- May 29, 2018
- 2,606
Moonhorse's Security Config 2019
- Thread starter Moonhorse
- Start date
Hey Moon, why not backups? Add Macrium Reflect Free or AOMEI Backupper.
I am ready to read 50 pages
I am ready to read 50 pages
- May 29, 2018
- 2,606
I have nothing to backup, and if trouble happens il just clean install from ISO ( And after windows buids)Hey Moon, why not backups? Add Macrium Reflect Free or AOMEI Backupper.
I am ready to read 50 pages
That's ok.I have nothing to backup, and if trouble happens il just clean install from ISO ( And after windows buids)
- Mar 13, 2016
- 1,298
With Comodo cloud AV it is easy to set a deny execute (block rule) on your Documents, Movies, Music and Videos folders using sandbox rules. Normally no software should execute from these folders, so it should have zero impact on useability.
- May 29, 2018
- 2,606
Theyre protected by default, invisible from sandboxed files > and already everything will be sandboxed by main rule
- Oct 31, 2014
- 1,712
Hey Moon, why not backups? Add Macrium Reflect Free or AOMEI Backupper.
I am ready to read 50 pages
- May 29, 2018
- 2,606
Forgot to add:
- geek uninstaller
Also replaced nano adblocker +defender with ublock origin
And malwarebytes extension with bitdefender trafficlight due false positive
Mainly wanted to ask is this thread marked as moderate, because of system backup missing? @harlan4096 Or im i missing something
- geek uninstaller
Also replaced nano adblocker +defender with ublock origin
And malwarebytes extension with bitdefender trafficlight due false positive
Mainly wanted to ask is this thread marked as moderate, because of system backup missing? @harlan4096 Or im i missing something
- Apr 28, 2015
- 8,664
Follow suggestions about Image System Backup solutions, thanks for sharing
- Feb 13, 2017
- 737
I guess sytem image backups are not mandatory, but they do save you a lot of time if you happen to have some problem.
The rest of the config is absolutely fine.
Thanks for sharing.
The rest of the config is absolutely fine.
Thanks for sharing.
- Jul 6, 2017
- 2,392
In case of disaster. If you have a backup prevents you from reformatting and reconfiguring browsers, antivirus, System, ect ect.
- May 29, 2018
- 2,606
I have followed above suggestions and made few changes to my current security config
- Removed comodo cloud antivirus ( i couldnt enable gpu plugin on java client i use, and the removing CCAV solved the problem.)
+ Windows defender as main antivirus
+ Hard_Configurator with recommended SRP settings and Restrictions, Default deny ENABLED
+ Aomei backupper free for the backups, as suggested above
+ Bitdefender trafficlight got removed and replaced with Emsisoft extension and Windows defender browser protection.
And anyone to comment , im asking from you guys does running windows defender in sandbox mode really matters, should i enable it? Since it have to be enabled manually
- Removed comodo cloud antivirus ( i couldnt enable gpu plugin on java client i use, and the removing CCAV solved the problem.)
+ Windows defender as main antivirus
+ Hard_Configurator with recommended SRP settings and Restrictions, Default deny ENABLED
+ Aomei backupper free for the backups, as suggested above
+ Bitdefender trafficlight got removed and replaced with Emsisoft extension and Windows defender browser protection.
And anyone to comment , im asking from you guys does running windows defender in sandbox mode really matters, should i enable it? Since it have to be enabled manually
- Mar 29, 2018
- 7,107
Nice setup. You come over to the Dark Side! I don't think sandboxing is a big deal. Either use it or don't.
I don't think sandboxing is a big deal. Either use it or don't. 
- Dec 23, 2014
- 8,129
Do you have any problems with whitelisting?
If the computer is used also by the family members, then you can optionally consider using Defender High settings + SmartScreen set to Block (use ConfigureDefender option in H_C).
If you do not plan to use Controlled Folder Access, then you can change its setting from Audit to Block.
Using H_C is not easy in the beginning, so do not hesitate to PM about problems.
If the computer is used also by the family members, then you can optionally consider using Defender High settings + SmartScreen set to Block (use ConfigureDefender option in H_C).
If you do not plan to use Controlled Folder Access, then you can change its setting from Audit to Block.
Using H_C is not easy in the beginning, so do not hesitate to PM about problems.
WD sandbox is to protect WD from being tampered with. If you have efficient 3rd party softs, WD shouldn't be even touched.
I thought it was to protect the OS from un-patched vulnerabilities and had nothing to do with WD being turned off or something like that? Maybe I am misunderstanding, but I thought MS was also introducing a separate tamper protection to prevent WD being messed with?
@Raiden you will have sandboxed WD as I explained above.
Then on Win10 pro/Ent, you will have application sandboxing to test apps/files.
Anyway with MS, nothing is sure.
Then on Win10 pro/Ent, you will have application sandboxing to test apps/files.
Anyway with MS, nothing is sure.
- Mar 29, 2018
- 7,107
Do you have any problems with whitelisting?...
... Using H_C is not easy in the beginning, so do not hesitate to PM about problems.
Even I learned to whitelist by hash, etc. If @oldschool can do it, @Moonhorse can do it. And yes, you may ask Andy anything. His customer support is most excellent! Companies should model their's after him. The latter will never happen.
- Dec 23, 2014
- 8,129
Windows Defender processes run with high privileges, and can be exploited (in theory) by the malware via Defender vulnerabilities. This is also true for any AV and can be very dangerous, so running those processes in the sandbox is reasonable. They still can be exploited, but the exploit is isolated from the system in the sandbox.
WD Tamper protection is another kind of self defense. It prevents other application from changing some WD settings (no exploit of WD processes). Microsoft does not say what settings will be protected, but I can guess that disabling WD or disabling WD real-time protection will be included. That is why, probably, Microsoft forced me to exclude 'disabling WD real-time protectionin' setting from ConfigureDefender.
WD Tamper protection is another kind of self defense. It prevents other application from changing some WD settings (no exploit of WD processes). Microsoft does not say what settings will be protected, but I can guess that disabling WD or disabling WD real-time protection will be included. That is why, probably, Microsoft forced me to exclude 'disabling WD real-time protectionin' setting from ConfigureDefender.
Last edited:
- Nov 7, 2016
- 468
Similar threads
