Advanced Plus Security Moonhorse's Security Config 2019

Last updated
Nov 18, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Sophos home premium FREE
Comodo firewall
Firewall security
About custom security
Comodo firewall on internet security config
Periodic malware scanners
Emsisoft emergency kit
Malwarebytes adwcleaner
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox stable channel (70.0.1 currently)

Extensions:
- Ublock origin
- Bitwarden
- Bitdefender trafficlight

About:config
- network.trr.mode = 2
- media.peerconnection.enabled = false
- security.secure_connection_icon_color_gray = false
- security.identityblock.show_extended_validation = true
Maintenance tools
Geek uninstaller
File and Photo backup
External drive
System recovery
Aomei backupper Free
Risk factors
    • Gaming
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
Asus m5A97
AMD FX-6300 @ 3.8ghz
MSI GTX-970
HDD 1TB
8GT Kingston Ram, @1600Hz

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful Well i rarely install new applications, but i had the problem with whitelisting. I couldve managed to life with that, no worries i just think syshardener is more familiar for noob like me

Also i guess H_C is TRUE default deny and not crappy default deny wich is relying in trusted vendor list. As we see its doing good job on askalans tests :unsure:
SysHardener with Avast set to Hardened Aggressive mode, could give also pretty good results.(y)
 

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
SysHardener with Avast set to Hardened Aggressive mode, could give also pretty good results.(y)
Hmm, im gonna install avast and run it with syshardener. Its bit lighter than WD, atleast when you can disable on-demand scans. I dont like the privacy issues, but after all its a big company and nothing is free. Atleast you can opt data gathering off & disable gui ads with firewall. And the agressive module is the main point. Also evjl + stefanos promote it so lets begin 2019 with avast then (y)

Added avast! to config, and installing it right now
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
SysHardener with Avast set to Hardened Aggressive mode, could give also pretty good results.(y)
I have found no bypass yet with this combo
moreover, it works more universally than windows smartscreen and they can work toghther => double team default-deny against web threats
avast HM will deal with local threats from USB and zipped files
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
I have found no bypass yet with this combo
moreover, it works more universally than windows smartscreen and they can work toghther => double team default-deny against web threats
avast HM will deal with local threats from USB and zipped files
I have it in two laptops. On my own Avast pro and my daughters Free. Secure and light. Low ram and I never had a problem with high cpu.
 
Last edited:

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Hmm, im gonna install avast and run it with syshardener. Its bit lighter than WD, atleast when you can disable on-demand scans. I dont like the privacy issues, but after all its a big company and nothing is free. Atleast you can opt data gathering off & disable gui ads with firewall. And the agressive module is the main point. Also evjl + stefanos promote it so lets begin 2019 with avast then (y)

Added avast! to config, and installing it right now
I want to see your opinion for Avast. And especially if you have a delay in the opening of GUI.
 

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
I want to see your opinion for Avast. And especially if you have a delay in the opening of GUI.
Dont have any delay when opening it. And with minium setup, theres no bloat and the gui is looking pretty in 19.1 avast. Cant say theres any difference between new avast 19.1 and previous one 18.0+

settings are made more confusing than they used to be:unsure:
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Dont have any delay when opening it. And with minium setup, theres no bloat and the gui is looking pretty in 19.1 avast. Cant say theres any difference between new avast 19.1 and previous one 18.0+

settings are made more confusing than they used to be:unsure:
Thanks for your answer. And I have no delay. Because of this issue I had several conflicts with forum member. Use the old settings to make sure it's all right. Do one settings backup and after is all easy :sneaky: Hardened Aggressive mode can access old Settings, Troubleshooting>Open Old Settings.
 
Last edited:

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
I was wondering where the agressive mode were, since there was no option for it. Thanks for pointing me to right way
avaasast1.png
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I have found no bypass yet with this combo
moreover, it works more universally than windows smartscreen and they can work toghther => double team default-deny against web threats
avast HM will deal with local threats from USB and zipped files
Windows built-in SRP is stronger that light SysHardener restrictions, and the restrictions can be whitelisted - which is not possible in SysHardener.
For example, SysHardener + Avast set to Hardened Aggressive mode, can be bypassed by weaponized CHM files, CPL binaries (DLLs which can be run via control.exe), several types or shortcuts, etc. Those techniques are not common in the wild, as compared to standard VBScript, JScript, JavaScript, or VBA Macro malware.
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Windows built-in SRP is stronger that light SysHardener restrictions, and the restrictions can be whitelisted - which is not possible in SysHardener.
For example, SysHardener + Avast can be bypassed by weaponized CHM files, CPL binaries (DLLs which can be run via control.exe), several types or shortcuts, etc. Those techniques are not common in the wild, as compared to standard VBScript, JScript, JavaScript, or VBA Macro malware.
I know but using a software which I have to whitelist several times to let something run is a no no for me
no offense to your great softwares but it's totally not for me because I don't want to whitelist anything
for example, I was using the previous version of H_C and used the default settings. When I ran my safe files (unsigned), obviously windows blocked it.
I found it hard to unblock this option in H_C. Took me 5-10mins to find but then I decided to remove H_C. In SH, it's far more easier

with avast and comodo firewall, they take 1-2 clicks to whitelist something because the option is in the block popup
I ditched comodo also because it annoyed me by blocking too many safe apps

