Advanced Plus Security Kongo's Computer Security Config 2026

Last updated
Dec 22, 2025
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Hardware security key
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
AiProtection Pro by TrendMicro (ASUS ROG Rapture GT-AXE11000)
Real-time security
Deep Instinct Endpoint Protection
CyberLock (Autopilot)
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Hardening tools:
- Cyberlock with Intelligent Firewall set to "Aggressive"
- Cyberlock with Security Posture set to "Aggressive"
- Run by SmartScreen (forces SmartScreen to scan files of choice)
- O&O ShutUp10 (recommended settings)
- O&O AppBuster (removed unecessary Windows 11 apps)
- Windows Sandbox


System settings:
- Reputation Based Protections (all modules enabled)
- Smart App Control enabled
- Data Execution Prevention set to AlwaysOn
- Core Isolation: Memory Integrity enabled
- Kernel-mode Hardware-enforced Stack Protection enabled
- Local Security Authority Protection enabled
- Microsoft Vulnerable Driver Blocklist enabled
- Memory Access Protection enabled
- Secure Boot enabled
- Drives encrypted via TPM (BitLocker)
- Windows Update Delivery Optimization disabled
- AutoPlay disabled
- Network Discovery disabled (Public Firewall profile)
- PowerShell --> Constrained Language Mode
- Hide extensions for known file types --> disabled
- Show hidden files --> enabled
- Virtualization enabled
‎‎‎ㅤ‎ ‎
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
‎‎‎ㅤㅤㅤ
VMware Workstation Player + Mozilla VPN on host machine while connected to the guest network.

Online Malware Analysis Platforms that I use:

- FileScan.iO
- Intenzer Analyze
- Hybrid Analysis
- VirusTotal
- Sophos Intelix
- ANY.RUN
- Triage
- Kaspersky Threat Intelligence Portal
- UnpacMe
- Qianxin Online Sandbox

--> Currently I am barely testing
Browser(s) and extensions

Mozilla Firefox v. 147.0.0

Extensions:
- Ghostery
- Mozilla VPN Extension
- Bitwarden

Browser privacy and security settings:
- Tracking protection: Strict (enables Total Cookie Protection)
- Enable secure DNS using: Max Protection
- HTTPS-only-mode enabled
- DuckDuckGo set as search engine
- Clearing browsing data on exit
- Search suggestions disabled
- Websites overview disabled
- Blocking incoming location, camera and microphone requests
- AutoPlay for audio and video disabled
- Firefox telemetry disabled
- Blocking pop-ups
- Warn when websites try to install addons enabled
- Protection against fraudulent content and dangerous software enabled


about:config tweaks:
- network.dns.echconfig.enabled = true
- pdfjs.enableScripting = false
- network.IDN_show_punycode = true
- security.ssl.require_safe_negotiation = true
- geo.enabled = false
- webgl.disabled = true
- network.lna.blocking = true
- network.lna.block_trackers = true
- network.trr.mode = 3 (NextDNS)
ㅤㅤ
Secure DNS

- NextDNS with DoT + OISD (Network-wide)
- NextDNS with DoH + HaGeZi - Multi Ultimate (only browser)



Desktop VPN
Mozilla VPN
Password manager
Bitwarden Premium
Maintenance tools
PatchMyPC, UniGetUI, HiBit Uninstaller, Process Lasso and Windows built in tools for cleaning and optimization
File and Photo backup
backup to external drive when necessary
Subscriptions
    • Google One Standard 200GB
System recovery
Aomei Backupper
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
GPU: Nvidia Geforce RTX 3060 TI
CPU: Intel I5 12600K
RAM: 16 GB DDR4-3200 Crucial
Hard disks: 500 GB Samsung 970 EVO Plus + 1 TB Western Digital Blue
Notable changes
- Updated for year 2026
What I'm looking for?

Looking for maximum feedback.

Nagisa said:
Sending referer only on eTLD+1 is the best approach I think.
Click to expand...
Had this before, but thought spoofing it completely doesn't have any negative side effects. I personally didn't find any site that broke cause of that entry, but as it can be a security risk according to @qua3k opinion, I will disable it. AdGuard extension actually also has an option to spoof the referrer, so I just might set the about:config entry to default and use their option. :unsure:

Unbenannt.PNG
 
  • Like
Reactions: ZeePriest, Venustus, Nevi and 4 others
SecureKongo said:
AdGuard extension actually also has an option to spoof the referrer, so I just might set the about:config entry to default and use their option. :unsure:
Click to expand...
Or you could try this:
Code: 
network.http.referer.trimmingPolicy=2
network.http.referer.XOriginPolicy=2
network.http.referer.XOriginTrimmingPolicy=2
I've had no breakage so far with above combo, but it can vary depending on your browsing behaviour. If you have breakage, a different combo as shown here: Tweaking Referrers For Privacy in Firefox
 
  • Like
  • Thanks
Reactions: ZeePriest, Venustus, Nevi and 2 others
  • +Reputation
  • Like
  • Thanks
Reactions: ZeePriest, Venustus, Nevi and 3 others
oldschool said:
I also refer to these
avoidthehack.com

How to Set Up Firefox for Privacy | Avoid the Hack (avoidthehack!)

