CAUTION liubomirwm's security config

Discussion in 'PC Security Configuration' started by liubomirwm, Dec 9, 2017.

  1. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    Most recent changes:
    01/12/2017
    Operating System:
    • Windows 10
    OS Edition:
    Pro
    OS Build:
    1709/16299.64
    OS Architecture:
    64-bit
    User Access Control:
    Always Notfiy
    Firewall:
    Windows Firewall
    OS Security Updates:
    Automatic Updates
    OS File Reputation:
    • SmartScreen for Windows 10
    Type of User Account:
    Microsoft Account
    Recent Malware Attacks:
    No
    Testing AV's with Malware Samples:
    No
    Real-time Malware Protection:
    Windows Defender
    On-demand Scanners:
    Kaspersky TDSSKiller, Hitman Pro
    Security Product Settings:
    Custom
    Browsers and Extensions:
    Google Chrome
    -Authy, LastPass, HTTPSEverywhere, Ublock Origin, GMail Notifier
    Preferred Search Engine:
    Google
    Password Manager:
    LastPass
    Content Blocker (Ads, Scripts, Trackers):
    Ublock Origin
    Frequently used System Utilities:
    LightShot, 7-zip,
    Frequency of Data Backups:
    Daily Backups
    Data Backup Software:
    Google Drive
    Frequency of System Image Backups:
    No Backups
    Windows Defender options from Group Policy: "Block at first sight: Enabled"; "Extended cloud check"50 secs"; "Cloud protection level: Zero-Tolerance blocking level", "Network inspection system protocol recognition: Enabled", "Behavior monitoring: Enabled", "Monitor file and program activity: Enabled", "Raw-volume write notifications: Enabled", "Controlled folder access: Enabled", "Network protection: Enabled".
    Device Guard: Secure boot, DMA Protection, Virtialization Based Protection of Code Integrity, Credential Guard all enabled.
    Early-Launch Antimalware: Good only drivers.

    Exploit protection is using its default settings. Also i haven't configured anything in the attack surface reduction. I've heard of some tool called Hard_Configurator, haven't checked it yet. On my system Powershell has script execution disabled by default. Batch scripts for CMD are not disabled and i do not want to disable them. I'm interested in Edge's protections but let's be fair, Chrome's JavaScript engine is lightning fast. Also i've checked Chrome and Edge's mitigations with Process Hacker and it has most of the Edge features incl. new ones from Windows 10.
     
    daljeet, steel9 and Vasudev like this.
  2. Trickster

    Trickster Level 14

    Jul 28, 2016
    663
    5,200
    Loving / caring Husband :)
    Europe
    Windows 10
    BullGuard
    some suggestions :

    add zemana anti malware free and emsisoft emergency kit to the list of on demand scanners. get macruim reflect free or aomei backupper free as a solid program for backup solution. thanks for sharing your config!
     
  3. iapyx

    iapyx Level 1

    Jun 5, 2017
    40
    123
    Northern California
    Windows 10
    ESET
    Really nice! I don't see any problems with this setup, but consider backing up System Images to some place, so you don't lose any operational settings or programs.

    Thanks for sharing! :)
     
    daljeet and Vasudev like this.
  4. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    I'll need to get an external hard-drive before i can backup system images.

    I also have SImpleDNSCrypt which uses Cisco's OpenDNS servers against DNS requests MITM.

    I am not really sure if i will add Malwarebytes AntiExploit in addition to Windows Defender's Exploit Guard. It will add some memory code injection detections. What do you think about it?
     
