwiw, I downloaded and "ran
UpdateHub-x64.exe sha256 80A081B63FAC71E96930C24C342ED51A184E9BCA964633D7D898B07B82F90B92
as administrator" from sua, but it would not install... now I have to hammer & bend it in... :oops:
Click to expand...
Strange. It's working perfectly fine for me. Did you download it from here?

github.com

Release UpdateHub v2.2.3 · NexovaDev/UpdateHub

Version 2.2.3 Changelog Should've finally fixed the timeout error once and for all Fixed SyntaxError: "undefined" is not valid JSON error (fixes #248) Fixed TypeError: Cannot read properties of un...
github.com github.com
 
  • Like
Reactions: Nevi, simmerskool and [correlate]

Similar threads

Kongo
    • Like
    • Applause
Advanced Security Kongo's Mobile Security Config 2024
Replies
9
Views
594
Mobile Setup Configuration Help & Showcase
Kongo
Kongo
Victor M
    • Like
Advanced Plus Security Victor M - Aging PC Security Config
Replies
5
Views
1,103
PC Setup Configuration Help & Showcase
Victor M
Victor M
Shadowra
    • +Reputation
    • Like
    • Thanks
App Review ArcaBit Internet Security 2024
Replies
4
Views
899
Video Reviews - Security and Privacy
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top