Advanced Plus Security Kongo's Computer Security Config 2026

Last updated
Dec 22, 2025
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
AiProtection Pro by TrendMicro (ASUS ROG Rapture GT-AXE11000)
Real-time security
Deep Instinct Endpoint Protection
CyberLock (Autopilot)
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Hardening tools:
- Cyberlock with Intelligent Firewall set to "Aggressive"
- Cyberlock with Security Posture set to "Aggressive"
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Local Security Authority Protection enabled
- Microsoft Vulnerable Driver Blocklist enabled
- Memory Access Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled
‎‎‎ㅤ‎ ‎
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mozilla VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- UnpacMe
- Qianxin Online Sandbox

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 147.0.0

Extensions:
- Ghostery
- Mozilla VPN Extension
- Bitwarden

Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.lna.blocking = true
- network.lna.block_trackers = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoT + OISD (Network-wide)
- NextDNS with DoH + HaGeZi - Multi Ultimate (only browser)



Desktop VPN
Mozilla VPN
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, UniGetUI, HiBit Uninstaller, Process Lasso and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 3060 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2026
What I'm looking for?

Looking for maximum feedback.

SecureKongo said:
Thanks for sharing that testing site, was looking for this one for a long time, as the one I used shut down. The reason I use MBG is the aggressiveness and the way it's blocking infecting content. It also seems to have some kind of behavioural web protection which you can see here:
Click to expand...
MBL indeed block some TLD. i've already seen that.

However, now you can add TLD blocking to adguard or even use NEXTDNS to block more TLDs.

I suggest that you add this list to adguard rules:

! The Most Abused Top Level Domains
! The Spamhaus Project - The Top 10 Most Abused TLDs
||*.rest^$all
||*.gq^$all
||*.work^$all
||*.tk^$all
||*.ml^$all
||*.viajes^$all
||*.casa^$all
||*.london^$all
||*.cf^$all
||*.fail^$all
||*.surf^$all
||*.cam^$all
||*.exposed^$all
||*.buzz^$all
||*.fit^$all
||*.asia^$all
||*.date^$all
! Missing TLDs from NEXTDNS LIST
||*.email^$all
||*.recipes^$all
||*.cn^$all
||*.ga^$all

You can add more TLDs if you want. Just use this rule:
||*.TLD^$all

You can check more discussion here
 
Last edited by a moderator:
  • Like
  • Thanks
Reactions: Cortex, Venustus, Protomartyr and 3 others
Tiamati said:
MBL indeed block some TLD. i've already seen that.

However, now you can add TLD blocking to adguard or even use NEXTDNS to block more TLDs.

I suggest that you add this list to adguard rules:

! The Most Abused Top Level Domains
! The Spamhaus Project - The Top 10 Most Abused TLDs
||*.rest^$all
||*.gq^$all
||*.work^$all
||*.tk^$all
||*.ml^$all
||*.viajes^$all
||*.casa^$all
||*.london^$all
||*.cf^$all
||*.fail^$all
||*.surf^$all
||*.cam^$all
||*.exposed^$all
||*.buzz^$all
||*.fit^$all
||*.asia^$all
||*.date^$all
! Missing TLDs from NEXTDNS LIST
||*.email^$all
||*.recipes^$all
||*.cn^$all
||*.ga^$all

You can add more TLDs if you want. Just use this rule:
||*.TLD^$all

You can check more discussion here
Click to expand...
Thanks a lot, will add the rules. (y)
 
  • Like
Reactions: Cortex, Venustus, Protomartyr and 2 others
- removed Malwarebytes Browser Guard
+ added DocumentAntiExploit
+ changed some Windows settings for better security
+ tweaked Firefox a little more
+ added SHADE Sandbox Home Edition
 
Last edited:
  • Like
Reactions: plat, Cortex, Venustus and 6 others
@SecureKongo

You can further harden FF with the settings from below. Note that some settings are duplicates whilst others have been deprecated

www.digitalmunition.me

2020 Guide to Hardening Firefox

This is a simple guide and video on how to harden your #Firefox browser. While this tutorial is displayed on Linux, it also works for #Windows and #Mac Notes on Firefox Hardening: Plugins: uBlock Origin (Raymond Hill) Privacy Badger HTTPS Everywhere Options: New Windows and Tabs should be blank...
www.digitalmunition.me www.digitalmunition.me
chrisx.xyz

Firefox Hardening Resources | Chris Xiao

Recommended resources for improving security and privacy in Firefox.
chrisx.xyz chrisx.xyz
restoreprivacy.com

Firefox Privacy — The Complete How-To Guide for 2026

This new and updated Firefox privacy guide shows you how to tweak and configure Firefox for maximum privacy and security.
restoreprivacy.com restoreprivacy.com

There is one setting in your list

devtools.onboarding.telemetry.logged = false

which is definitely not in FF 84.0.2 unless you set it. It may have been there in earlier FF versions.
 
