Advanced Security Morro Security Config 2024

Last updated
Apr 14, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
    • Basic account password (insecure)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Disabled
Real-time security
BitDefender Total Security
Firewall security
Other - Internet Security (3rd-party)
About custom security
Besides BDTS I also use WHHLight with SWH+Smart screen Block+WDAC. (Until I am advised to change this.)
Periodic malware scanners
* On demand scanners: MS Safety Scanner - Norton Power Eraser - EEK.
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Brave - Main
Opera One: Secondary

- uBlock Origin in Medium Mode
- SafeToOpen Online Security
- Bitwarden
- Popup Blocker (Strict)
- Dark Reader

Exploit settings:

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

about:config tweaks (Some were already set.)

- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- pdfjs.enableScripting = false
- browser.send_pings = false (Was already set to false?)
- plugin.scan.plid.all = false
- browser.urlbar.speculativeConnect.enabled = false
- dom.event.clipboardevents.enabled = false
- dom.webnotifications.enabled = false
- browser.urlbar.groupLabels.enabled = false
- media.navigator.enabled = false
- media.peerconnection.enabled = false
- network.prefetch-next = false
- beacon.enabled = false
- network.IDN_show_punycode = true
- geo.enabled = false
- browser.cache.offline.enable = false
- browser.newtabpage.activity-stream.feeds.telemetry = false
- browser.ping-centre.telemetry = false
- browser.tabs.crashReporting.sendReport = false
- toolkit.telemetry.enabled = false
- toolkit.telemetry.server (URL removed)
- toolkit.telemetry.unified = false
- extensions.pocket.enabled = false
- security.ssl.require_safe_negotiation = true
Secure DNS
Cloudflare DNS.
Desktop VPN
None
Password manager
Brave: Bitwarden
Opera One: Bitwarden
Waterfox: Bitwarden
Maintenance tools
* Windows own tools.
* Wise Diskcleaner.
* WingetUI
File and Photo backup
OneDrive.
Active subscriptions
    • None
System recovery
* Hasleo Backup Suite Free.
* External Hard Drive.
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Downloading software and files from reputable sites
    • Gaming
Computer specs
* Operating System: Windows 11 Pro
* Motherboard: B560 ATX Wi-Fi / 1200 Socket (ATX)
* Processor: Intel i9 11900K - 8 cores - 16 threads - 3,5 GHz (Turbo 5,3 GHz)
* CPU Cooler: Master Liquid 240mm RGB(Active.) Air Cooling. (Passive.)
* SSD: 1TB M2.0 NVMe (Read: 3500MB/s, Write: 2700MB/s)
* External 5 TB WD Elements 25A3 USB Device
* RAM: RGB 32GB DDR4-3200 MHz (2x 16GB)
* Graphics card: Nvidia RTX 4060 8GB
* AOC Q27G2S - QHD IPS 165Hz Gaming Monitor - 27 Inch
* Outer casing: Sharkoon REV100
* Power: 750Watt - 80Plus GOLD
* Lan: Realtek 2.5 Gbps
* Sound: Realtek ALC892
* USB: 11 ports (Of different kinds.)
What I'm looking for?

Looking for medium feedback.

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
826
* I have removed Google Chrome and replaced it with the latest version of Vivaldi. Also made some changes to the extensions I use in both Firefox and Vivaldi. (Vivaldi has the same extensions as Firefox by the way.)

* Also in uBlock Origin (Medium mode) I replaced EasyPrivacy with EasyPrivacy (Minified), and added uBlockOrigin easy medium mode block list. So I now use the list shown below.

UBO Filters I use now 01.jpg
UBO Filters I use now 02.jpg

* And now I use Emsisoft Emergency Kit... MBAM Free and X-Sec Anti Malware as on demand scanners.
 
Last edited:

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
826
I replaced Portmaster firewall with Malwarebytes Windows Firewall Control, I will try it out for a few weeks. I have MBAM WFC set like this...

* Set to Medium Filtering.
* Show Notification.
* Secure Boot.
* Outgoing rules only.

Also, I have changed the Filter lists I use in NextDNS. It is just to see if those lists work for me as well, so it is not because I no longer like HaGeZi Multi Pro, because I really believe that one to be excellent. The filter lists I use right now I saw in one of the forums members posts, although I am not sure who that was any more? (Sorry. :( ) At the moment I use these NextDNS Filter lists...

