Advanced Plus Security Kongo's Computer Security Config 2024

Last updated
Jul 17, 2024
How it's used?
For home and private use
Operating system
macOS 15 Sequoia
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
- Speedport Smart 4
- Firewalla Blue +
Real-time security
Deep Instinct Endpoint Protection
WhitelistCloud
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security

Hardening tools:
- Firewall Hardening (blocking outbound connections of LOLBins)
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- STOP/DJVU Ransomware Vaccine (immunizes system against this type of ransomware)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Microsoft Defender running in sandbox (inactive)
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled (allows Application Sandboxing)
- Custom Exploit Protection Settings for Firefox:
Code: 
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

Thanks to @oldschool for sharing! :)

ㅤㅤㅤHardware Firewall (Firewalla Blue Plus):
- Active Protect (Strict)
- Ad Block (Strict)
- OISD blocklist enabled in Firewalla
- New Device Quarantine (restricted internet access for newly connected devices)
- Geo-IP Filtering (blocking connections from and to Russian + Chinese IPs)
- Unbound DNS enabled for all devices
‎‎‎ㅤ‎ ‎ ‎ ‎
Periodic malware scanners
Norton Power Eraser, X-Sec and AdwCleaner
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mullvad VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- Neiki.Dev
- ThreatZone
- UnpacMe

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 132.0.0

Extensions:
- Ghostery
- SafeToOpen
- Bitwarden


Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Pocket disabled
- Sending DNT-requests disabled (enabling makes you more identifiable and barely gives any advantage on most sites.)
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled (also in about:config)
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- fission.autostart = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoH + OISD blocklist (Firefox exclusively)
- Unbound DNS (Network-wide)


Desktop VPN
Proton VPN with Secure Core, NetShield and Permanent Kill Switch
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, RuckZuck, UpdateHub, HiBit Uninstaller and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 360 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2024
What I'm looking for?

Looking for minimum feedback.

Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Moonhorse said:
Thats a one very well detailed config, only thing wich comes into my mind is fallback browser if you run into problems with those tweaks of firefox

Heres checklist if you find anything helpful, you could add it as you have firefox tweak sites noted:
github.com

GitHub - Lissy93/personal-security-checklist: 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024 - Lissy93/personal-security-checklist
github.com github.com
Click to expand...
Damn, thats quite a lot of stuff to look at. Thanks for sharing! (y)
 
  • Like
Reactions: Zartarra, Nevi, porkpiehat and 7 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
+ added CSS Exfil Protection to Firefox (based on @Moonhorse recommended GitHub site)
- replaced old referer about:config tweaks with "network.http.referer.spoofSource = true" which sets the target URL as the referer. (Might result in website breakage)
 
Last edited:
  • Like
Reactions: Nevi, Venustus, ZeePriest and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
It would be interesting to test this combo on MH. If on EXE files Cylance could be as effective as Defender (HIGH settings), then SWH + Cylance would be a nice combo. Some incomplete tests (rather presentations than tests) can suggest that on malicious EXE files Defender on HIGH settings can be more effective than Cylance.




Of course, the results of the "tests" on the PC Security Channel are only unverified suggestions.:unsure:
Anyway, any AV (also slightly tweaked) which is as effective as Defender (HIGH settings) is worth attention.:)
 
  • Like
  • Applause
Reactions: SeriousHoax, Moonhorse, Venustus and 5 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Andy Ful said:
It would be interesting to test this combo on MH. If on EXE files Cylance could be as effective as Defender (HIGH settings), then SWH + Cylance would be a nice combo. Some incomplete tests (rather presentations than tests) can suggest that on malicious EXE files Defender on HIGH settings can be more effective than Cylance.




Of course, the results of the "tests" on the PC Security Channel are only unverified suggestions.:unsure:
Anyway, any AV which is as effective as Defender (HIGH settings) is worth attention.:)
Click to expand...

Would love to test Cylance and SWH in the Hub, but I think this isn't working like that. SWH would block pretty much all the samples (jar, vbs, js). As you saw in recent tests in the Hub, there are some days where only malicious scrips are shared for testing. I think it is predictable that SWH will block all of them. Those results are simply not highliting the performance of the main AV (Cylance) which is the basic idea behind the tests. Nonetheless I will ask @upnorth and @harlan4096 what they think about this as I am also interested in that combo. (y)
 
  • Like
Reactions: Andy Ful, Moonhorse, upnorth and 4 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Intel_iRIS81 said:
I'm curious about the reason for using 3 different driver update programs? Comparing differences and which one of the 3 would you recommend
Click to expand...
Sumo and PatchMyPc are software updaters, and not driver updaters. The only driver updater I (had) is Driver Easy, I just forgot to remove it from my config... 😅 So now I am only using Windows built updates to update the most important drivers, and GeForce Expierence for my GPU. From the software updaters I can recommend both. PatchMyPC is the more convenient option of the two, as it can install software updates with one click. Sumo however detects far more programs than PatchMyPc but can't update them within the software and only rederects you to the website of the program. I would recommend using both, as PatchMyPC is portable and doesn't even require any installation at all. (y)
 
  • Like
  • +Reputation
Reactions: CyberTech, upnorth, Moonhorse and 3 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
SecurityNightmares said:
Remember that "Experience" had some security vulnerabilities in the past.

