Advanced Plus Security Moonhorse's Security Config 2019

[Moonhorse]

29.3.2019

Added comodo firewall, due i need the sandbox

Firefox stable as secondary browser;
-Cloudflare DNS; on firefox network.trr.mode=2

On firefox:
about:config>
- Resist.fingerprint
- Disable WebRTC

Extensions:
- ublock origin
- privacy possum
- decentraleyes
- malwarebytes extension
- netcraft
- bitwarden

 

[oldschool]

I think this is an overkill setup + too many extensions, but just my opinion.

 

[Moonhorse]

I think this is an overkill setup + too many extensions, but just my opinion.

overkill how? CF is working as anti-exploit + i use sandbox for tor/firefox

About extensions i could cut off decentraleyes, but rest are fine. Im using ublock origin in medium mode

I know that H_C + CF are both working as default deny, but its the H_C + Smartscreen wich will block exe. first.

If it manages to pass that, cf will sandbox it anyways, its not like CF is going to slow down system or anything and in other hand i could just allow exe. on H_C and setup CF on CS settings, ( currently its just proactive on)


But to be honest im as fine without comodo firewall, just want to see that if 12 brings anything new & im anyways going to clean install system after april update > set up the H_C once again

 

[LDogg]

Some great changes yet again @Moonhorse, keep it up!

~LDogg

 

[Moonhorse]

31.3.2019

Antivirus + firewall:
- Windows defender
- Comodo firewall 12; config = proactive security

Swapped to comodo secure DNS as i enabled it on installer

Mostly edited the config above to meet nowadays config

 

[LDogg]

Good change again as always!

~LDogg

 

[Moonhorse]

4.4.2019

Just updated the config. I tried out linux mint, the 4g modem im using didnt work on it so i had to cancel that movement. I couldve used Wifi, but the network speed probably would have dropped a bit

before using linux mint i couldnt get newest cumulative microsoft update to run > comodo firewall was blocking it

So after linux mint failure, i re-installed windows 10 and the current setup is:

Realtime protection: Windows defender + configure defender (max settings) + controlled folder access enabled
Web filtering : malwarebytes extension + netcraft
Browser: Google chrome + google search
Adblocker: nano adblock + nano defender
DNS: neustar recursive DNS

I always could add OSA, since its easiest to make /disable rules over syshardener

I have gave up with comodo firewall + H_C for now

 

[LDogg]

Have fun with the new changes

~LDogg

 

[oldschool]

I have gave up with comodo firewall + H_C for now

What about VoodooShield?

 

[Moonhorse]

What about VoodooShield?

I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now

 

[Andy Ful]

I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now

Good idea. It is a very good default-deny setup. The only weak point is the potential incompatibility with Windows 10 Updates, but there is a possibility to defer updates in ver. 1903, so the user can always turn off default-deny when updating and force CF to check the new files after update. If some system files will be recognized as unsafe, then they can be changed manually to safe. Next, the autosandbox can be turned ON. Another thing that can be done is removing many unnecessary entries from Trusted Vendor List to avoid bypassing CF by signed malware.

 

[imuade]

I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now

Sorry to repeat this, but if you install comodo antivirus and set auto containment to block unknown, you can reach the same protection level with less risk of incompatibility and without the need of Windows defender

 

[Moonhorse]

Sorry to repeat this, but if you install comodo antivirus and set auto containment to block unknown, you can reach the same protection level with less risk of incompatibility and without the need of Windows defender

Yes ill get it, the comodo cloud didnt work for me but antivirus should do, since the auto containment is same than in firewall

Personally i just like the windows defender over comodo antivirus

 

[LDogg]

I even have changed my config again!

~LDogg

 

[Moonhorse]

Update 18.4.2019

- Removed comodo firewall

Clean install:
Realtime protection: Windows defender + Configuredefender (max settings)
Browser: google chrome

Chrome flags enabled:

• block downloads over insecure connections
• Anonymize WebRTC
• Disable smooth scrolling
• Enable GPU appcontainer lockdown
• Enable appcontainer lockdown
• TLS 1.3 downgrade hardening

Extensions:

• Ublock origin ( default filters + ''1hosts mini'' + ''cleaner news sites'' + ''nocoin'' + ''fanboys annoyances'')
• Netcraft
• Emsisoft browser security (replaced malwarebytes extensions, because MBE has bigger CPU time in overall)
• Bitwarden

Disappointed when using cloudflare on my phone as DNS/VPN and replaced it on desktop to NEUSTAR Recursive

Note: No system utilities installed anymore, i only debloated candy crush saga etc. games but kept rest.
System settings : I have disabled most of services manually without any 3rd party program and only windows defender is allowed to run background of windows apps

 

[LDogg]

Sounds like you have a smooth running Windows 10 system! Without all the stupid bloatware which Win10 comes in with every update.

~LDogg

 

[Moonhorse]

Sounds like you have a smooth running Windows 10 system! Without all the stupid bloatware which Windows 10 comes in with every update.

~LDogg

i usually remove everything with geek uninstaller i can, except gallery + some edgehtml tools

But since i did clean install today ( plugged in new monitor in aswell today) i did read few days ago the forum post and answer of andy, where he did say you should not remove all bloat or chance the settings that much since windows knows whats best for it

I try to keep my build as original as windows is, except the rules of configure defender + may build will provide alot improvements + chromium edge

 

[LDogg]

i usually remove everything with geek uninstaller i can, except gallery + some edgehtml tools

But since i did clean install today ( plugged in new monitor in aswell today) i did read few days ago the forum post and answer of andy, where he did say you should not remove all bloat or chance the settings that much since windows knows whats best for it

I try to keep my build as original as windows is, except the rules of configure defender + may build will provide alot improvements + chromium edge

Definitely makes a lot of sense in doing a clean install this way and then debloating the rest of the crap that appears on each update which does get annoying.

~LDogg

 

[Gandalf_The_Grey]

For debloating windows 10 I only use "turn Windows features on or off" and the apps of O&O software: O&O AppBuster and O&O ShutUp10.

 

[Moonhorse]

21.4.2019

+ added runbysmartscreen
+ added documents anti-exploit

+ forticlient web filter replaces emsisoft browser security


Using developer edge as browsing browser + google chrome for banking