RISK: Moderate liubomirwm's security config

Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#1
Windows Defender options from Group Policy: "Block at first sight: Enabled"; "Extended cloud check"50 secs"; "Cloud protection level: Zero-Tolerance blocking level", "Network inspection system protocol recognition: Enabled", "Behavior monitoring: Enabled", "Monitor file and program activity: Enabled", "Raw-volume write notifications: Enabled", "Controlled folder access: Enabled", "Network protection: Enabled".
Device Guard: Secure boot, DMA Protection, Virtialization Based Protection of Code Integrity, Credential Guard all enabled.
Early-Launch Antimalware: Good only drivers.

Exploit protection is using its default settings. Also i haven't configured anything in the attack surface reduction. I've heard of some tool called Hard_Configurator, haven't checked it yet. On my system Powershell has script execution disabled by default. Batch scripts for CMD are not disabled and i do not want to disable them. I'm interested in Edge's protections but let's be fair, Chrome's JavaScript engine is lightning fast. Also i've checked Chrome and Edge's mitigations with Process Hacker and it has most of the Edge features incl. new ones from Windows 10.
 

iapyx

Level 1
Joined
Jun 5, 2017
Messages
41
OS
Windows 10
Antivirus
ESET
#3
Really nice! I don't see any problems with this setup, but consider backing up System Images to some place, so you don't lose any operational settings or programs.

Thanks for sharing! :)
 
Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#4
I'll need to get an external hard-drive before i can backup system images.

I also have SImpleDNSCrypt which uses Cisco's OpenDNS servers against DNS requests MITM.

I am not really sure if i will add Malwarebytes AntiExploit in addition to Windows Defender's Exploit Guard. It will add some memory code injection detections. What do you think about it?
 

Mr.Wave

Level 15
Joined
Jul 28, 2016
Messages
724
OS
Windows 10
Antivirus
Qihoo 360
#5
I'll need to get an external hard-drive before i can backup system images.

I also have SImpleDNSCrypt which uses Cisco's OpenDNS servers against DNS requests MITM.

I am not really sure if i will add Malwarebytes AntiExploit in addition to Windows Defender's Exploit Guard. It will add some memory code injection detections. What do you think about it?
the chance of overlap is a great possibillity when doing this , either leave wd exploit guard , or shut that off and start using mbae , which will be better. kuddos for using dnscrypt! :)
 

Vasudev

Level 23
Joined
Nov 8, 2014
Messages
1,276
OS
Windows 10
Antivirus
Microsoft
#6
Last edited:

iapyx

Level 1
Joined
Jun 5, 2017
Messages
41
OS
Windows 10
Antivirus
ESET
#7
I am not really sure if i will add Malwarebytes AntiExploit in addition to Windows Defender's Exploit Guard. It will add some memory code injection detections. What do you think about it?
I removed MBAE a long while ago. It hasn't released a public beta version since July and I think Defender patches exploits relatively quickly, but I haven't tried it.
 
Likes: Daljeet
Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#8
I installed it and tested it with the Hitman pro exploit tool, many exploits succeeded without it, but have been blocked when i added the tool to the list of protected apps in MBAE. Exploit Guard hasn't popped up except for three or four times when the program stopped responding and i knew that it was because of built-in protections. That makes me feel sad.
 

Lightning_Brian

Level 11
Verified
Joined
Sep 1, 2017
Messages
514
OS
Windows 10
Antivirus
Norton
#9
Nice configuration! Thanks for sharing! There are some tweaks I'd like to recommend though. I'd highly recommend that you back up your computer. Two great programs that I recommend is Macrium Reflect and AOMEI Backupper Standard. Both of these are free! A good disk image can help you get back up and running quite fast without much downtime. If things go south you could be back up and running within minutes instead of hours and hours of time it may take to reinstall everything from scratch depending on the setup.

EEK is also a nice touch that you can add to your system as an on demand scanner. Norton Power Eraser would be yet another good one I'd recommend.

Windows Defender is ok if you know your system in and out and have it hardened. Windows Defender still isn't up to par at all. Have you seen AV Test's latest results? https://www.av-test.org/en/antivirus/home-windows/

I'd like to recommend to you Avast Free Antivirus for an on demand scaner. This has been among the best free AVs out there. :D

AV-TEST – The Independent IT-Security Institute
Avast and AVG: The only free antivirus to score 100% in AV-Comparatives Real-World Test
https://www.av-comparatives.org/wp-content/uploads/2017/06/avc_factsheet2017_05.pdf
Real-World Protection Test - AV-Comparatives

For anti malware I'd recommend Aemana-Antimalware. You can gain yourself a 751 day free lenience if you look around on MT's website! ;)

I hope my recommendations help you!

Sincerely,

Brian
 
Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#10
Update W 10 FCU to build 98. Add CCleaner, ZAM free, Malwarebytes Anti-Malware 2.x Free as on-demand scanner. Choose Kaspersky Rescue Disk 10 or Dr. Web LiveCD as an added.
Like @Trickster said, MR or Aomei Backupper for backup is good option. Personally prefer Macrium Reflect.
Keep NIS and WD updated using offline updates if online update fails Latest definition updates for Windows Defender Antivirus and other Microsoft antimalware - Windows Defender Security Intelligence
Thank you for the notice. :) The last time Windows checked for updates automatically it wasn't released, i updated manually.

I removed MBAE a long while ago. It hasn't released a public beta version since July and I think Defender patches exploits relatively quickly, but I haven't tried it.
I believe they don't post new threads and just update the one post present in their forum with the new info, effectively overriding it. But i'm not really sure.

