Latest Changes
Feb 17, 2019
Operating System
Windows 10
Windows Edition
Home
Build
1809
System Architecture
64-bit OS
Security Updates
Automatic Updates - All security and feature updates
User Access Control
Always Notify
Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Windows Defender SmartScreen (Windows 10)
User Account
Standard - User has some control over the settings
Recent Security Incidents
No malware or privacy issues
Malware Testing
None - No Malware on host PC or VM
Real-time Web & Malware Protection
Kaspersky cloud av
OSArmor
Custom Settings For Real-Time Protection
Custom - Major changes for Increased Security
Custom Settings For Real-Time Protection Details
Virus and Malware Removal Tools
Malwarebytes free
Adwcleaner
Zemana antimalware 3.0 beta
Browsers and Extensions
Google chrome:
  • Ublock origin
  • Netcraft
  • Bitwarden
Privacy
Anonymize local IPs exposed by WebRTC (enable)
Reduce default 'referer' header granularity. (enable)
Hyperlink auditing (disable)

Security
Enable AppContainer Lockdown (enabled - by default, but as long as it is in flags I enable it)
Enable GPU AppContainer Lockdown (enable)
PDF isolation enabled
Block unsafe downloads over insecure connections (enabled)
Mark non-secure origins as non-secure (mark actively as dangereous)
TLS 1.3 downgrade hardening (enabled)
Web Privacy
Cloudflare DNS
Password Management
Bitwarden
Default Web Search
Google
System Utilities
Geek uninstaller
O&O Shutup
Data Backup
External drive
Frequency of Data backups
Monthly
System Backup
Aomei backupper Free
Frequency of System backups
Regularly
Computer Activity
Gaming
Banking
Browsing Internet and email
Install new programs on a weekly basis
Watch movies and other video content on the Internet
Device is used by family members
Computer Specifications
Asus m5A97
AMD fx-6300
MSI GTX-970
HDD 1TB
8GT Kingston Ram, 3100(?)

Moonhorse

Level 23
Content Creator
Verified
17.1.2019

Removed
- ccleaner
- defragler
- bleachbit
- roguekiller

extensions removed:
- windows defender browser protection
- emsisoft

Added
+ Privazer ( without installation to run browser cleaner)
+ Privazer shellbag anylyzer

Extensions added:
+ Malwarebytes (welcome back)
+ Decentraleyes

+ Also added firefox nightly secondary browser, chrome still remains main browser. Nightly used mostly on browsing and banking is done on chrome

Computer Security Knowledge status updated to : medium
 

Moonhorse

Level 23
Content Creator
Verified
Moonhorse,
Have you applied 'Defender high settings' by using ConfigureDefender button in H_C?
I wasnt aware about that, configuredefender were part of H_C:emoji_innocent:

Well i applied defender high settings, close button didnt work so i just exit with X
Is there any way to do check i have such settings enabled, without opening configuredefender?
I know something about srp and H_C but not anything bout configuredefender
 

Andy Ful

Level 36
Content Creator
Trusted
Verified
I wasnt aware about that, configuredefender were part of H_C:emoji_innocent:

Well i applied defender high settings, close button didnt work so i just exit with X
Is there any way to do check i have such settings enabled, without opening configuredefender?
I know something about srp and H_C but not anything bout configuredefender
The Close button works, but sometimes you have to clik it two or more times (slow clicks).
I will probably look at this issue in the future version. The actual WD settings can be easily seen in the PowerShell Console by using the command:
get-mpPreference
 
Last edited:

Moonhorse

Level 23
Content Creator
Verified
The Close button works, but sometimes you have to clik it two or more times (slow clicks).
I will probably look at this issue in the future version. The actual WD settings can be easily seen in the PowerShell Console by using the command:
get-mpPreference
Disablecatchupfullscan true
disablecatchupquickscan true

Do this mean on-demand scanning is disabled?
And about disablelowcpupriority_ true, shouldnt this one boost performance?
 

