Advanced Plus Security NulFunction Config 2018

[NulFunction]

Hi

I am very glad that this service exists!
Thank you!

It's a Laptop: Medion Akoya P6630 (Very limited speed)
I changed to an SSD and 8GB of RAM though.
Bitlocker encrypted. (Changed strength to 256bit using Group policies)

Questions/Problems about/with this forum-function:
- I cant' click "Windows Firewall" under "Device Firewall". There is no checkable Circle thing. If I click the text "macOS" gets activated, so thats why this one is chosen.
- This problem is basically true for all fields with checkcircles. Every option on the bottom is unclickable. Interferences with my build are mentioned above.
- Addition to "Security Testing with Malware": Used various Testfiles and such. All got detected.

Further Protection/hardening:
I did most of what is listed here: Harden Windows 10 - A Security Guide. How to secure Windows 10
All I didn't do is add user accounts for specific purposes, IDS-Stuff and some more. I don't know how to write about it to be honest. Do I say what I did or do I say what I didn't do?
I deactivated services, standard firewall rules.
Changed Network and System settings, and Group Policies.
I added privacy DNS: 1.1.1.1 and some specific to Germany.
IPv6 is totally deactivated.
DCOM is off ... So much stuff.
I did not block outgoing connection in Windows Firewall. Just because there is no easy way to allow programs. I don't think that is a big issue anyway. EDIT: I am currently testing I use simplewall or TinyWall.

Other questions:
- Should I deinstall Internet Explorer? Isn't it used by some Programs like Google Backup and Sync to display settings pages and stuff?
- Is really every aspect of Scriptsafe and Ghostery included in uBlock Origin, or
- ... is uBlock Origin enough?


Thank you very much!

EDIT:
Several changes made, like:
- I am currently testing "simplewall" and "TinyWall". Both look good.
- I also found out about W10Privacy, O&O ShutUp and Windows Privacy Tweaker. I used them to deactivate practically everything. So useful!

 

[NulFunction]

Thanks for rating! Why "Basic" though?

 

[harlan4096]

No "Disk Imaging Backup" solution, usually that would lead to tag it as "Risk Moderate", but I was a bit flexible since the rest of Your config is Secure enough and at least You save Your personal data in cloud...

Also, probably You don't need CryptoPrevent Free Edition v9.1.0.0 and ZAL with OSA and ERP...

Thanks for sharing

 

[NulFunction]

Ye I'm thinking about cryptoprevent because windows defender has essentially the same function now. But ZAL too? Hm.

Anyway, why is having no disk imaging backup software a risk? What am I risking? I would actually decrease security overall by using a disk imaging tool. I could involuntarily backup deep malware and never get rid of it.
It is way safer to just reinstall and copy the personal files from Drive over, imo.

 

[Ink]

- Should I deinstall Internet Explorer? Isn't it used by some Programs like Google Backup and Sync to display settings pages and stuff?!

No one needs IE anymore. Edge is the future for Microsoft.

Go to Windows 10 Settings > Apps > Manage optional features to [Uninstall] Internet Explorer.

 

[Dhruv2193]

Good configuration. One of the most different setups i have seen on MT.

 

[ForgottenSeer 69673]

"Security Testing with Malware Yes - On my host PC, no isolation from files or network "

Only thing I would wonder about.

 

[LDogg]

Let's start, you don't need CryptoPrevent whatsoever, NVT OSArmor will stop most ransomware from executing.

Then to answer your questions:
- Uninstall IE, no one ever uses it and Edge has replaced IE. Plus IE is now a major security risk if you use it.
- Scriptsafe has a lot of feature uBlock doesn't have, they both compliment each other very well

Things you could add or change:

• Change default search engine from Google to StartPage, DuckDuckGo or searx.me
• Random User Agent isn't needed
• Reactive Scriptsafe
• Could also use Macrium Reflect to create backup
• Adding Zemana Anti Malware & Emsisoft Emergency Kit as second opinion scanners

~LDogg

 

[NulFunction]

Let's start, you don't need CryptoPrevent whatsoever, NVT OSArmor will stop most ransomware from executing.

Then to answer your questions:
- Uninstall IE, no one ever uses it and Edge has replaced IE. Plus IE is now a major security risk if you use it.
- Scriptsafe has a lot of feature uBlock doesn't have, they both compliment each other very well

Things you could add or change:

• Change default search engine from Google to StartPage, DuckDuckGo or searx.me
• Random User Agent isn't needed
• Reactive Scriptsafe
• Could also use Macrium Reflect to create backup
• Adding Zemana Anti Malware & Emsisoft Emergency Kit as second opinion scanners

~LDogg

Hi.
Yea, I'll throw crypto away.
Ok. But I am hesitating with the deinstall because Google Backup for example uses "C:\Windows\System32\ieframe.dll" to draw it's menus. That is used to draw Internet Explorer browser-frames. Further testing showed it also uses IEs Chache and stuff: "C:\Users\<USERNAME>\AppData\Local\Microsoft\Windows\INetCache\IE\..."

- Why not Random User Agent? Doesn't it improve privacy? I know I can configure ScriptSafe to fake user-agent, but it will always be the same then anyway. Random User Agent changes the agent every configurable-bunch-of-minutes, if you didn't knew that.
- I'll reactivate ScriptSafe and set uBlock back to set-and-forget mode. Though I haven't seen anything go through uBlock Origin that I haven't allowed - ad- or script-wise.
- Nah, I'm not a fan of disk-imaging. Even though it's really convienent. Also, I think it will cause issues with BitLocker encryption, wouldn't it?
- Second opinion? I thought it is generally advised to only use one realtime anti-virus application. I suppose defender would be deactivated anyway. Do you mean to use it just as a second scanner? I am doing online-scans from time to time.