    daljeet likes this.
  5. Trickster

    Trickster Level 14

    Jul 28, 2016
    663
    5,200
    Loving / caring Husband :)
    Europe
    Windows 10
    BullGuard
    the chance of overlap is a great possibillity when doing this , either leave wd exploit guard , or shut that off and start using mbae , which will be better. kuddos for using dnscrypt! :)
     
    daljeet and liubomirwm like this.
  6. Vasudev

    Vasudev Level 22

    Nov 8, 2014
    1,109
    2,185
    Student
    India
    Windows 10
    Microsoft
    #6 Vasudev, Dec 9, 2017
    Last edited: Dec 9, 2017
    daljeet, liubomirwm and Trickster like this.
  7. iapyx

    iapyx Level 1

    Jun 5, 2017
    40
    123
    Northern California
    Windows 10
    ESET
    I removed MBAE a long while ago. It hasn't released a public beta version since July and I think Defender patches exploits relatively quickly, but I haven't tried it.
     
    daljeet likes this.
  8. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    I installed it and tested it with the Hitman pro exploit tool, many exploits succeeded without it, but have been blocked when i added the tool to the list of protected apps in MBAE. Exploit Guard hasn't popped up except for three or four times when the program stopped responding and i knew that it was because of built-in protections. That makes me feel sad.
     
    daljeet likes this.
  9. Lightning_Brian

    Lightning_Brian Level 7

    Sep 1, 2017
    335
    1,699
    Information Technology
    USA
    Windows 10
    Norton
    Nice configuration! Thanks for sharing! There are some tweaks I'd like to recommend though. I'd highly recommend that you back up your computer. Two great programs that I recommend is Macrium Reflect and AOMEI Backupper Standard. Both of these are free! A good disk image can help you get back up and running quite fast without much downtime. If things go south you could be back up and running within minutes instead of hours and hours of time it may take to reinstall everything from scratch depending on the setup.

    EEK is also a nice touch that you can add to your system as an on demand scanner. Norton Power Eraser would be yet another good one I'd recommend.

    Windows Defender is ok if you know your system in and out and have it hardened. Windows Defender still isn't up to par at all. Have you seen AV Test's latest results? https://www.av-test.org/en/antivirus/home-windows/

    I'd like to recommend to you Avast Free Antivirus for an on demand scaner. This has been among the best free AVs out there. :D

    AV-TEST – The Independent IT-Security Institute
    Avast and AVG: The only free antivirus to score 100% in AV-Comparatives Real-World Test
    https://www.av-comparatives.org/wp-content/uploads/2017/06/avc_factsheet2017_05.pdf
    Real-World Protection Test - AV-Comparatives

    For anti malware I'd recommend Aemana-Antimalware. You can gain yourself a 751 day free lenience if you look around on MT's website! ;)

    I hope my recommendations help you!

    Sincerely,

    Brian
     
    harlan4096, Vasudev, daljeet and 2 others like this.
  10. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    Thank you for the notice. :) The last time Windows checked for updates automatically it wasn't released, i updated manually.

    I believe they don't post new threads and just update the one post present in their forum with the new info, effectively overriding it. But i'm not really sure.

    Thank you! You are right about the backup images, i will see what i can do about it. I do watch these tests, but i am not really sure how they execute them. In AV-Comparatives, which i for some reasons seem to prefer, WD seems okay lately. I've been using Avast for years, but i like the direction that Microsoft is taking their AV and i hope they get this really serious and personal. I've also used Comodo Firewall alongside Avast but i uninstalled it and felt so much faster. It uses 20 MBs RAM or so but the delay in program opening is noticeable or at least was on the old laptop. I have that inner feeling of not bloating the PC with so much stuff and sticking with the essentials, i have no idea what is the better, it's just how i feel lately. :D
     
    Vasudev, daljeet and Trickster like this.
  11. Exterminator

    Exterminator Super Moderator
    Staff Member

    Oct 23, 2012
    12,279
    46,650
    USA
    Windows 10
    Kaspersky
    Implement some type of system backup solution as soon as you can.
    Consider an additional on demand scanner(s).
    Thanks for sharing your config :)
     
  12. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,622
    20,667
    Almería (Spain)
    Windows 10
    Kaspersky
    @liubomirwm: I set temporally Your config as Caution, since no image system back solution in Your system.

