Advanced Plus Security Moonhorse's Security Config 2019

[Moonhorse]

@Andy Ful Whitelisting was pretty simple to do, cheers

About the sandbox, i enabled it and re-ran H_C settings

+ Added O&O shutup to config, as i forgot to post it earlier

 

[Andy Ful]

Even I learned to whitelist by hash, etc. If @oldschool can do it, @Moonhorse can do it. And yes, you may ask Andy anything. His customer support is most excellent! Companies should model their's after him. The latter will never happen.

Default-deny protection is not friendly to most people, so I have much time to help others.

 

[LDogg]

Nice config always!

~LDogg

 

[Moonhorse]

17.1.2019

Removed
- ccleaner
- defragler
- bleachbit
- roguekiller

extensions removed:
- windows defender browser protection
- emsisoft

Added
+ Privazer ( without installation to run browser cleaner)
+ Privazer shellbag anylyzer

Extensions added:
+ Malwarebytes (welcome back)
+ Decentraleyes

+ Also added firefox nightly secondary browser, chrome still remains main browser. Nightly used mostly on browsing and banking is done on chrome

Computer Security Knowledge status updated to : medium

 

[LDogg]

Liking the updates as per usual!

~LDogg

 

[Andy Ful]

Moonhorse,
Have you applied 'Defender high settings' by using ConfigureDefender button in H_C?

 

[Moonhorse]

Moonhorse,
Have you applied 'Defender high settings' by using ConfigureDefender button in H_C?

I wasnt aware about that, configuredefender were part of H_C:emoji_innocent:

Well i applied defender high settings, close button didnt work so i just exit with X
Is there any way to do check i have such settings enabled, without opening configuredefender?
I know something about srp and H_C but not anything bout configuredefender

 

[Andy Ful]

I wasnt aware about that, configuredefender were part of H_C:emoji_innocent:

Well i applied defender high settings, close button didnt work so i just exit with X
Is there any way to do check i have such settings enabled, without opening configuredefender?
I know something about srp and H_C but not anything bout configuredefender

The Close button works, but sometimes you have to clik it two or more times (slow clicks).
I will probably look at this issue in the future version. The actual WD settings can be easily seen in the PowerShell Console by using the command:
get-mpPreference

 

[Moonhorse]

The Close button works, but sometimes you have to clik it two or more times (slow clicks).
I will probably look at this issue in the future version. The actual WD settings can be easily seen in the PowerShell Console by using the command:
get-mpPreference

Disablecatchupfullscan true
disablecatchupquickscan true

Do this mean on-demand scanning is disabled?
And about disablelowcpupriority_ true, shouldnt this one boost performance?

 

[Andy Ful]

Disablecatchupfullscan true
disablecatchupquickscan true

Do this mean on-demand scanning is disabled?
And about disablelowcpupriority_ true, shouldnt this one boost performance?

Those settings are not configured by Configuredefender. I think that they are the default settings. I do not have the setting disablelowcpupriority (it should be probably EnableLowCpuPriority). Read the below:
Set-MpPreference (defender)

 

[Moonhorse]

Update 21.1.2019

+ Trace to browser extensions
+ Neustar recursive DNS to replace Cloudflare DNS

 

[Alexandre Ravelli]

I did not know about Neustar DNS

Threat Protection
For users who want protection against malicious domains for security purposes. Includes Reliability & Performance.LowMalware, Ransomware, Spyware & Phishing.

It's powerfull DNS for Malware, Ransomware, Spyware & Phishing ?

 

[Moonhorse]

I did not know about Neustar DNS

Threat Protection
For users who want protection against malicious domains for security purposes. Includes Reliability & Performance.LowMalware, Ransomware, Spyware & Phishing.

It's powerfull DNS for Malware, Ransomware, Spyware & Phishing ?

Since the threat protection will block torrents/warez sites, and those are pretty much where you could download something suspicious i would say its worth to add

Im myself from eu, i used cloudflare before but i cant say i have any difference in loading speed than with neustar

Today i visited few sites that were advertised in twitch ( are fake/ phishing sites) and neustar dns aswell blocked them, but with the malware category

But yes, neustar is protection wide best DNS you can get

Edit: only downside of DNSthreat blocking is that you cant whitelist domains, but i can well put the neustar business protection on without getting blocked by any sites i visit

 

[Alexandre Ravelli]

Since the threat protection will block torrents/warez sites, and those are pretty much where you could download something suspicious i would say its worth to add

Im myself from eu, i used cloudflare before but i cant say i have any difference in loading speed than with neustar

Today i visited few sites that were advertised in twitch ( are fake/ phishing sites) and neustar dns aswell blocked them, but with the malware category

But yes, neustar is protection wide best DNS you can get

Edit: only downside of DNSthreat blocking is that you cant whitelist domains, but i can well put the neustar business protection on without getting blocked by any sites i visit

Thanks for your reply :emoji_ok_hand:

 

[Moonhorse]

Update 23.1.2019

- Removed hard configurator ( due family pc, and it feels like im in locked mode all the time)

+ Syshardener 1.5 added ( max settings) To replace H_C

H_C Is great, but i ran into problems whitelisting even i got the help i needed. Its way to learn Smartscreen and i respect that

now i feel bit awkward,

 

[LDogg]

What other programs have you thought about using for your current system? @Moonhorse

~LDogg

 

[Moonhorse]

What other programs have you thought about using for your current system? @Moonhorse

~LDogg

Im just gonna stay using Windows defender and avoid system utilities like ccleaner etc. use windows cleaning tools/ defrag instead

I just ran O & O shutup > Syshardener on max > and im gonna keep it like this. Im not gonna add any bb like OSA or any other tool for that

Also start to use portable antimalwares like EEK, HMP, Only Zam will be installed to be part of beta program, but keep windows very clean and minimal with installed softwares

 

[LDogg]

Im just gonna stay using Windows defender and avoid system utilities like ccleaner etc. use windows cleaning tools/ defrag instead

I just ran O & O shutup > Syshardener on max > and im gonna keep it like this. Im not gonna add any bb like OSA or any other tool for that

This does make sense, fair play.

~LDogg

 

[Andy Ful]

Update 23.1.2019

- Removed hard configurator ( due family pc, and it feels like im in locked mode all the time)

+ Syshardener 1.5 added ( max settings) To replace H_C

H_C Is great, but i ran into problems whitelisting even i got the help i needed. Its way to learn Smartscreen and i respect that

now i feel bit awkward,

Default-deny setup is not for everyone. It is intended for the users, who rarely install the new applications, because new applications often require some whitelisting.
If you did not feel happy with it, then SysHardener is a good choice, because it blocks/restricts script interpreters, and macros (in the supported office applications).

 

[Moonhorse]

@Andy Ful Well i rarely install new applications, but i had the problem with whitelisting. I couldve managed to life with that, no worries i just think syshardener is more familiar for noob like me

Also i guess H_C is TRUE default deny and not crappy default deny wich is relying in trusted vendor list. As we see its doing good job on askalans tests