Advanced Plus Security Moonhorse's Security Config 2019

Last updated
Nov 18, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Sophos home premium FREE
Comodo firewall
Firewall security
About custom security
Comodo firewall on internet security config
Periodic malware scanners
Emsisoft emergency kit
Malwarebytes adwcleaner
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox stable channel (70.0.1 currently)

Extensions:
- Ublock origin
- Bitwarden
- Bitdefender trafficlight

About:config
- network.trr.mode = 2
- media.peerconnection.enabled = false
- security.secure_connection_icon_color_gray = false
- security.identityblock.show_extended_validation = true
Maintenance tools
Geek uninstaller
File and Photo backup
External drive
System recovery
Aomei backupper Free
Risk factors
    • Gaming
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
Asus m5A97
AMD FX-6300 @ 3.8ghz
MSI GTX-970
HDD 1TB
8GT Kingston Ram, @1600Hz
24.4.2019 several config changes
New products highlighted

Realtime protection:
-Windows defender ( controlled folder protection enabled)
-Configure defender ( high settings)
-Runbysmartscreen
-Documents anti-exploit
-appcheck antiransomware free

i wanted to have anti-exploit for chrome and documents are only protected so i went with appcheck, wich is very lite, around 4mb idle usage. Free doesnt protect office
212740


on-demand scanners

-Malwarebytes free
-Adwcleaner
-Zemana free 3.0
-Roguekiller

Google chrome:
  • Nano adblocker
  • Nano defender
  • Blocksi (block unrated, block all ''sketchy domains'')
  • Https everywhere ( encrypt all sites (Ease) ) Thought first this is completely useless to have, but since i use it with TOR, i have found it needed
  • Netcraft
  • Bitwarden
Chrome flags enabled:
  • block downloads over insecure connections
  • Anonymize WebRTC
  • Disable smooth scrolling
  • Enable GPU appcontainer lockdown
  • Enable appcontainer lockdown
  • TLS 1.3 downgrade hardening
  • NoState Prefetch
  • Parallel downloading
  • Mark non-secure origins as non-secure
  • PDF Isolation
  • Enable lazy image loading
  • Enable lazy frame loading
DNS: Cleanbrowsing ( has servers on eu ) Neustar has in USA

System cleanup tools : Privazer
 
  • Like
Reactions: floalma, Venustus, plat and 5 others
I have updated my config ( who would have believed?) once again, due i wanted to test @imuade s recommendations over comodo firewall

I have swapped from windows defender + cf combo to Comodo antivirus
Pictures added on config, hips enabled and container configurated to default block
 
  • Like
Reactions: Venustus, harlan4096, oldschool and 5 others
30.4.2019 ...literally wanted to swap back to windows defender because of edge browser + application guard, since im planning to use microsoft edge + windows defender after may update

Realtime protection:
- windows defender
- hard_configurator on recommended settings
- configure defender on high settings
- controlled folder access enabled
- application guard applied to microsoft edge canary

Browsers and Extensions:
Microsoft edge canary;
- Smartadblocker
- Noscript
- Https everywhere (ease)
- Bitwarden

Web Privacy
Chrome flags enabled:
  • block downloads over insecure connections
  • Anonymize WebRTC
  • Disable smooth scrolling
  • Enable GPU appcontainer lockdown
  • Enable appcontainer lockdown
  • TLS 1.3 downgrade hardening
  • NoState Prefetch
  • Parallel downloading
  • Mark non-secure origins as non-secure
  • PDF Isolation
Search engine swapped to duckduckgo, due it wont sencore searches like google does

Something notable:
- lazy image
- lazy frame
://flags caused some sites to be completely un-usable

Edit 1: did change from edge canary to edge developer, due no need to whitelist with H_C like in canary
 
Last edited:
  • Like
Reactions: Venustus, ZeroDay, Gandalf_The_Grey and 2 others
15.5.2019

Im back to comodo antivirus; block mode

Notable changes:
Microsoft edge developer as mainbrowser. My extension list is huge but has everything covered

Comodo antivirus in block mode ( after first boot WD was on, should i disable it manually? )

DNS changed to Verisign DNS
 
  • Like
Reactions: Venustus, imuade, amico81 and 2 others
Alright sorry for spam, i kinda rushed ( as always)

I moved back to chrome, due some ://flags

I moved to ublock origin in medium mode as @oldschool suggested on forums / this thread . The computer is family pc, but im whitelisting important sites manually

I have added pictures of blocksi + comodo rules

I have updated chrome ::/flags
 
  • Like
Reactions: Venustus, harlan4096 and oldschool
Moonhorse said:
so ublock origin + bitwarden and forget the privacy paranoia? :oops:
Click to expand...