    Please also consider some of the already mentioned suggestions as add some on demand scanners (ZAM Free, Malwarebytes Anti-Malware, Norton Power Eraser, EmsiSoft E.K.).

    Thanks for sharing :)
     
    daljeet, JM Security and Vasudev like this.
  13. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,957
    SecureMyBit Developer
    Unknown
    Follow suggestions about backups and add ZAM Free.

    Thanks for sharing.
     
    daljeet and harlan4096 like this.
  14. Andy Ful

    Andy Ful Level 21

    Dec 23, 2014
    1,098
    4,698
    business
    Poland
    Windows 10
    Microsoft
    #14 Andy Ful, Dec 12, 2017
    Last edited: Dec 12, 2017
    Device Guard does not work on Windows 10 Pro.
    PowerShell script execution is by default blocked only for users, but not for malware. Powershell scripts can be still run when using office macros, shortcuts (.lnk), other scripts (.bat, .cmd, .vbs, .js, etc.).
    The weak point of your setup can be macros embedded in documents (pdf, office), scripts and scriptlets.(y)
    When using Defender, it is also good to know the limitations of SmartScreen - there are some typical situations, when SmartScreen will not check executables, even downloaded from the Internet.
     
    DeepWeb, harlan4096 and Sunshine-boy like this.
  15. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,171
    5,189
    IRAN
    Windows 10
    ESET
    Do I need device guard while using VMware or virtual box?or because they virtualize the hardware i don't need it?
     
  16. liubomirwm

    liubomirwm Level 5

    Mar 1, 2014
    224
    559
    Student
    Status Excessu
    Windows 10
    Microsoft
    Hmm, i enabled it through Group Policy and manually started the Hyper-V Hypervisor feature. Msinfo32 says that it is enabled. Could you please desribe what you mean by "Device Guard doesn't work"? I think that i really need to take a look at your Hard_Configurator now. :D I don't use Microsoft Office or any other office tool, except Office Online for viewing.
     
    harlan4096 likes this.
  17. Andy Ful

    Andy Ful Level 21

    Dec 23, 2014
    1,098
    4,698
    business
    Poland
    Windows 10
    Microsoft
    AppLocker, Device Guard and ATP will not work on Windows Home and Pro, despite the entries in Group Policy editor. Those solutions are for Enterprises (and Education) Windows versions.
    Windows Defender Device Guard deployment guide (Windows 10)
    Enable or Disable Device Guard in Windows 10
    Hyper-V is a kind of virtual machine, and will work.
    It is good when you use Office Online, because one important infection vector is well protected.
    You have a pretty good setup. If you want some hardening you can use Hard_Configurator. It is a GUI to activate Windows built-in features which apply a kind of 'execution firewall'.
     
    bribon77 and harlan4096 like this.
  18. Andy Ful

    Andy Ful Level 21

    Dec 23, 2014
    1,098
    4,698
    business
    Poland
    Windows 10
    Microsoft
    Sorry, I am not a specialist on Device Guard.:(
     
    bribon77 and Sunshine-boy like this.
  19. JHomes

    JHomes Level 6

    Jul 7, 2016
    280
    1,406
    IT
    Dallas
    Windows 10
    AVG
    You need a backup. Understandably you do not have storage media, but there's tools like Rollback Rx Home which use the local machine; and if you do the occasional backup with Macrium Reflect to a Dropbox account you'll be set.
     
    bribon77 likes this.
  20. Andy Ful

    Andy Ful Level 21

    Dec 23, 2014
    1,098
    4,698
    business
    Poland
    Windows 10
    Microsoft
    Having a backup of the system is convenient, practical and recommended. Are you prepared to recover your system, when Windows will not boot at all?
     
    bribon77 likes this.
Loading...
Similar Threads Forum Date
liubomirwm's security config SCW Archive Feb 21, 2016
SECURE AMD1's Security Config (2018) PC Security Configuration Today at 12:31 PM
G-Suite Security Center Aims to Improve SMB Security Security News Today at 7:09 AM