Advanced Plus Security Nagisa Security Config 2019

Last updated
Dec 22, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Windows Defender - Hardened via configure_defender -
EXE Radar Pro v4 Beta
McAfee Real Protect
Firewall security
Microsoft Defender Firewall
About custom security
WD tweaked to the MAX settings, but controlled folder access is disabled
Periodic malware scanners
HitmanPro, Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Ublock Origin, Popup blocker strict.
Maintenance tools
Revo Uninstaller Free
File and Photo backup
None. I don't have important documents on my pc.
System recovery
None
Risk factors
    • Browsing to popular websites
    • Downloading software and files from reputable sites
    • Streaming audio/video content from shady sites
Computer specs
R5 1600
16 GB 2666 MHz RAM
GTX 1060 6G Strix
WD 1 TB Blue
Notes by Staff Team
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
360TS with voodooshield is very secure combo. 360 extesion is good only for the banking mode. For malware or phishing protection is useless . Υou can use Emsisoft Browser Security for web protection. And for extra phishing protection Netcraft. Backup program is necessery for your protection. You can use AOMEI OneKey Recovery 1.6.2. Is very simple and is realy one click. You not need time or many work. Thanks for sharing.
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Only 3/4 layers are covered:
  • Firewall: Native
  • Web Browser: Nano Adblocker & Emsisoft
  • Realtime & other: OSA, VDS & Qihoo TS

My advice
  • Add a backup solution such as Macrium Reflect or EaseUS ToDo Backup
  • I believe OSA isn't needed, you have sufficiernt protection with VDS & Qihoo
  • In Nano Adblocker setting you can enable Nano Defender integration, just press from the first drop down menu for filterlists
  • Utilise Tinywall or Malwarebytes Firewall Control to have better all round security and control of Window Firewall
  • Add Syshardener to harden your OS and adding Firewall rules as well

Thanks for sharing!

~LDogg
 

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
Only 3/4 layers are covered:
  • Firewall: Native
  • Web Browser: Nano Adblocker & Emsisoft
  • Realtime & other: OSA, VDS & Qihoo TS
My advice
  • Add a backup solution such as Macrium Reflect or EaseUS ToDo Backup
  • I believe OSA isn't needed, you have sufficiernt protection with VDS & Qihoo
  • In Nano Adblocker setting you can enable Nano Defender integration, just press from the first drop down menu for filterlists
  • Utilise Tinywall or Malwarebytes Firewall Control to have better all round security and control of Window Firewall
  • Add Syshardener to harden your OS and adding Firewall rules as well
Thanks for sharing!

~LDogg

- I thought that the OSArmor would be nice to prevent potential exploit attacks. What if a legit program be exploited and be used to do bad things? Can VDS catch these type of attacks? It's maybe an extreme situation but this program is just too light to not to be installed on my machine.

- I had already enabled the nano defender integration. I have just changed my adblocker addon, though.

- It's good to you remind me. I had used tinywall once before and I had like it. I'm installing it again.

- I had already tweaked my system with SysHardener, I may forgot to add it to list.

- I installed Aomei OneKey recovery. Isn't it good?
 

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
Changes:

  • Removed: Nano Adblocker
  • Added: Adguard Adblocker
  • Added: Privacy Badger
  • Removed: HTTPS everywhere
  • Added: Tinywall
Despite that there is a Firewall option on the 360TSE, it doesn't let me change any of its settings. I don't know if it really works, should I disable it from there?
 
Last edited:

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
- I thought that the OSArmor would be nice to prevent potential exploit attacks. What if a legit program be exploited and be used to do bad things? Can VDS catch these type of attacks? It's maybe an extreme situation but this program is just too light to not to be installed on my machine.

- I had already enabled the nano defender integration. I have just changed my adblocker addon, though.

- It's good to you remind me. I had used tinywall once before and I had like it. I'm installing it again.

- I had already tweaked my system with SysHardener, I may forgot to add it to list.

- I installed Aomei OneKey recovery. Isn't it good?
- It is your config at the end of the day, oneself is just giving you advice :p, if you wish to keep you can, even for me if somethings light, if it's not needed and something else is covering that attack vector, then it may not be viable to install. It is up to you however.

- Such a good Firewall complient for WF

- Fair enough

- This is good enough, just I didn't see any Data Backup solution hence why I added that down, sorry for the confusion on that

~LDogg
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Changes:

  • Removed: Nano Adblocker
  • Added: Adguard Adblocker
  • Added: Privacy Badger
  • Removed: HTTPS everywhere
  • Added: Tinywall
Despite that there is a Firewall option on the 360TSE, it doesn't let me change any of its settings. I don't know if it really works, should I disable it from there?
360 firewall works only if you have premium version.
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
- I thought that the OSArmor would be nice to prevent potential exploit attacks. What if a legit program be exploited and be used to do bad things? Can VDS catch these type of attacks? It's maybe an extreme situation but this program is just too light to not to be installed on my machine.

