Danger Nagisa Security Config 2021

Last updated
May 11, 2021
How it's used?
For sharing
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
N/A
Real-time security
None
Firewall security
Microsoft Defender Firewall
About custom security
Inbound connections set to be denied
Unnecessary services disabled

from H_C:
- Block LOLBins
- Block mshta.exe
- SRP is set to disallow except ((protect shortcuts)) and a few directories I chose.
- Block PowerShell scripts
- Block remote access
- Disable SMB 1,2 and 3
Periodic malware scanners
EEK
HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox with custom user.js
Qutebrowser
Pale Moon
Vivaldi
-
uBlock Origin
NoScript
Treestyle tabs
Secure DNS
NextDNS
Desktop VPN
None
Password manager
KeePassXC
Maintenance tools
Windows built-in tools
File and Photo backup
None
System recovery
None
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
R5 1600
GTX 1060@6
8 GB DDR4 2666 MHz
1 TB HDD
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team
  1. This setup configuration does not have a backup plan. We strongly recommend to add a backup solution for your data so that you can restore it in the case of an emergency.
    Backing up allows the recovery of data that has been lost due of a malware attack (eg. ransomware) or a hard disk crash. In such events you might lose family photos, your music collection, documents, or financial data. Backups are fast and simple to perform so it should be done on a regular basis.

F

ForgottenSeer 89360

Not using an extension at all is even lighter and gives you even more possibilities to increase privacy with Stealth-mode without making your fingerprint more unique. View attachment 254418
In the end it's up to you and I'm sure Ublock Origin isn't a bad solution either.
AdGuard without extension (unless you use their DNS which brings same issue like NextDNS) uses a service to do what an extension normally would. So the browser itself will be lighter, but the service will draw resources.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,561
AdGuard without extension (unless you use their DNS which brings same issue like NextDNS) uses a service to do what an extension normally would. So the browser itself will be lighter, but the service will draw resources.
Yea, there is always a downside with each option... Maybe you could consider using Brave with a built in adblocker?
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,561
Then in that case the Brave adblocker will draw the resources 😀
There is no full happiness, not blocking the ads you are wasting resources too.
Stop confusing me guys! Didn't we try to find a solution to eliminate extensions that are not needed? It's either Adguard Windows or a browser with a built in adblocker like Opera or Brave. Why are we talking about resources and fake certificates now? 😄
 
F

ForgottenSeer 89360

Stop confusing me guys! Didn't we try to find a solution to eliminate extensions that are not needed? It's either Adguard Windows or a browser with a built in adblocker like Opera or Brave. Why are we talking about resources and fake certificates now? 😄
Because I'm assuming it hasn't been spoken about before 😀
 
  • Like
Reactions: Venustus and Kongo

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
342
Removed some settings I think are redundant and disabled the Memory Integrity feature. It didn't worked well with TM.

It successes to protect you in real world scenario, and it's one of the best at it from what I seen by looking at AV-C reports. However it's static detection is not the best and it relies too much on default deny method. This has created a problem on my machine when un/installing Firefox Nightly or opening Chromium builds. You cannot run anything unless it's explicity whitelisted. There is no option to add a specific exception for this either. Also one thing to mention. It's web blocking is very good (only tested it with phishtank valid URLs) if you visit a site through http connection. But it's weak if the connection is through https.
 

Nagisa

Level 7
Thread author
Verified
Jul 19, 2018
342
So you only use Windows Store?
Don’t read anything about that you’re using S-mode
I download from the original sites or preferably the Github accounts of developers whose I think trustable enough.

I don't think I need a strict security model to reason not using an AV. They don't really add much to the security anyway when it comes to advanced attacks. And my security model is not that strict that I would want to use UWP sandbox or lock-down my system.
 
  • Like
Reactions: oldschool

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,259
Especially when he doesn't delete browsing history on exit. ;)
"Other users: Other accounts are Admin users"

It seems that other users use other (non-SUA) accounts. So, the SUA account is less safe than usual.

There was a thread about non-AV setup:
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top