Current NextDNS Filters.jpg
 

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
826
Added Waterfox as secondary browser, it has the same extensions as Edge. Security settings for Waterfox are above in the security setup. Also, I now use a Yubico Security NFC passkey. (Also have a backup passkey just in case.)
 
F

ForgottenSeer 100397

Morro Security Config 2023!

In short... ;):)

"As I walk through the MalwareTips streets, I can't help but notice the vibrant security setups that surround me. The anti-malware products stand tall, displaying a mix of layered styles, each with its own story to tell. A mixture of extensions and ad blockers tempts me with their attractive offerings. All promises of VPN and DNS services seem to whisper their capabilities, urging me to make the right choice. The knowledgeable voices of @Andy Ful and @danb echo in my ears, sharing their software and experiences. The sounds of comments and suggestions fill the air, creating a lively symphony. I feel excited as I navigate through the busy crowd, knowing that there are many possibilities to discover."
 
Last edited by a moderator:

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
307
I replaced Portmaster firewall with Malwarebytes Windows Firewall Control, I will try it out for a few weeks. I have MBAM WFC set like this...
What made you make the switch to WFC?

Did you have any problems with Portmaster encountered during use?
 
  • Like
Reactions: Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
826
What made you make the switch to WFC?

Did you have any problems with Portmaster encountered during use?

It became very... very slow, and I saw that they are slowly moving towards locking more and more feature behind a paid version. But outside those reasons, it is still a very good Firewall. (y)


@harlan4096

My ISP router is an old one, and has no firewall possibility, and according to my Provider it is still working perfectly, so they do not want to give me a new one at the moment.
 

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
826
Well it lasted longer then I first expected but, I stepped away from Edge. It was showing the same problem I had with on my old PC again. Sync was using old data, settings I had set kept getting reset to what Edge wanted I guess!. :rolleyes:(n)

So, I have installed Brave this morning, and damn it is fast? So I am going to use it as my main browser for a while. I use the same extensions in Brave as I used in Edge, but I also used the settings in a post from @Max90 .

 
F

ForgottenSeer 97327

Yep, @oldschool was the first who got tired of adding bloatware by Edge, but there were many other MT-members getting tired of Microsoft pushing its personalized services upon Edge users (apologize for not mentioning other MT-members by name, but I recall there were quite a few).

I read an article about "feature churn" (losing customers due to adding features they did not ask for). It seems that the average feature churn is less than 15 percent, so we are a minority (and "big data and advertising benefits" outweigh by far the customers being chased away by the bloat).

I am afraid this trend (adding features to increase customer lock-in) will be a fact of life for years to come. :unsure:
 
  • Like
Reactions: oldschool and Morro

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
826
OK, firstly, I realize that this thread of mine is probably not meant to rant about something, but since it involves my new PC I will take my chances.

A little more than a week ago, I wanted to play a game, and all of a sudden my screensaver took a tremendously long time to stop. Every thing I did was extremely slow, and to make things worse, the fuses in my home blew, so that was also unpleasant. No matter what I tried, I could not fix my PC myself anymore. So the next day I called the shop where I bought it, and they send me a return label and everything else I needed by email to send the PC back to them. It was Franco, and they even had the Post office pick up the PC, so that was really nice of them, it did not cost me any money.

About 20 minutes ago, I called them to see if after a week they knew what had happened to my new PC. And they did... apparently the motherboard was busted. A new motherboard... not even two months old was busted!? :unsure:(n) I asked if it could be because fuses blew in my home, but they said no. They actually thought that the fuses probably blew because the motherboard got busted somehow!? And to top things off, they also mentioned that the motherboard apparently had no license key onboard for Windows 11 Pro. Firstly, if the motherboard was busted, then how could they know about the license key? Secondly, I sincerely hope that they have solved everything now, because I have become a bit suspicious about what they have said.

They mentioned that if all goes well, I could have my PC back by the end of the week. I hope so because using my old PC already made me miss my new one with in two days. Sorry for the rant everyone, but I had to get this off my chest so to speak.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
they also mentioned that the motherboard apparently had no license key onboard for Windows 11 Pro. Firstly, if the motherboard was busted, then how could they know about the license key?
Interesting!

Sorry for the rant everyone, but I had to get this off my chest so to speak.
No worries, It's your new PC you can make a post whatever you want it's not our problem :) well it's good that you posted it because we can learn something from that problem :D, Hope you will get your PC back so you have to check/test something make sure it's all well :). best of luck.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top