I was thinking something like: Your choice of adblocker + privacy ext.(like Trace) + Bitwarden

You can replace HTTPS Everywhere with browser settings @ Javascript: BLOCKED, ALLOW only HTTPS://* (compliments of @Windows_Security!)

Less extensions = less attack surface. (y)
 
  • Like
Reactions: Venustus, Rebsat, Gandalf_The_Grey and 3 others
22.5.2019

Updated to windows 1903, without issues

To avoid any antivirus issues im staying with windows defender, but decided to add configuredefender on high settings

- tampering protection enabled ( new feature) aswell controlled folder access is enabled.
- Appcheck anti-ransomware free as filler ( i like the gui and it has anti-exploit)
- documents anti-exploit by andy, since appcheck requires pro version for office

Using system built-in tools for defragling and manually clearing chrome histories etc for now
I know my extension list is still the same, but i think thats fine as i need them and in overall they cover everything
 
  • Like
Reactions: Venustus, stefanos, oldschool and 1 other person
25.5.2019

- Added comodo firewall ( cruelsisters settings)

Aswell previous extensions i used to google chrome:
- trace
- Https everywhere

- Comodo secure dns; provided by neustar

- Bleachbit, since it will not touch registry
 
  • Like
Reactions: Venustus, FrFc1908, harlan4096 and 2 others
26.6.2019

Did some config changes

tldr;

+Kaspersky Free antivirus
+Appcheck anti-ransomware free
+Documents antiexploit by andys, because appcheck dont protect office
+Run by smartscreen - from andy

+ edge canary as mainbrowser
- ublock origin
- bitwarden

+ updated ''password'' as sign-in protection
+ did remove chrome::/flags that didnt exist on canary anymore
 
  • Like
Reactions: Venustus, stefanos, harlan4096 and 2 others
Did complete swap on my config . 12.7.2019

Realtime protection:
- AVG antivirus free; heurestic on high, pup defense mode enabled
- Comodo firewall; cruelsister settings


Mozilla firefox;
- Ublock origin
- Netcraft
- Bitwarden password manager
- Https Everywhere (strict mode)

About:config;
- media.peerconnection.enabled = FALSE
- security.tls.version.min = 3
- privacy.resistFingerprinting = TRUE
- Network.trr.mode = 2 , because of cloudflare DNS

and CCleaner as system utility
 
  • Like
  • +Reputation
Reactions: Venustus, amico81, harlan4096 and 1 other person
I lasted a day with buggy comodo firewall , so i reverted back to config wich really works
small tldr;

Realtime protection:
- Kaspersky Free Antivirus
- OSArmor
- Windows security settings > browsers & extensions, > exploit protection for msedge.exe= code integrity guard.

Microsoft edge developer;
- Ublock origin
- Bitwarden

chrome :/flags;
Smooth Scrolling - disabled
GPU rasterization - enabled
Enable AppContainer Lockdown - enabled
TLS 1.3 downgrade hardening - enabled
Parallel downloading - enabled
Mark non-secure origins as non-secure - mark as actively dangerous
Simplify HTTPS indicator UI - disabled
Enable GPU AppContainer Lockdown. - enabled
PDF Isolation - enabled
Enable lazy image loading - enabled
Enable lazy frame loading - enabled
Block unsafe downloads over insecure connections - enabled
Limit Media Autoplay - enabled
Microsoft Edge tracking prevention - enabled =strict

DNS = verisign
Default search engine = Bing

System utilities:
- geek uninstaller
- process explorer

sorry for spam
 
  • Like
  • +Reputation
Reactions: Venustus, Gandalf_The_Grey, harlan4096 and 1 other person
Been over month since i got rid of kaspersky cloud av free,

Updated current setup as its 10.9.2019

Tldr; windows defender + ransomware protection from controlled folder access + sandbox enabled for WD
edge developer browser has , :/flags updated + extensions
 
  • Like
Reactions: oldschool, Gandalf_The_Grey, harlan4096 and 1 other person
Update 25.9.2019

realtime protection:
- Kaspersky security cloud free ( default settings)
- Comodo firewall ( cs settings)

Edge canary new flags added:
- Microsoft Defender SmartScreen PUA support - enabled

- Secure DNS lookups - enabled
= dnscrypt for cloudflare DNS


painttpro.png



I think kaspersky web-filter without extension + smartscreen of microsoft edge play together well enough i can save some browser speed/memory usage since i dont need extensions, except ublock origin + bitwarden
 
  • Like
Reactions: stefanos, Venustus, oldschool and 1 other person
10.10.2019

- removed OSA

+ added syshardener ( max settings, everything enabled )
+ added appcheck anti-ransomware free, protecting browsers + MBR
 
Last edited:
  • Like
Reactions: LDogg, Venustus and harlan4096
You must log in or register to reply here.

You may also like...