I don't mind about CHM, shortcut or CPL because they will never appear in almost all PCs
don't forget, SH also has firewall block rules which include hh.exe and control.exe => they won't be able to download their payloads unless they are embedded into the original files
most scriptors require downloading of payloads => block them from connecting to the internet will cripple their abilities although some damage might be done but minimal

I know H_C is safer than SH, obviously, but easy-to-use and problem-free factors, SH is more suitable for me
I don't want to be paranoid. I don't mind about sophisticated attacks or exploits. Usability and performance matter more. That's why we bought our PCs/laptops for, not to overprotect them :LOL:

I choose SH because truly novice users don't know how to whitelist.
Avast blocked a program by hardened mode and my parents asked me why it was not running => I disabled HM permanently

My choice for novice users:
avast (tweaked, no HM) + SH tweaked
kaspersky free (tweaked for best performance) + SH + unchecky
both: + WDBP + emsisoft browser security

they can be bypassed but not easy
 
Last edited:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Dont have any delay when opening it. And with minium setup, theres no bloat and the gui is looking pretty in 19.1 avast. Cant say theres any difference between new avast 19.1 and previous one 18.0+

settings are made more confusing than they used to be:unsure:
For me, 1 minute to open the GUI!:sleep: If i tick HM aggresive in the old UI then automatically HM unticked in the new UI !But i trust old UI settings according to Evjl's Rain !
 

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
For me, 1 minute to open the GUI!:sleep: If i tick HM aggresive in the old UI then automatically HM unticked in the new UI !But i trust old UI settings according to Evjl's Rain !
Well thats weird, for me its starting right when i click on it. And i have amd 6300-six core processor + 8 years old hdd o_O

The new ui gets ticked off, but indeed its there

Edit: @Andy Ful Is it possible to use H_C as default allow .exe and just benefit from WD hardening + script blocking ( sponsors) if WD has block in first sight? If the whitelisting is painful for someone
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
I choose SH because truly novice users don't know how to whitelist.
Avast blocked a program by hardened mode and my parents asked me why it was not running => I disabled HM permanently

My choice for novice users:
avast (tweaked, no HM) + SH tweaked
kaspersky free (tweaked for best performance) + SH + unchecky
both: + WDBP + emsisoft browser security

they can be bypassed but not easy
That is the point. For most users, the AV with good signatures + blocked/restricted scripts + some web protection, will be the optimal choice. Yet, on Windows 10 I would rather suggest to start with Windows Defender, and if not satisfied, then choose 3rd party AV.

Windows Defender has still slower signatures for never seen EXE malware (as compared to Kaspersky or BitDefender), but most of those samples are delivered via scripts and macros, so will be stopped anyway.

There is probably some advantage of using Kaspersky over WD, when applying cracks or installing the pirated software (some novice users can do it frequently for gaming). In this case the malicious EXE file is delivered directly by the user.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
SysHardener is very effective, but some things could be improved when adopting SRP in default allow setup.
  1. Add more entries for dangerous file extensions (CHM, CPL, several kinds of shortcuts, etc.). Shortcuts could be whitelisted in some predefined locations (like desktop, Start Menu) and blocked by default in other locations.
  2. Block files with double extensions, like: *.docx.exe, *.avi.exe, *.txt.exe, etc.
  3. Block powershell.exe and powershell_ise.exe to stop some PowerShell techniques that can bypass Constrained Language mode (this could be done by non SRP tweak).
  4. Whitelist by default, the script execution (VBScript, JScript) and dangerous file extensions in Windows and Program Files folders.
  5. Disable Remote Registry and Remote Shell (this would be done by non SRP tweak).
The above features can be added to SysHardener via SRP, and that would be still the light SRP protection (default-allow for EXE files), so the users would not see any downsides in daily tasks, as compared to the actual SysHardener setup.

Edit.
Maybe I should make something like HardenSysHardener to apply the above?:giggle:
 
Last edited:

Nestor

Level 9
Verified
Well-known
Apr 21, 2018
397
Well thats weird, for me its starting right when i click on it. And i have amd 6300-six core processor + 8 years old hdd o_O

The new ui gets ticked off, but indeed its there

Edit: @Andy Ful Is it possible to use H_C as default allow .exe and just benefit from WD hardening + script blocking ( sponsors) if WD has block in first sight? If the whitelisting is painful for someone
I don't know if it is related but from when i installed Avast i keep getting notified from Thor for "Popcash.net" and "Onclickads.net" malicious web traffic.Maybe it has to do with Avast advertising but the funny thing is that Avast also detect them as Dns poisoning.
 

Moonhorse

Level 37
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
I don't know if it is related but from when i installed Avast i keep getting notified from Thor for "Popcash.net" and "Onclickads.net" malicious web traffic.Maybe it has to do with Avast advertising but the funny thing is that Avast also detect them as Dns poisoning.
I did minium install, nothing has popped up for me.

It just sounds like you had adware installed where the pop-ups coming from?
Onclickads.net Browser Redirect Removal

i would run adwcleaner from malwarebytes incase there is something sketchy going + zemana probably
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top