One important thing is that my Laptop is pretty slow - even more know after the Spectre update. So I want to keep the amount of programs running low. That's also why I hesitate to install a personal-firewall and stick to windows for now. :/
- Should I consider deactivating the Spectre fix? I mean, is it worth the performance impact considering the rest of the setup?

Thank you for your feedback! Please don't think I am ungrateful for your work just because I ask these questions. I am not. I want to understand why these changes would be better.

No one needs IE anymore. Edge is the future for Microsoft.
Go to Windows 10 Settings > Apps > Manage optional features to [Uninstall] Internet Explorer.

As I mentioned above, what about programs that use ie-frames?

Good configuration. One of the most different setups i have seen on MT.

Thanks. Is that a good thing?

"Security Testing with Malware = Yes - On my host PC, no isolation from files or network "

Only thing I would wonder about.

I understand. But maybe I just answered it wrong: I meant I test my security using known-good testfiles. (Or known-trustworthy)

-----------------------------------------------------------

I added these changes to the OP:
- Deinstalled CryptoPrevent
- Chrome: Not set to run in Sandbox since profile issues
- Chrome: Removed Ghostery addon since I didn't use it anyway
- Chrome: Activated ScriptSafe again. Configured to block everything
- Chrome: Set uBlock Origin into set-and-forget mode
- Other: Was going through taskscheduler and deactivated all "Customer Experience Improvement Program"-tasks that send information to microsoft.

 

[Dhruv2193]

Yes a good thing.

 

[NulFunction]

Yes a good thing.

-----------------------------------------------------------------

BTW I have NVTs Driver Radar Pro running because I was stunned by all the new drivers getting installed all the time. Done that using driverquery to compare new query with old one before I installed NVT DRP. (Per batch. As described in the hardening-tutorial linked in OP)
I added that too.

Edit: Is that guide known here? (Harden Windows 10 - A Security Guide. How to secure Windows 10)
If not I could create a thread for it.

 

[Deleted member 178]

Edit: Is that guide known here? (Harden Windows 10 - A Security Guide. How to secure Windows 10)
If not I could create a thread for it.

Yes very well known, it exist since ages.

Personally, i would remove Zemana.
Daily tasks on admin account is a no go for me.

 

[NulFunction]

Yes very well known, it exist since ages.

Personally, i would remove Zemana.
Daily tasks on admin account is a no go for me.

I hope he updates it for 1803 soon. Services changed significantly.

Why remove Zemana? It already showed me that it blocks PUP for example faster than all other security software I have. Even before NVT ERP blocks it's execution or Defender scans it! (I'm referring to this testfile: Feature Settings Check – Potentially Unwanted Applications – AMTSO)

Aren't many tasks needed to keep windows secure, up-to-date, and functioning? Did you deactivate all of them?

 

[Deleted member 178]

I hope he updates it for 1803 soon. Services changed significantly.

Black Viper's Windows 10 Service Configurations | Black Viper | www.blackviper.com

Why remove Zemana? It already showed me that it blocks PUP for example faster than all other security software I have. Even before NVT ERP blocks it's execution or Defender scans it! (I'm referring to this testfile: Feature Settings Check – Potentially Unwanted Applications – AMTSO)

who cares of which one block faster, they are blocked anyway right?
Zemana block faster probably because its driver is older and has priority over recent one (rules defined by MS, ), nothing related to security efficiency.

Aren't many tasks needed to keep windows secure, up-to-date, and functioning? Did you deactivate all of them?

some.

 

[NulFunction]

Black Viper doesn't disable the services (Only put to manual) and some mentioned in the hardening guide are not in that list at all. (Like, I don't need WiFi services and such) I just made it manually and saved the settings using BlackViper for the next time.*
---
Hm ok. I guess that makes sense. I'll remove it. More ressources for other programs! Yay!
EDIT: Oh, just to be safe here: Did you see that it is the AntiLogger and not the AntiMalware version?

 

[Deleted member 178]

Black Viper doesn't disable the services (Only put to manual) and some mentioned in the hardening guide are not in that list at all. (Like, I don't need WiFi services and such) I just made it manually and saved the settings using BlackViper for the next time.*

You can select the column, use to have the disabled ones.

-EDIT: Oh, just to be safe here: Did you see that it is the AntiLogger and not the AntiMalware version?

Of course, ZAL is even worse than ZAM which isn't very good btw...

 

[harlan4096]

"Yes - On my host PC, no isolation from files or network" -> I didn't notice this when I checked the config yesterday, probably because my eyes/mind couldn't admit that? changed to Risky: Danger...

 

[Deleted member 178]

I understand. But maybe I just answered it wrong: I meant I test my security using known-good testfiles. (Or known-trustworthy)

so it is not malware-testing, change the option to No.
@harlan4096 will revise his rating.

 

[harlan4096]

@NulFunction: please confirm if You are having some issues selecting some options on You profile config, and/or change Your data in the field: Security Testing with Malware, if You are not actually testing malware frequently without any isolation system...

 

[Ink]

As I mentioned above, what about programs that use ie-frames?

I use Google Backup and Sync and works fine without Internet Explorer. I haven't had IE installed on Windows 10 since launch and have not experienced any broken sign-in pages.

Do yourself a favour and purge it.