Advanced Plus Security Lenny_FoX Desktop Config 2021

Last updated
Dec 11, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
  1. Microsoft Defender Attack Surface Reduction rules and Anti-Exploit
  2. Kaspersky Cloud Free (no HTTPS scanning)
Firewall security
Microsoft Defender Firewall
About custom security
1. UAC - deny elevation of unsigned binaries
2. Software Restriction Policy (similar to SimpleWindowsHardening)
3. Microsoft Defender ASR rules & Exploit protection hardening
4. Kaspersky Cloud Free (https scanning disabled)
5. Using Quad9 (DNS), Trend Micro Smart Home (router), browser (Smartscreen/Safe Browsing)
Periodic malware scanners
windows malicious software removal tool, Autoruns64, ProcessExplorer
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge browser for daily browsing
  • for searching & surfing: strict mode, with @BeerIsGood Edge list
  • for booking & buying: default mode with no-extensions.
Chrome browser with BulletVPN and uMatrix as webrequest firewall
Maintenance tools
ProcessExploreer and Autoruns64
File and Photo backup
Syncback Free and Windows Backup (yes 2x backup)
System recovery
Syncback adhoc, usually three to five times per day, Windows Backup monthly, Syncback to USB offline HD also once a month
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Working from home
    • Streaming audio/video content from shady sites
Computer specs
Intel I7 950 with 8 GB Ram, 2 SSD drives and 2 HDD drives (1TB and 2TB)
Notable changes
Replaced router

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
After mirroring my grirfirend's laptop config for over a year, I am confident that setup works flawlessly (Simple Windows Hardening plus Configure Defender on Max).

So it started to itch and I went back to using group policy again (for Software restriiction Policies and Defender Exploit Protection) and decided to give the combo Spyshelter Free Hips+Fw and WideVectorStopX a run.
 
Last edited:

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@Jan Willy

I never look at CPU memory usage (old i7-950 with 8 GB Ram), sorry. My benchmark is startup of browser and the combo Spyshelter + WiseVector launch Edge on average 0.1 or 0.2 second faster (1.4 - 1.5 WD and 1.3-1.4 WV+SS), but repetive lanches are 0.1 second slower. For reference on my PC Avast with file shield only (all other modules not installed) launches Edge in 1.5 to 1.6 second and Bitdefender free in 1.6 to 1.7.
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Update: Spyshelter Free FW+HIPS (auto allowing Microsoft signed) and WiseVector StopX (excluded advanced proetction for MS Office, Edge and Explorer) with WD Explpoit Protection blocking non Microsoft DLL's in Office Programs + Explorer + Edge and Attack Surface Reduction rules runs really really well.

WiseVectorStopX is the only AV I know which has an option to exclude injecting the AV's userland DLL for user specified programs. This way I can fully utilize Microsoft Defender Exploit protection for Microsoft programs. This combo survived the two day trial (which makes it on parr with Kaspersky Free).

(y)(y)(y) to WV and SS
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Hehehe, besides the bug that you found in an old version that has already been fixed in the version below, what other bugs did you find to give you the impression that VS is buggy as hell? Please let me know and I will fix them!

 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@danb

I used the one downloaded from your website and updated it, so when I downloaded old version you can't blame me for it.

To be fair: It is not nice to post buggy as hell, just because I was disappointed. Free is free and people should take a gift as it is, not complain when it is not to their liking, so I apologize for that (and changed the test)

One other bug:
Free is allowed for three rules, but I can add as many rules as I like using the create rule from blocked program option

One other I was not able to get working (but that could be me)
Creating allow rules on signature. To be fair even Microsoft uses certificates with an expired date, so I get an not valid certificate error when creating a certifcate rule. Also the thumprint of a certifcate seems to taken into consideration (making creating allow rules of another program of same signer impossible for me).
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
@danb

I used the one downloaded from your website and updated it, so when I downloaded old version you can't blame me for it.

To be fair: It is not nice to post buggy as hell, just because I was disappointed. Free is free and people should take a gift as it is, not complain when it is not to their liking, so I apologize for that (and changed the test)

One other bug:
Free is allowed for three rules, but I can add as many rules as I like using the create rule from blocked program option

One other I was not able to get working (but that could be me)
Creating allow rules on signature. To be fair even Microsoft uses certificates with an expired date, so I get an not valid certificate error when creating a certifcate rule. Also the thumprint of a certifcate seems to taken into consideration (making creating allow rules of another program of same signer impossible for me).
Sorry, I wasn’t blaming you, I was just explaining that this bug had already been fixed. That bug appeared recently with VS 6.0 when I replaced VT with WLC… I had to make A LOT of changes to VS’s Rules. We will be working out small bugs like this for probably another couple of months, but they will be easy fixes and nothing that we could have avoided. And unless it is a major bug, I really like to wait as long as possible for public releases simply because when we release a version to the public, then everyone has to update VS, including businesses with a lot of users.

No problem at all… I am used to people getting mad at me when they are disappointed that VS has a small bug or does not work the way they want it to. It is quite peculiar, but VS is the only product that I am aware of where this happens. Just curious, can anyone think of any other product where users are extremely disappointed and pissed at the dev when there is a bug in the product? I would also be curious why people think this happens most often with VS. I have a theory why this happens, but we can save that for another day. I know I am always highly disappointed when VS has a bug or does not work as expected, but all I can do is try my best, and keep moving forward when most sane people would have given up a long time ago ;).

Yeah, someone reported the bug where free users can add unlimited rules a while back, but for some reason I thought it was a good idea to leave it as it was so they could add as many rules as they wanted… kind of like the infamous WinRAR trial ;). But really I should fix this one way or the other.

We probably should just remove the valid certificate check altogether (I already removed it for all of the hardwired rules in VS), and just leave the verified certificate check. But when I was fixing this bug a couple of weeks ago it made the most sense at the time to leave the valid certificate check for now.

We could have an option for the signer name instead of the thumbprint, but obviously that would be easy to bypass for the well-known signers. If you can think of a way we can do this safely, I would be happy to make the change. Thank you!
 

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@danb
When new program has same signer name and certificate is okay, you could add a minimum AI requirement of for instance 90, instead of same signer owner. You could make exception (no AI minimum score requirement) for a few Microsoft specific signers (e.g Windows and Microsoft co-signed system stuff).
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Thank you for the suggestion... I will look over all of the signature features to see if there is a better way we can do this. I agree, thumbprints are kind of a pain because there can be many in an organization.
 

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
No problem at all… I am used to people getting mad at me when they are disappointed that VS has a small bug or does not work the way they want it to. It is quite peculiar, but VS is the only product that I am aware of where this happens.
Completely false. Just look through MalwareTips and look at the backlash against every product out there for this or that bug. VS isn't being unfairly targeted. The forum beehive mindedness is being applied to it the same as any other security or non-security product.
 
  • Like
Reactions: oldschool

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
Completely false. Just look through MalwareTips and look at the backlash against every product out there for this or that bug. VS isn't being unfairly targeted. The forum beehive mindedness is being applied to it the same as any other security or non-security product.
PLEASE, I beg you, PLEASE provide a couple of links that demonstrates where people get really mad at the dev because of a simple bug. I honestly take it as a compliment and assume they are highly disappointed because they love VS's concept but absolutely hate it when there are bugs (like I do). Perhaps you can shed some light as to why this happens A LOT with VS. You have spent a lot of time pondering security software and emotional attachment.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top