If you regulary read some IT news sites, I'm sure you always know about updates so doing it manually keeps your system safer (y)
Click to expand...
I think all vulnerabilities were patched by now? I didn't really hear much about that, so correct me if I am wrong...

Nvidia Geforce Experience : Security vulnerabilities, CVEs

Security vulnerabilities of Nvidia Geforce Experience : List of vulnerabilities affecting any version of this product
www.cvedetails.com
 
  • Like
Reactions: harlan4096, Gandalf_The_Grey, Moonhorse and 1 other person
F

ForgottenSeer 85179

  • Like
Reactions: Moonhorse, Venustus and Kongo
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
SecureKongo said:
Would love to test Cylance and SWH in the Hub, but I think this isn't working like that. SWH would block pretty much all the samples (jar, vbs, js). As you saw in recent tests in the Hub, there are some days where only malicious scrips are shared for testing. I think it is predictable that SWH will block all of them. Those results are simply not highliting the performance of the main AV (Cylance) which is the basic idea behind the tests. (y)
Click to expand...
Yes, you are right. I was thinking about the comparison of detections on EXE files:
Cylance vs. Defender (HIGH settings, SWH is often used with Defender).

By the way, it would be interesting to use one fixed AV in all MH tests, as a reference detection. It could be any AV (with settings agreed by testers) that would reflect the average (in a statistical sense) detection of commercial AVs.
 
  • Like
Reactions: Venustus, ForgottenSeer 85179, Gandalf_The_Grey and 1 other person
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Andy Ful said:
Yes, you are right. I was thinking about the comparison of detections on EXE files:
Cylance vs. Defender (HIGH settings, SWH is often used with Defender).
Click to expand...
But then the Hub isn't the right playground for such comparisons, as exe samples are the least shared ones for the tests. :confused:
Andy Ful said:
By the way, it would be interesting to use one fixed AV in all MH tests, as a reference detection. It could be any AV (with settings agreed by testers) that would reflect the average (in a statistical sense) detection of commercial AVs.
Click to expand...
You better share this idea with @upnorth or @harlan4096 as they are in charge of the Malware Hub tests and the procedures. (y)
 
  • Like
Reactions: Venustus, Andy Ful, harlan4096 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
SecureKongo said:
But then the Hub isn't the right playground for such comparisons, as exe samples are the least shared ones for the tests. :confused:
Click to expand...
Yes, that can be a problem. But if you like, you can test Cylance for a few months on all samples and then look if there is a significant difference (for EXE files) compared to top AVs tested on MH at the same testing period.(y)
It seems that Cylance was tested on MH two years ago. Cylance got very poor scores in AV-Test. It was tested 3 times in the Consumer category in 2020 June, August, October, and in the Business category April, June, August, October. It would be interesting if the poor results are related to scripts, macros, etc. (covered in your setup by SWH).
 
  • Like
Reactions: Venustus, ForgottenSeer 85179, harlan4096 and 2 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Andy Ful said:
Yes, that can be a problem. But if you like, you can test Cylance for a few months on all samples and then look if there is a significant difference (for EXE files) compared to top AVs tested on MH at the same testing period.
Click to expand...
Will add it in my next voting on my profile. :)
Andy Ful said:
It would be interesting if the poor results are related to scripts, macros, etc. (covered in your setup by SWH).
Click to expand...
That must be the case, as Cylance literally only detects PE-files...
 
  • Like
Reactions: Venustus, Andy Ful, Gandalf_The_Grey and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
SecureKongo said:
That must be the case, as Cylance literally only detects PE-files...
Click to expand...
Yes, this is a very probable explanation for the most part of the poor results. But, we still do not know how effective can be Cylance on PE files. We have only PC Security Channel "tests" that suggest a more complex scenario. Anyway, the effectiveness of Cylance increases for fresher samples (like in MH), so the results can be interesting.
 
