Advanced Plus Security Marana's Security Config 2020

Last updated
Oct 30, 2020
How it's used?
For sharing
Operating system
Windows 10
Log-in security
Security updates
Allow security updates
User Access Control
Always notify
Real-time security
Windows:
  • Windows Defender
  • Hard_Configurator
  • ConfigureDefender (part of Hard_Configurator)
  • NoVirusThanks OSArmor
  • Macrium Image Guardian
  • G DATA USB Keyboard Guard
Network:
  • Malwarebytes Windows Firewall Control
  • Firewall Hardening (part of Hard_Configurator)
  • pfSense firewall
  • Separate VLANs for Home, Work, Guest and IOT use
  • Device certificate based 802.1X EAP-TLS authentication for wired and wireless Home VLAN devices
Firewall security
Microsoft Defender Firewall
About custom security
  • Microsoft Security baseline for Windows 10 v1809 modified with my own delta
  • Microsoft Office 2016 Security baseline modified with my own delta
  • Several Windows features turned off
  • Several Windows services disabled
  • Some Windows registry tweaks
  • Some ACL based directory hardenings
  • Windows Defender Sandbox enabled
  • Exploit protection enabled for Edge, Microsoft Office programs, Firefox etc.
  • Hard_Configurator in Default Deny setup (Enforcement for all files), modified with my own delta (56 Designated File Types, 170 Blocked Sponsors)
  • ConfigureDefender with HIGH settings
  • Firewall Hardening with Recommended H_C + LOLBins
  • OneDrive installed per machine to avoid running it from User Space
  • BitLocker with dTPM enbled for all disk partitions
  • Outbound network connections blocked by default in Windows Firewall (with WFC)
Periodic malware scanners
None currently in use. Emsisoft EEK is currently my preferred tool. Will install only when/if needed...
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge Chromium Stable as primary browser
Firefox as a backup browser
Extensions (for Edge):
  • Certificate Info
  • Netcraft Extension
  • uBlock Origin (LAZY-Medium mode with some modifications)
  • Privacy Possum
  • CSS Exfil Protection
  • Canvas Fingerprint Defender
  • Decentraleyes
  • I don’t care about Cookies
  • Cookie AutoDelete
Maintenance tools
  • HWiNFO64
  • Hard Disk Sentinel Enterprise
  • Active@Partition Manager, Hex Editor Neo, FileVerifier++
  • DiskSavvy, WinMerge
  • Phpar2, MultiPar
  • HardWipe, VeraCrypt
  • 7-Zip, BandiZip
  • OpenSSL
  • Autoruns, Process Explorer, Process Monitor, Process Hacker, PsExec, accesschk, icacls
  • Homebrewed script for automatic temporary files cleanup
File and Photo backup
Macrium Reflect Workstation
  • GFS backup scenarios for all relevant partitions
  • Backups automatically encrypted with AES-256
  • Fortnightly manual backup replication alternately to two external disk drives stored in two remote locations
  • Yearly EMP-protected backup replication to a safety-deposit box in an underground bank vault :D
SecondCopy
  • Used to replicate backups to external disks
  • Used to automatically backup my phone whenever connected to the PC (phone mapped as a disk drive via MTPDrive)
System recovery
Included in daily data backups
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
  • Motherboard: ASUS AMD X570
  • CPU: AMD Ryzen 5 3600
  • RAM: 32 GB DDR4
  • Storage:
    • 2 x 1 TB SSD
    • 2 x 4 TB HDD
    • 1 x 256 GB SSD
    • 1 x 2,5” + 2 x 3,5” internal SATA hot swap HDD/SSD docks
Notable changes
October-November 2019:
  • Upgraded Windows from 1607 LTSB to LTSC 2019 (I always upgrade via clean install)
  • Upgraded Windows 10 Security baseline from 1607 to 1809
  • Migrated from SSRP + MemProtect to Hard_Configurator
  • Migrated from Firefox to Chromium Edge Stable as the primary web browser
  • Migrated from Intel based CPU + motherboard to AMD (triggered by a HW failure in motherboard)
2020-02-27:
  • Some clarifications added
  • Documented two system tools I forgot to mention: Phpar2 and Multipar
2020-10-31:
  • Added description of automatic phone backups (SecondCopy, MTPDrive)

Marana

Level 1
Thread author
Verified
Jan 21, 2018
43
I currently use this security configuration in most of the personal computers in our home. For the most parts, it is used on some other computers, too.