- I had already enabled the nano defender integration. I have just changed my adblocker addon, though.

- It's good to you remind me. I had used tinywall once before and I had like it. I'm installing it again.

- I had already tweaked my system with SysHardener, I may forgot to add it to list.

- I installed Aomei OneKey recovery. Isn't it good?
onekey recovery is perfect tool. You have backup system and data to your disk
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
- I thought that the OSArmor would be nice to prevent potential exploit attacks. What if a legit program be exploited and be used to do bad things? Can VDS catch these type of attacks? It's maybe an extreme situation but this program is just too light to not to be installed on my machine.

- I had already enabled the nano defender integration. I have just changed my adblocker addon, though.

- It's good to you remind me. I had used tinywall once before and I had like it. I'm installing it again.

- I had already tweaked my system with SysHardener, I may forgot to add it to list.

- I installed Aomei OneKey recovery. Isn't it good?
360TS with syshardener and voodooshield is one super secure combo. You not need anything else.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I thought that the OSArmor would be nice to prevent potential exploit attacks. What if a legit program be exploited and be used to do bad things? Can VDS catch these type of attacks?
Voodooshield is good at post-exploit protection. Besides monitoring lol bins, it also has a dedicated module for monitoring child processes of exploitable apps. If you have the paid version of VS, you can add your own apps to the list, although the list is already pretty long.
Active beta testers who participate in the official Voodooshield forum usually get a free license pretty quick.
 

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
Changes:
  • Removed Adguard, 360TS addon, Privacy Badger
  • Removed Voodoshield Free
  • Added uMatrix

I was been using uBlock in medium mode for a long time. But I wanted to take even more control of my internet connection. I installed uMatrix and blocked "Everything" except .com,.net,.org and .tr domains. All 3rd-party is blocked now except css, image requests and some exceptions.
Also some other minor settings:
- Forbid mixed content = on
- Forbid web workers = on
- Added "* * doc inherit" rule

I can't say that this would make web %100 safe, but, it's damn rock solid. I guess.

Ekran Alıntısı.PNG
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
I installed uMatrix and blocked "Everything" except .com,.net,.org and .tr domains. All 3rd-party is blocked now except css, image requests and some exceptions.
Also some other minor settings:
- Forbid mixed content = on
- Forbid web workers = on
- Added "* * doc inherit" rule

I'd be interested in hearing how this configuration for uMatrix works for you. I found it too complex for me to setup compared to µBO medium mode. Maybe I didn't give myself enough time with it.
 

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
I'd be interested in hearing how this configuration for uMatrix works for you. I found it too complex for me to setup compared to µBO medium mode. Maybe I didn't give myself enough time with it.
I think you should definitely try it. It's not that hard, much easier when you read the documentation.


I suggest you to start from the extension icon title.

It sometimes breaks the some part of websites, such as embedded youtube videos, recaptchas, google sign-in pages etc. Especially if there is a script or video which sourced from 3rd-party source. But it's easy to whitelist the right element when you want to fix it.


I wish there would be a test where this kind of element blockers tested against malicious codes inside a website, malvertisings or popups.
 

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
341
Also, I was reading this topic a few days ago.


This simple single rule blocks all third-party requests (including XMLHTTPrequest, WebSocket, WebRTC, Ping, Object and ObjectSubrequests and Other e.g. beacons), so it provides more protection than uB0 medium mode protection which ‘only’ blocks third-party scripts and (i)frames (subdocuments in AdBlockPlus syntax).

When you enable this, you can disable the Malware Domain blacklist which are enabled by default in uB0, since 95% of the malicious websites are HTTP (insecure) websites. There are as many websites as there are people living on this planet, so a community maintained blacklist with 300.000 URL’s is only a water drop on a hot glowing plate. Also malicious websites are only active for days, so half of these Malware Domain URL’s are dead links anyway.

So with just one simple rule you can make uB0 lighter and have stronger than medium mode protection on HTTP websites! Together with Google's Safe browsing or Microsoft's SmartScreen this will provide excellent protection against malicious websites.

He states that blocking 3d-party(only over the HTTP) except the images and CSS files, will make browsing much more secure. This applies to my configuration too. I'm blocking all 3rd-parties except the CSS and images.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top