Last edited:
  • Like
  • Thanks
Reactions: Cortex, Nevi, Kongo and 4 others
Tiamati said:
How exactly?


Are you experiencing any problem with so many tweaks?
Click to expand...
My bad, didn't see the questions.

1. Nothing special. Just enabled Data Execution Prevention for every service and program and disabled Windows Update Delivery Optimization.

2. Didn't experience any issues so far but that doesn't mean that it wouldn't cause problems for others. For my way of browsing it's well configured.:)
 
Last edited:
  • Like
Reactions: Cortex, Nevi, Gandalf_The_Grey and 4 others
HarborFront said:
@SecureKongo

You can further harden FF with the settings from below. Note that some settings are duplicates whilst others have been deprecated

www.digitalmunition.me

2020 Guide to Hardening Firefox

This is a simple guide and video on how to harden your #Firefox browser. While this tutorial is displayed on Linux, it also works for #Windows and #Mac Notes on Firefox Hardening: Plugins: uBlock Origin (Raymond Hill) Privacy Badger HTTPS Everywhere Options: New Windows and Tabs should be blank...
www.digitalmunition.me www.digitalmunition.me
chrisx.xyz

Firefox Hardening Resources | Chris Xiao

Recommended resources for improving security and privacy in Firefox.
chrisx.xyz chrisx.xyz
restoreprivacy.com

Firefox Privacy — The Complete How-To Guide for 2026

This new and updated Firefox privacy guide shows you how to tweak and configure Firefox for maximum privacy and security.
restoreprivacy.com restoreprivacy.com

There is one setting in your list

devtools.onboarding.telemetry.logged = false

which is definitely not in FF 84.0.2 unless you set it. It may have been there in earlier FF versions.
Click to expand...
Removed it from the list, thanks for mentioning. I probably accidentally added it to the list. I already used the tweaks from Restore Privacy and also linked it in my config. :)
 
  • Like
Reactions: Cortex, Nevi, Gandalf_The_Grey and 5 others
SecureKongo said:
- removed Malwarebytes Browser Guard
- removed Flagfox
+ added VPN Unlimited Proxy
+ added DocumentAntiExploit
+ changed some Windows settings for better security
+ tweaked Firefox a little more
+ added SHADE Sandbox Home Edition
Click to expand...
Shade Sandbox don't look good according to testing by @cruelsister below in post #215

www.wilderssecurity.com

Cybergenic Shade-sandbox tool

It's not for me , so I'm back on (problematic) SBIE free (but my FreeDownload Manager will work again Hi jaodsvuda. Why is it that Shade is not for...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: plat, Cortex, Protomartyr and 7 others
HarborFront said:
Shade Sandbox don't look good according to testing by @cruelsister below in post #215

www.wilderssecurity.com

Cybergenic Shade-sandbox tool

It's not for me , so I'm back on (problematic) SBIE free (but my FreeDownload Manager will work again Hi jaodsvuda. Why is it that Shade is not for...
www.wilderssecurity.com www.wilderssecurity.com
Click to expand...
Yup, saw that already. Not really impressed so far either. Wanted to use it for browser isolation as I don't really like Sandboxie, but it just causes the browser and other software to freeze or crash immediatly. Will test it out some more and probably remove it later.
 
Last edited:
  • Like
Reactions: Cortex, Protomartyr, HarborFront and 3 others
SecureKongo said:
- changed some Group Policy settings (Mainly inspired by the config of @SecurityNightmares)

Could you also tell me the exact location of this setting:
(Start menu) Do not search the internet: activated
Click to expand...
Aswesome!

- Sensitive files on encrypted volume (VeraCrypt)
Why not Bitlocker? I bet this is because of the other ciphers in Veracrypt. :D
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, Venustus and 3 others
SecurityNightmares said:
It's available in Home but only over command line. But as encryption is a set & forget operation and good articles exists, this isn't so bad ;)
Click to expand...
Oh, good to know. Would be a good option if I was encrypting my whole drive, but as I don't do that, I'll just stick with VeraCrypt. (y)
 
  • Like
Reactions: Gandalf_The_Grey, harlan4096, Venustus and 2 others
HarborFront said:
Can consider adding Temporary Containers and Multi-Account Containers addons to your FF browser
Click to expand...
Had the containers already, found them quite demanding and annoying most of the time. I am okay with Facebook Container and First-Party-Isolation (via about:config)
 
  • Like
Reactions: Protomartyr, SeriousHoax, Gandalf_The_Grey and 3 others

You may also like...