Andy Ful

Level 36
Content Creator
Trusted
Verified
Disablecatchupfullscan true
disablecatchupquickscan true

Do this mean on-demand scanning is disabled?
And about disablelowcpupriority_ true, shouldnt this one boost performance?
Those settings are not configured by Configuredefender. I think that they are the default settings. I do not have the setting disablelowcpupriority (it should be probably EnableLowCpuPriority). Read the below:
Set-MpPreference (defender)
 
I did not know about Neustar DNS (y)

Threat Protection
For users who want protection against malicious domains for security purposes. Includes Reliability & Performance.LowMalware, Ransomware, Spyware & Phishing.

It's powerfull DNS for Malware, Ransomware, Spyware & Phishing ?
 

Moonhorse

Level 23
Content Creator
Verified
I did not know about Neustar DNS (y)

Threat Protection
For users who want protection against malicious domains for security purposes. Includes Reliability & Performance.LowMalware, Ransomware, Spyware & Phishing.

It's powerfull DNS for Malware, Ransomware, Spyware & Phishing ?
Since the threat protection will block torrents/warez sites, and those are pretty much where you could download something suspicious i would say its worth to add

Im myself from eu, i used cloudflare before but i cant say i have any difference in loading speed than with neustar

Today i visited few sites that were advertised in twitch ( are fake/ phishing sites) and neustar dns aswell blocked them, but with the malware category

But yes, neustar is protection wide best DNS you can get

Edit: only downside of DNSthreat blocking is that you cant whitelist domains, but i can well put the neustar business protection on without getting blocked by any sites i visit
 
Since the threat protection will block torrents/warez sites, and those are pretty much where you could download something suspicious i would say its worth to add

Im myself from eu, i used cloudflare before but i cant say i have any difference in loading speed than with neustar

Today i visited few sites that were advertised in twitch ( are fake/ phishing sites) and neustar dns aswell blocked them, but with the malware category

But yes, neustar is protection wide best DNS you can get

Edit: only downside of DNSthreat blocking is that you cant whitelist domains, but i can well put the neustar business protection on without getting blocked by any sites i visit
Thanks for your reply :emoji_ok_hand:
 
Reactions: Moonhorse

Moonhorse

Level 23
Content Creator
Verified
Update 23.1.2019

- Removed hard configurator ( due family pc, and it feels like im in locked mode all the time)

+ Syshardener 1.5 added ( max settings) To replace H_C

H_C Is great, but i ran into problems whitelisting even i got the help i needed. Its way to learn Smartscreen and i respect that

now i feel bit awkward,
 

Moonhorse

Level 23
Content Creator
Verified
What other programs have you thought about using for your current system? @Moonhorse

~LDogg
Im just gonna stay using Windows defender and avoid system utilities like ccleaner etc. use windows cleaning tools/ defrag instead

I just ran O & O shutup > Syshardener on max > and im gonna keep it like this. Im not gonna add any bb like OSA or any other tool for that

Also start to use portable antimalwares like EEK, HMP, Only Zam will be installed to be part of beta program, but keep windows very clean and minimal with installed softwares
 

LDogg

Level 24
Verified
Im just gonna stay using Windows defender and avoid system utilities like ccleaner etc. use windows cleaning tools/ defrag instead

I just ran O & O shutup > Syshardener on max > and im gonna keep it like this. Im not gonna add any bb like OSA or any other tool for that
This does make sense, fair play.

~LDogg
 

Andy Ful

Level 36
Content Creator
Trusted
Verified
Update 23.1.2019

- Removed hard configurator ( due family pc, and it feels like im in locked mode all the time)

+ Syshardener 1.5 added ( max settings) To replace H_C

H_C Is great, but i ran into problems whitelisting even i got the help i needed. Its way to learn Smartscreen and i respect that

now i feel bit awkward,
Default-deny setup is not for everyone. It is intended for the users, who rarely install the new applications, because new applications often require some whitelisting.:giggle:
If you did not feel happy with it, then SysHardener is a good choice, because it blocks/restricts script interpreters, and macros (in the supported office applications). (y)
 

Moonhorse

Level 23
Content Creator
Verified
@Andy Ful Well i rarely install new applications, but i had the problem with whitelisting. I couldve managed to life with that, no worries i just think syshardener is more familiar for noob like me

Also i guess H_C is TRUE default deny and not crappy default deny wich is relying in trusted vendor list. As we see its doing good job on askalans tests :emoji_thinking:
 

Similar Threads

Similar Threads