Advanced Plus Security n8chavez's System Configuration 2022

Last updated
May 20, 2022
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 11
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Default - notify when programs attempt to make changes
Network firewall
ISP-issued router
Real-time protection
  1. Sandboxie Plus (via RAM drive)
  2. VoodooShield
  3. Windows Security (hardened)
  4. AdGuard for Windows
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Binisoft's Windows Firewall Control GUI
Malware testing
No malware samples
Periodic security scanners
HitmanPro
Secure DNS
NextDNS
VPN
Mullvad
Password manager
Keepass with Password and keyfile along with Keepass2Android
Browsers, Search and Addons
Vivaldi
addons: ViolentMonkey, Dark Reader, jshelter
Maintenance and Cleaning
Not much needed, other than winget. Everything that has internet connectivity is configured via sandboxie to clean out cache/changes at close.
Personal Files & Photos backup
Changed files are backup up daily via rclone to an encrypted GDrive and Mega.nz; including music, video, documents, installer files, photos, ISOs, ebooks and disk images
Personal backup routine
Automatic (scheduled)
Device recovery & backup
System images (partitions required for my system to boot) are created daily and automatically via scheduled scripts using Terabyte's Image for Windows. Full images are created weekly, and differential images are created daily.
Device backup routine
Automatic (scheduled)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Downloading software. 
  6. File sharing and torrents. 
  7. PC and cloud gaming. 
  8. Multimedia. 
  9. Streaming. 
Computer specs
  • Hardware
    • Motherboard: MSI MS-7A59
    • GPU: MSI GTX 1060 GAMING X
    • Memory: 32 GBytes @ 1499.3 MHz (DDR4-2998 / PC4-23900)
    • Storage: Disk 1 Toshiba Serial ATA 6Gb/s @ 6Gb/s 5TB @ 7200RPM, Disk 2 Toshiba Serial ATA 6Gb/s @ 6Gb/s 8TB @ 5425RPM, Disk 3 Samsung SSD 860 EVO 1TB SSD
    • CPU Brand Name:Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
      CPU Vendor:GenuineIntel
      CPU Stepping:B0
      CPU Code Name:Kaby Lake-S
      CPU Technology:14 nm
      CPU S-Spec:SR33A
Personal changelog
  1. Replaced Waterfox with Vivaldi
    1. Added jshelter
    2. Eliminated uBo
    3. Eliminated Bitwarden
  2. Added VoodooShield
  3. Added AdGuard for Windows
Feedback Response

General feedback

n8chavez

Level 9
Thread author
Well-known
Feb 26, 2021
437
Here is my system configuration. I try to automate as much as possible, from imaging my SSD to rcloning data backups to an encrypted GDrive. From a security standpoint, I try to keep things proactive, not reactive. I do not use malware scanners, or any third party anti-malware software.

Let me know what you think!
 

n8chavez

Level 9
Thread author
Well-known
Feb 26, 2021
437
Nice config. Consider setting UAC to "Max" to prevent UAC bypasses. Also consider picking a second additional scanner next to HitmanPro as it can't detect scripting malware for example. :)

Thanks! But that's where VoodooShield comes into play; it detects anything running on my system and prompts me. There's no need for both UAC @ max and VS, since theyr do the same thing.
 

Andy Ful

From Hard_Configurator Tools
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,089
Either VoodooShield or something like OSArmor. Both are very good.

Any smart default-deny setup. There are many good choices: SRP, anti-EXE, Comodo auto-sandbox, etc.
Simply, if one blocks/contains something by default then it cannot elevate or it is contained in the sandbox.:)(y)

Edit.
OSArmor might have to be highly tweaked if one would like to skip UAC on MAX.
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey

n8chavez

Level 9
Thread author
Well-known
Feb 26, 2021
437
Any smart default-deny setup. There are many good choices: SRP, anti-EXE, Comodo auto-sandbox, etc.
Simply, if one blocks/contains something by default then it cannot elevate or it is contained in the sandbox.:)(y)

Edit.
OSArmor might have to be highly tweaked if one would like to skip UAC on MAX.

Yuuup. But, after all, we are a community of tweakers! :sneaky:
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,089
Any of the mentioned solutions (including VS) will be stronger with UAC MAX in the postinfection stage. But, most users who like such solutions will not be probably infected, at all.
 
  • Like
Reactions: harlan4096

n8chavez

Level 9
Thread author
Well-known
Feb 26, 2021
437
Any of the mentioned solutions (including VS) will be stronger with UAC MAX in the postinfection stage. But, most users who like such solutions will not be probably infected, at all.
Any setup has to balance security with usability. If not why don't we all disconnect and turn off our systems? They would be completely secure then!
 
  • Like
Reactions: Andy Ful