Nice configuration! Thanks for sharing! There are some tweaks I'd like to recommend though. I'd highly recommend that you back up your computer. Two great programs that I recommend is Macrium Reflect and AOMEI Backupper Standard. Both of these are free! A good disk image can help you get back up and running quite fast without much downtime. If things go south you could be back up and running within minutes instead of hours and hours of time it may take to reinstall everything from scratch depending on the setup.

EEK is also a nice touch that you can add to your system as an on demand scanner. Norton Power Eraser would be yet another good one I'd recommend.

Windows Defender is ok if you know your system in and out and have it hardened. Windows Defender still isn't up to par at all. Have you seen AV Test's latest results? https://www.av-test.org/en/antivirus/home-windows/

I'd like to recommend to you Avast Free Antivirus for an on demand scaner. This has been among the best free AVs out there. :D

AV-TEST – The Independent IT-Security Institute
Avast and AVG: The only free antivirus to score 100% in AV-Comparatives Real-World Test
https://www.av-comparatives.org/wp-content/uploads/2017/06/avc_factsheet2017_05.pdf
Real-World Protection Test - AV-Comparatives

For anti malware I'd recommend Aemana-Antimalware. You can gain yourself a 751 day free lenience if you look around on MT's website! ;)

I hope my recommendations help you!

Sincerely,

Brian
Thank you! You are right about the backup images, i will see what i can do about it. I do watch these tests, but i am not really sure how they execute them. In AV-Comparatives, which i for some reasons seem to prefer, WD seems okay lately. I've been using Avast for years, but i like the direction that Microsoft is taking their AV and i hope they get this really serious and personal. I've also used Comodo Firewall alongside Avast but i uninstalled it and felt so much faster. It uses 20 MBs RAM or so but the delay in program opening is noticeable or at least was on the old laptop. I have that inner feeling of not bloating the PC with so much stuff and sticking with the essentials, i have no idea what is the better, it's just how i feel lately. :D
 

harlan4096

Moderator
MalwareTips Staff
AV-Tester
Verified
Joined
Apr 28, 2015
Messages
3,643
OS
Windows 10
Antivirus
Kaspersky
#12
@liubomirwm: I set temporally Your config as Caution, since no image system back solution in Your system.

Please also consider some of the already mentioned suggestions as add some on demand scanners (ZAM Free, MBAM, Norton Power Eraser, EmsiSoft E.K.).

Thanks for sharing :)
 

Andy Ful

Level 28
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,790
OS
Windows 10
Antivirus
Microsoft
#14
Device Guard: Secure boot, DMA Protection, Virtialization Based Protection of Code Integrity, Credential Guard all enabled.
...
On my system Powershell has script execution disabled by default. .
Device Guard does not work on Windows 10 Pro.
PowerShell script execution is by default blocked only for users, but not for malware. Powershell scripts can be still run when using office macros, shortcuts (.lnk), other scripts (.bat, .cmd, .vbs, .js, etc.).
The weak point of your setup can be macros embedded in documents (pdf, office), scripts and scriptlets.(y)
When using Defender, it is also good to know the limitations of SmartScreen - there are some typical situations, when SmartScreen will not check executables, even downloaded from the Internet.
 
Last edited:
Joined
Mar 1, 2014
Messages
225
OS
Windows 10
Antivirus
Microsoft
#16
Device Guard does not work on Windows 10 Pro.
PowerShell script execution is by default blocked only for users, but not for malware. Powershell scripts can be still run when using office macros, shortcuts (.lnk), other scripts (.bat, .cmd, .vbs, .js, etc.).
The weak point of your setup can be macros embedded in documents (pdf, office), scripts and scriptlets.(y)
When using Defender, it is also good to know the limitations of SmartScreen - there are some typical situations, when SmartScreen will not check executables, even downloaded from the Internet.
Hmm, i enabled it through Group Policy and manually started the Hyper-V Hypervisor feature. Msinfo32 says that it is enabled. Could you please desribe what you mean by "Device Guard doesn't work"? I think that i really need to take a look at your Hard_Configurator now. :D I don't use Microsoft Office or any other office tool, except Office Online for viewing.
 
Likes: harlan4096

Andy Ful

Level 28
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,790
OS
Windows 10
Antivirus
Microsoft
#17
Hmm, i enabled it through Group Policy and manually started the Hyper-V Hypervisor feature. Msinfo32 says that it is enabled. Could you please desribe what you mean by "Device Guard doesn't work"?
AppLocker, Device Guard and ATP will not work on Windows Home and Pro, despite the entries in Group Policy editor. Those solutions are for Enterprises (and Education) Windows versions.
Windows Defender Device Guard deployment guide (Windows 10)
Enable or Disable Device Guard in Windows 10
Hyper-V is a kind of virtual machine, and will work.
It is good when you use Office Online, because one important infection vector is well protected.
You have a pretty good setup. If you want some hardening you can use Hard_Configurator. It is a GUI to activate Windows built-in features which apply a kind of 'execution firewall'.
 

JHomes

Level 7
Verified
Joined
Jul 7, 2016
Messages
321
OS
Windows 10
Antivirus
AVG
#19
You need a backup. Understandably you do not have storage media, but there's tools like Rollback Rx Home which use the local machine; and if you do the occasional backup with Macrium Reflect to a Dropbox account you'll be set.
 
Likes: bribon77

Andy Ful

Level 28
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,790
OS
Windows 10
Antivirus
Microsoft
#20
Having a backup of the system is convenient, practical and recommended. Are you prepared to recover your system, when Windows will not boot at all?
 
Likes: bribon77

Similar Threads

Similar Threads