Advanced Plus Security Nighthax Security Config '26

Last updated
Jun 8, 2026
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer
Smart App Control
Off
Network firewall
Enabled
Real-time security
(Self-hosted) Elastic Stack with Security
Safing Portmaster Firewall & Web filtering
Firewall security
Other - Internet Security (3rd-party)
About custom security
Elastic: malware threshold -> Aggressive (have not yet noticed any FPs as a result of this setting) and rollbacks enabled.
Full logging is enabled for Elastic agents, malware detections set to prevent, on-modification scanning enabled.

Hard_Configurator by AndyFul and Harden System Security by Violet Hansen are also in use.
Core isolation features: Memory integrity enabled, kernel-mode hardware-enforced stack protection enabled, local security authority protection enabled, memory access protection enabled, vulnerable driver blocklist enabled, and credential guard enabled.
Periodic malware scanners
Emsisoft Emergency Kit & Hitman Pro
Malware sample testing
I do participate in malware testing. See details about my testing environment below.
Environment for malware testing
VMware Workstation Pro
Samples never downloaded on my actual machine (unless they were custom developed).
Browser(s) and extensions
Helium browser w/ Emsisoft Browser Security & Osprey Browser Protection
Secure DNS
ControlD
Desktop VPN
Windscribe, Cloudflare WARP+
Password manager
Proton Pass
Maintenance tools
BleachBit
File and Photo backup
Don't really store any of this on my desktop.
Subscriptions
    • Apple One Family
    • Apple iCloud+ 50GB
System recovery
Clean reinstall w/ a bunch of scripts for easy reconfiguration.
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Downloading software and files from unknown / untrusted / shady sites
    • Sharing and receiving files and torrents
    • Gaming
    • Gaming with third-party mods
    • Streaming audio/video content from shady sites
    • Coding and development
Computer specs
Custom build:
Intel Core Ultra 7 265K
AMD Radeon RX 6700 XT
32GB CL30 6000mhz DDR5
GIGABYTE Z890 AORUS ELITE WIFI7 ICE
2TB Samsung 990 Evo Plus NVMe SSD
1TB WD Blue 7200RPM CMR HDD
What I'm looking for?

Looking for medium feedback.

R

realnighthax

Level 1
Thread author
Nov 3, 2018
12
46
27
Current config as of June 2026. I landed on this self-managed Elastic stack after being thoroughly impressed by their protection whilst demoing various consumer products as well as anything enterprise-grade (eg S1, GravityZone) I could get my hands on, particularly against my own self-developed ransomware and infostealer simulations. It's a bit noisy at first and does require some fine tuning when it comes to FPs as a result of behavioral detections, but nothing too crazy. I like that you can be VERY granular with exclusions -- down to the specific behavioral rule. I also appreciate being in control over my own data. There is no cloud protection in a self-managed configuration and in my experience it is absolutely not required.

The stack is hosted on a self-managed cloud server and protected via Cloudflare Zero Trust access.

I am seeking better web protection as I don't assume Portmaster's default lists are amazing.
 
Last edited:
  • Like
Reactions: Sampei.Nihira and harlan4096

You may also like...