These are the tweaks you should make, settings to you should set, and extensions you should download to make Firefox more privacy friendly.
avoidthehack.com avoidthehack.com
The last one is quite conservative but shows various options.
Click to expand...
I think I stick with AdGuards referrer spoofing as it is enabled by default when enabling Stealth Mode as far as I know. So it would have a lower impact on my fingerprint than also playing in the about:config settings when I am using AdGuard already anyway.
 
  • Like
Reactions: ZeePriest, Venustus, Nevi and 2 others
SecureKongo said:
Had this before, but thought spoofing it completely doesn't have any negative side effects. I personally didn't find any site that broke cause of that entry, but as it can be a security risk according to @qua3k opinion, I will disable it. AdGuard extension actually also has an option to spoof the referrer, so I just might set the about:config entry to default and use their option. :unsure:

View attachment 259875
Click to expand...
Stop spoofing the referrer. There are sites that check referrer as part of CSRF protection and you will break sites by doing so. You should avoid messing with referrer settings in the first place; browsers already default to a sufficiently strict strict-origin-when-cross-origin for requests without an explicit Referrer-Policy. What you’re setting will break sites.
 
  • Like
  • Thanks
Reactions: oldschool, Kongo, Gandalf_The_Grey and 3 others
Moonhorse said:
Does it replace adguard for windows too :oops:
Click to expand...
Actually it basically does combined with the free AdGuard extension. All the important features of AdGuard are included in the extension. And the extension doesn't break the HTTPS encryption. Won't use AdGuard Windows anymore in its current state.
 
  • Like
Reactions: oldschool, harlan4096, Gandalf_The_Grey and 1 other person
- replaced Malwarebytes Browser Guard with uBlock Origin in Medium Mode
- removed ClearURLs as I have the AdGuard URL Tracking blocklist enabled in uBlock Origin
- removed LocalCDN
- removed FirewallHardening, ConfigureDefender and KeyScrambler
+ added Sophos Home Premium
 
Last edited:
  • Like
Reactions: CyberTech, harlan4096, oldschool and 1 other person
I guess I'm in my switching security software every day phase... 😅

- removed Sophos Home Premium
+ added ConfigureDefender, Simple Windows Hardening, Firewall Hardening and KeyScrambler
+ blocking potentially insecure third-party content within uBlock Origin
 
Last edited:
  • Like
Reactions: Nevi, CyberTech, silversurfer and 4 others
SecureKongo said:
- replaced Malwarebytes Browser Guard with uBlock Origin in Medium Mode
- removed ClearURLs as I have the AdGuard URL Tracking blocklist enabled in uBlock Origin
- removed LocalCDN
- removed FirewallHardening, ConfigureDefender and KeyScrambler
+ added Sophos Home Premium
Click to expand...
Hello @SecureKongo

Has SHP still an issue with the ADguard filtering?
 
  • Like
Reactions: Kongo
amico81 said:
are you still happy with Immunet? It was a little bit buggy in the past on my system and
with a lot of leftovers after deinstallation.
Click to expand...
It was a little buggy. The UI crashed from time to time and I constantly had a CPU usage between 2-4% and a RAM usage of 600mb which shouldn't be the case with my specs. After all the system didn't really feel slow or sluggish in any way. Protection-wise I can't really say much, as I didn't really test it. All I can say is that the signatures Clam+Cloud are acceptable and that Immunet detects malicious scripts (VBS,JS etc.) and other file extensions with static scan which many other AVs don't. If you use HiBit Uninstaller to uninstall Immunet then you should switch to another, as Immunets proactive protection component seems to block some actions performed by HiBit when you uninstall software.

PS:
I saw some videos about Immunet on youtube and they didn't have the CPU and RAM usage problem like on my system.
 
  • Like
  • Thanks
  • +Reputation
Reactions: silversurfer, harlan4096, oldschool and 1 other person

You may also like...