Advanced Security Morro Security Config 2024

Last updated
Apr 14, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
    • Basic account password (insecure)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Evaluation mode
Network firewall
Disabled
Real-time security
BitDefender Total Security
Firewall security
Other - Internet Security (3rd-party)
About custom security
Besides BDTS I also use WHHLight with SWH+Smart screen Block+WDAC. (Until I am advised to change this.)
Periodic malware scanners
* On demand scanners: MS Safety Scanner - Norton Power Eraser - EEK.
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Brave - Main
Opera One: Secondary

- uBlock Origin in Medium Mode
- SafeToOpen Online Security
- Bitwarden
- Popup Blocker (Strict)
- Dark Reader

Exploit settings:

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

about:config tweaks (Some were already set.)

- network.dns.echconfig.enabled = true
- network.dns.use_https_rr_as_altsvc = true
- pdfjs.enableScripting = false
- browser.send_pings = false (Was already set to false?)
- plugin.scan.plid.all = false
- browser.urlbar.speculativeConnect.enabled = false
- dom.event.clipboardevents.enabled = false
- dom.webnotifications.enabled = false
- browser.urlbar.groupLabels.enabled = false
- media.navigator.enabled = false
- media.peerconnection.enabled = false
- network.prefetch-next = false
- beacon.enabled = false
- network.IDN_show_punycode = true
- geo.enabled = false
- browser.cache.offline.enable = false
- browser.newtabpage.activity-stream.feeds.telemetry = false
- browser.ping-centre.telemetry = false
- browser.tabs.crashReporting.sendReport = false
- toolkit.telemetry.enabled = false
- toolkit.telemetry.server (URL removed)
- toolkit.telemetry.unified = false
- extensions.pocket.enabled = false
- security.ssl.require_safe_negotiation = true
Secure DNS
Cloudflare DNS.
Desktop VPN
None
Password manager
Brave: Bitwarden
Opera One: Bitwarden
Waterfox: Bitwarden
Maintenance tools
* Windows own tools.
* Wise Diskcleaner.
* WingetUI
File and Photo backup
OneDrive.
Active subscriptions
    • None
System recovery
* Hasleo Backup Suite Free.
* External Hard Drive.
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Downloading software and files from reputable sites
    • Gaming
Computer specs
* Operating System: Windows 11 Pro
* Motherboard: B560 ATX Wi-Fi / 1200 Socket (ATX)
* Processor: Intel i9 11900K - 8 cores - 16 threads - 3,5 GHz (Turbo 5,3 GHz)
* CPU Cooler: Master Liquid 240mm RGB(Active.) Air Cooling. (Passive.)
* SSD: 1TB M2.0 NVMe (Read: 3500MB/s, Write: 2700MB/s)
* External 5 TB WD Elements 25A3 USB Device
* RAM: RGB 32GB DDR4-3200 MHz (2x 16GB)
* Graphics card: Nvidia RTX 4060 8GB
* AOC Q27G2S - QHD IPS 165Hz Gaming Monitor - 27 Inch
* Outer casing: Sharkoon REV100
* Power: 750Watt - 80Plus GOLD
* Lan: Realtek 2.5 Gbps
* Sound: Realtek ALC892
* USB: 11 ports (Of different kinds.)
What I'm looking for?

Looking for medium feedback.

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
825
Changed backup program from Hasleo backup Free back to Aomei Backupper Pro. Not because Hasleo is a bad piece of software, because it is absolutely not. (y) But actually for very simple reasons. One of those reasons is that NPE kept showing me a warning about Hasleo, and since NPE does not allow me to exclude files/programs, it was a bit annoying. Combined with the fact that I just got my PC back a short while ago, and Hasleo had not made that many backups yet, it was in my opinion not so bad to go back to Aomei Backupper Pro. :D

Everything else of my security setup is still the same.
 

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
825
I made a few changes the past few days.

* I had to remove Cloudflare WARP, and replace it with their regular Cloudflare DNS. (Also very fast.) Before the last update from Cloudflare WARP it was working perfectly, but after the latest update I noticed that more and more programs started to become extremely slow to start... or they froze while starting. (Like MSI Center.) Also some websites refused to work properly at times, or did not allow me to register because I used a VPN? After switching to normal Cloudflare DNS (1.1.1.1 for now.) everything works again as it should.

* I stopped using Aomei Backupper Pro, damn it has become so freaking slow for me. Incremental backups took a freaking 1 and a half hours (Or more in some cases.) to finish a incremental backup of 4 to 10 GB. Hasleo Backup Suite Free does the same thing in 2 to 4 minutes.

* I started using Opera One as my Secondary browser. Well secondary for now at least, because I have to admit that it is growing rapidly on me. So who knows, I might make it my main browser in a few days, and then use Brave as backup. (I have not decided yet. :) )

Waterfox is still installed, so that is why I left everything Waterfox related in my security setup.
 

Morro

Level 17
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
825
For reasons that take too long to explain here, I had to change my security setup. :( It was a pain in the but doing that, and let's just say that March 2025 can not come soon enough. (At that time I can return to using SpyNetGirls Hardening guide again.)

So I had to change my setup until I can change things back as mentioned just above, I am back to using BitDefender Total Security. (After testing a few days of what I could use.) After installing BDTS I noticed that I still had everything from WHHLight activated. But in the Thread for WHHLight LennyFox already that since WHHLight allowed BDTS to install, it would likely allow updates to BDTS. And so far it did indeed update.

But do I actually need all 3 modes active or not? Does it add an extra security layer, or is it partially redundant to have all 3 modes active in WHHLight now?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top