  • Like
Reactions: Kongo and Venustus
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Bearing in mind that Cylance does not detect scripts, it seems that you can test it in two scenarios: Cylance alone and with SWH (similar tests were done on MH for some AVs with SysHardener). Comparing the results of both could be interesting, because in some cases, the initial EXE malware might use scripts in the infection chain. Of course, two testing scenarios will make the testing procedure more complex and time-consuming.:(

Edit
If the impact of SWH on the detection of PE files will be visible, then I can consider adding the enforcement for 'All users' to SWH. For now, I think that adding it is questionable. :unsure:
 
Last edited:
  • Like
Reactions: Moonhorse and Kongo
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Andy Ful said:
Bearing in mind that Cylance does not detect scripts, it seems that you can test it in two scenarios: Cylance alone and with SWH (similar tests were done on MH for some AVs with SysHardener). Comparing the results of both could be interesting, because in some cases, the initial EXE malware might use scripts in the infection chain. Of course, two testing scenarios will make the testing procedure more complex and time-consuming.:(
Click to expand...
I reached out to @upnorth and @harlan4096 and asked if it's possible to do the combo. As you already said, combos were allowed before, but now after some rule changes they are not anymore. This is due to the fact that it can be very confusing for some of the viewers of the tests and could result in a "Wild Western" of security software tests here on the Hub. (to quote @upnorth ) I also have to agree with him, as results of the combo would be very predictable and don't really show the capabilities of the AV.
 
Last edited:
  • Like
Reactions: harlan4096 and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
SecureKongo said:
I reached out to @upnorth and @harlan4096 and asked if it's possible to do the combo. As you already said, combos were allowed before, but now after some rule changes they are not anymore. This is due to the fact that it can be very confusing for some of the viewers of the tests and could result in a "Wild Western" of security software tests here on the Hub. (to quote @upnorth ) I also have to agree with him, as results of the combo would be very predictable and don't really show the capabilities of the AV.
Click to expand...
I respect this decision, although it has some serious cons.
The case of Cylance is special. It is not a full AV that can detect all files - it can detect only PE files. So, one can argue that Cylance alone should not be tested at all on MH alongside the full AVs. The comparison with full AVs will probably prevent many users from using Cylance.:(
On the other side, testing it with an anti-script layer without showing the real detection of Cylance alone, would be confusing and could promote Cylance compared to other AVs. In my opinion, the only fair solution is performing the dual test = Cylance alone compared to Cylance + anti-script layer. This would clearly show the pros and cons of using Cylance. Furthermore, this would be fair for all, including Home users that search for sensible protection.(y)

There is no perfect way of testing such products as Cylance, so we should accept the final decision of the MH testers.(y)

Post edited.
 
Last edited:
  • Like
Reactions: harlan4096 and Kongo
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Andy Ful said:
I respect this decision, although it has some serious cons.
The case of Cylance is special. It is not a full AV that can detect all files - it can detect only PE files. So, one can argue that Cylance alone should not be tested at all on MH alongside the full AVs. The comparison with full AVs will probably prevent many users from using Cylance.:(
On the other side, testing it with an anti-script layer without showing the real detection of Cylance alone, would be confusing and could promote Cylance compared to other AVs. In my opinion, the only fair solution is performing the dual test = Cylance alone compared to Cylance + anti-script layer.(y)

There is no perfect way of testing such products as Cylance, so we should accept the final decision of the MH testers.(y)
Click to expand...
I am quite new in the Hub and don't think that I am the right contact person in that case. I understand your doubts and also what you are trying to say, but I think you should discuss that further in a private chat with either @upnorth or @harlan4096 if you want. :)
 
  • Like
Reactions: Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
SecureKongo said:
I am quite new in the Hub and don't think that I am the right contact person in that case. I understand your doubts and also what you are trying to say, but I think you should discuss that further in a private chat with either @upnorth or @harlan4096 if you want. :)
Click to expand...
I am sorry for bloating your thread. I think that the problem does not require further discussion. The MH testers know best what to do. (y):)
 
  • Like
Reactions: ForgottenSeer 85179 and Kongo

Similar threads

Divine_Barakah
    • Like
    • Applause
Advanced Security Divine Barakah's PC Security Config 2024
Replies
97
Views
4,118
PC Setup Configuration Help & Showcase
Divine_Barakah
Divine_Barakah
Smoke
    • Like
Advanced Plus Security Smoke's Security Config 2024
Replies
3
Views
352
PC Setup Configuration Help & Showcase
harlan4096
harlan4096
DJ Stylbator
    • Like
Basic Security DJ Stylbator Security Config 2024
Replies
7
Views
697
PC Setup Configuration Help & Showcase
harlan4096
harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top