N.B. I deliberately use both H_C and OSA since to me they seem to complement each other quite nicely. For example, I cannot use H_C to block runonce.exe totally, since some of my applications need it. So, I have created a custom block rule plus a few exclusion rules for runonce.exe in OSA. I have never experienced any issues with running both in parallel. I also have successfully used OSA along with SSRP before migrating to H_C.
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
I guess you use the "Canvas Fingerprint Defender" extension for Edge Chromium.
It does not seem to me very efficient if we consider that the extension that devised the "noise theory" has not been developed since 2017.
The extension, it seems to me, that intervenes only in a single form of fingerprinting, the Canvas Fingerprinting.
 

Marana

Level 1
Thread author
Verified
Jan 21, 2018
43
I'm prepared to download it as soon as I'll get my first infection! :)(y)

During the years I have occasionally tried various second opinion scanners (including e.g. EEK and HitmanPro), and at some point of time I even had a licensed version of HMP, but that was already for some years ago... From what I remember of my own tests and what I have read more recently, EEK is nowadays my favorite.
 
F

ForgottenSeer 823865

N.B. I deliberately use both H_C and OSA since to me they seem to complement each other quite nicely. For example, I cannot use H_C to block runonce.exe totally, since some of my applications need it.
Why H_C on Enterprise? i also uses Enterprise and i was told from its dev , that it is not necessary, since you have Applocker and SRP.
So is it for convenience?

About OSA i had to install it since the use of wildcards on Applocker and SRP are quite "inconsistent".

note that it seems that SRP or Applocker rules are executed before OSA ones
 
Last edited by a moderator:

Marana

Level 1
Thread author
Verified
Jan 21, 2018
43
@Umbra Yes, just for convenience reasons.

I actually tried Applocker for a short period of time a few years ago, but having already used to the usability of SSRP (which I at that time had used already for some years) I reverted back to SSRP.

I then followed the development of H_C with interest for some time and played around with it for a few months last year. And by the end of the year I decided to give it a go when I upgraded from 1607 to 1809.

I still like SSRP's user interface very much and I think that for layperson it might be more easily manageable than H_C - but of course this would be like comparing apples with oranges, and such comparison would not be fair for H_C with its superior functionality. And of course it was exactly H_C's more versatile functionality that eventually made me to make the decision.
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Thank you for pointing that out. I'll take a look on it! :)

I did a quick test myself.
As in Chrome, the Client Rectangle Blocker * is inefficient.
Although I don't use 4 Fingerprinting settings.

Another problem that the extension does not block the JS Fonts.

The combination with other extensions to remedy this * could in some cases cause an overlap of deleterious effects.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
And I thought it was a separate program :) As I understand it, it looks like the rules for the firewall in SysHardener.
SysHardener can block many important LOLBins via Windows Firewall.
SysHardener does not use Firewall Policies, but standard Firewall rules. FirewallHardening has also some important additional rules and allows the user to add custom rules.
SysHardener does not have the log of blocked outbound connections.(y)
 
Last edited:

Marana

Level 1
Thread author
Verified
Jan 21, 2018
43
And I thought it was a separate program :) As I understand it, it looks like the rules for the firewall in SysHardener.
Sorry, I should have documented it more clearly. I'll fix it...
 
  • Like
Reactions: Zorro

Marana

Level 1
Thread author
Verified
Jan 21, 2018
43
I purchased a new phone recently and while migrating all the data from my old phone to the new one I decided to start taking care of my phone backups in a more systematic way than previously...

So I purchased a license for MTPDrive which allows to automatically allocate a drive letter to the phone whenever it is connected to my PC via USB cable. Then I created a new backup profile in my SecondCopy backup software configuration to automatically backup all the phone data that is relevant to me whenever the phone pops up as a disk drive in the PC. So now all my phone call logs, SMS and MMS messages, photos, downloaded files, WhatsApp databases, Nova Launcher settings etc. are automatically backed up at least a few times in a week.

SecondCopy is configured to perform an "Exact copy" backup of the relevant phone files to my PC and save the previous version of all modified and deleted files in a parallel archive directory in my PC backup disk.

I also fine tuned my homebrewed temp file cleaner utility to purge all files older than one month in the archive directory. So now I have an automatically maintained, well organized one month long backup history of all my important phone data in my PC disk, and all I have to do is plug the phone into the USB cable (which I do to charge my phone anyway).

My fortnightly replication procedure (that I use to replicate my PC backups alternatively to two external disks that I store in remote locations) now replicates also the phone backups along with the regular Macrium backup files.

Previously I used to backup my phone data only occasionally and manually, and e.g. call logs and SMS messages were practically unprotected... So, now I feel I have at least somewhat better protection of my phone data than previously :)(y)
 
  • Like
Reactions: Protomartyr

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top