Advanced Plus Security Kongo's Computer Security Config 2026

Last updated
Apr 29, 2026
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
AiProtection Pro by TrendMicro (ASUS ROG Rapture GT-AXE11000)
Real-time security
Deep Instinct Endpoint Protection
CyberLock (Autopilot)
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Hardening tools:
- Cyberlock with Intelligent Firewall set to "Aggressive"
- Cyberlock with Security Posture set to "Aggressive"
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Local Security Authority Protection enabled
- Microsoft Vulnerable Driver Blocklist enabled
- Memory Access Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled
‎‎‎ㅤ‎ ‎
Periodic malware scanners
ESET Online Scanner, X-Sec
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mozilla VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- UnpacMe
- Qianxin Online Sandbox

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox

Extensions:
- APIVoid Browser Protection
- JShelter
- Ghostery
- Bitwarden

Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled
- Blocking pop-ups and third-party redirects
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled
- AI features are blocked




ㅤㅤ
Secure DNS

- ControlD with balanced native-blocklists + OISD-big (Network-Wide)
- ControlD with strict native-blocklists + Ai Malware Filter (Aggressive) + Hagezi Ultimate + Hagezi TIFs + Automatic IP redirect over Proxy (Only browser)



Desktop VPN
/
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, UniGetUI, GeekUninstaller, Process Lasso and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 3060 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2026
What I'm looking for?

Looking for maximum feedback.

In 'Devices', each device on the network can be assigned a setting such as: In Safe Browsing: None, Security, Family, Adlock, Adblock & Family, I appreciate this isn't the AI system but its there & uses the Trend Filters, I just wondered, each separate device can also be blocked in Devices - I wont post on the thread again .. :oops:
 
  • +Reputation
  • Like
Reactions: Sampei.Nihira and Kongo
Sorrento said:
In 'Devices', each device on the network can be assigned a setting such as: In Safe Browsing: None, Security, Family, Adlock, Adblock & Family, I appreciate this isn't the AI system but its there & uses the Trend Filters, I just wondered, each separate device can also be blocked in Devices - I wont post on the thread again .. :oops:
Click to expand...
Ah, sorry. I think I understand now. Well, I don't use those individual security settings for each device. I only use Ai Protection and added my NextDNS config in the router. So now I have secure DNS (DNS-over-TLS and Ai Protection)
 
  • +Reputation
  • Applause
  • Like
Reactions: simmerskool, Sampei.Nihira and Sorrento
@Kongo Do you "recommend" Cyberlock Autopilot with DeepInstinct. I usually leave CL default Smart (aggressive) -- what's the "benefit" of Autopilot?
 
  • Like
Reactions: Sorrento
simmerskool said:
@Kongo Do you "recommend" Cyberlock Autopilot with DeepInstinct. I usually leave CL default Smart (aggressive) -- what's the "benefit" of Autopilot?
Click to expand...
I think it does matter on the personal preference. I personally don't like to get spammed by dozens of notifications so AutoPilot is the best option for me.

Screenshot 2026-03-09 193351.png


What I can say that Deep Instinct and CyberLock are a great combination and don't get in each others way, no matter which CyberLock configuration you are running.

Exmaple:
1. Malicious file download -->
2. Pre-execution: Deep Instinct Static Analysis --> if missed:
3. On-excecution: CyberLock + SiriusGPT --> if missed:
4. Post-execution: Deep Instinct behavioural protection --> if missed:

Well, then you are fu**ed.. 😅
 
  • Like
  • +Reputation
Reactions: LinuxFan58, Sorrento, simmerskool and 2 others
Kongo said:
I think it does matter on the personal preference.

What I can say that Deep Instinct and CyberLock are a great combination and don't get in each others way, 😅
Click to expand...
@Kongo THANKS! and btw here DI 5.2.0000.2 is BLOCKING Cyberlock 9.02 installs and SiriusLLM 1.01 & 1.02 installs as Reflective .Net Injection. I have not gone into the DI console yet to "fix" this, & this is new to DI they always played well together. @danb is aware of this issue...
 
  • +Reputation
  • Like
Reactions: Sorrento and Kongo
simmerskool said:
@Kongo THANKS! and btw here DI 5.2.0000.2 is BLOCKING Cyberlock 9.02 installs and SiriusLLM 1.01 & 1.02 installs as Reflective .Net Injection. I have not gone into the DI console yet to "fix" this, & this is new to DI they always played well together. @danb is aware of this issue...
Click to expand...
I just noticed that on my system too. Adding the exclusion was far from easy. I hope it gets fixed soon. By the way I just found where they publish the patchnotes:

Screenshot 2026-03-09 200732.png


Also the D-Brain version has been updated from version 137w to 142w

Screenshot 2026-03-09 201124.png
 
  • Like
  • Hundred Points
Reactions: Zero Knowledge, simmerskool and Sorrento
Kongo said:
I just noticed that on my system too. Adding the exclusion was far from easy. I hope it gets fixed soon.

Also the D-Brain version has been updated from version 137w to 142w
Click to expand...
I have not looked at the console exclusion issue yet, but I had to this once before for a specialized app same or similar behavioral analysis
 
  • Like
Reactions: Kongo and Zero Knowledge
Kongo said:
That's the minimum you have to do to make it work again:

View attachment 296263
Click to expand...
ugh, I just left the console I was in a different section. NOW I recall seeing screen like in the past. I emailed DI techie, I'll let him do it at this point, and if he doesn't I'll do it tomorrow. I'm well passed my keystroke limit for the day. THANKS!!!
 
  • Like
Reactions: Kongo
Sampei.Nihira said:
That's interesting.
Can you tell me what prompted you to make this significant change to improve browsing security?
Thank you.;)
Click to expand...
The last time I used NoScript was multiple years ago and back then, it had no option to balance it between security and usability. I am not a big fan of a setup that it well hardened, but makes your PC unsuitable for day to day use. Same goes for the browser. Now NoScript offers three modes (Default Allow, Automatic and Default Deny). Automatic adds additional protection without completely breaking sites and therefor is a great way to keep browsing somewhat hassle-free and still boost security without too much user interaction. (y)
 
  • Like
  • +Reputation
  • Thanks
Reactions: Zartarra, simmerskool, Jonny Quest and 2 others
Kongo said:
The last time I used NoScript was multiple years ago and back then, it had no option to balance it between security and usability. I am not a big fan of a setup that it well hardened, but makes your PC unsuitable for day to day use. Same goes for the browser. Now NoScript offers three modes (Default Allow, Automatic and Default Deny). Automatic adds additional protection without completely breaking sites and therefor is a great way to keep browsing somewhat hassle-free and still boost security without too much user interaction. (y)
Click to expand...

That's interesting.
I'd be curious to know how the automatic mode reacts when it detects a bot (control).
Have you tried it?:)

URLhaus | Checking your browser
 
  • Like
Reactions: simmerskool and Kongo

You may also like...