Advanced Plus Security oldschool's 2020 laptop setup

Last updated
Dec 12, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
AVG Internet Security v. 20.10.3157
Firewall security
Microsoft Defender Firewall
About custom security
Default settings + Hardened Mode
Periodic malware scanners
Hitman Pro (paid)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Brave/Brave Nightly --> Brave Shields + ClearURLs + LocalCDN
Edge Chromium --> Strict Tracking Protection + ClearURLs + LocalCDN
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste --> Free Agent drive
System recovery
Aomei Backupper Pro --> image monthly or as needed
System protection --> restore points as needed @ app or data changes
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Lenovo L340 i3 8145U CPU @ 2.10 GHz 2.300 GHz 8GB DDR4 RAM 1 TB HDD
Notable changes
5/3/20 --> Removed Bitdefender and back to Windows Defender --> Updated RunBySmartscreen
May 2020 ---> various small changes
3 June, 2020 --> updated to W10 2004
7 June 2020 --> rolled back to 1909
23 August 2020 --> Added LocalCDN to browsers
27 August 2020 --> Removed µBO in Edge
31 August 2020 --> Removed Bitdefender Free
--------------------> Reverted to Windows Defender
--------------------> Removed Trafficlight and added Malwarbytes Browser Guard
7 September 2020 --> Removed Malwarebytes Browser Guard
Later in September --> Enabled Google SafeBrowsing in Brave

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Have you find
I will try this challenge. I have WD+ Configure Defender. I'll uninstall SpyShelter Premium and join your club! I feel so brave!
Here's your certificate. Now you're officially brave 😎
brave.png
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
oldschool,
The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
oldschool,
The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?

I'm not sure if it's a common way to use it either. I've only used it for installers myself so far.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I'm not sure if it's a common way to use it either. I've only used it for installers myself so far.
Ha, ha. It seems, that most users apply only one half of RunBySmartScreen. :)
RunBySmartScreen works like on-demand "SRP + Forced SmartScreen" (although it does not use SRP). So, when the user opens a file by pressing Enter or the left-mouse--click, the file is opened normally. When he/she uses the right-mouse-click and chooses RunBySmartScreen, the file opening is restricted and the alert is displayed (for unsafe files). In this way, the user can apply two security setups by simply choosing between normal file opening and opening it via the right-mouse-click RunBySmartScreen entry.
If you open in MS Office or Adobe Reader a document from a flash drive, then it will not be opened in Protected view. If you will do it via RunBySmartScreen, then the MOTW is added and MS Office or Adobe Reader will open the document in Protected view (as if it was downloaded by the web browser).

MT members usually pay attention to file extensions and do not open files with unsafe or unknown extensions. So, they can use only one half of RunBySmartScreen.:)(y)
 
Last edited:

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Exploit Protection settings for browsers (thanks to @Umbra). These haven't broken anything yet, e.g. extensions crashing.

- for Brave, Edge and Firefox:

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

ADD for Edge Chromium only:

Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
 
Last edited:

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Exploit Protection settings for browsers (thanks to @Umbra). These have broken anything yet, e.g. extensions crashing.

- for Brave, Edge and Firefox:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

ADD for Edge Chromium only:
Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
Exactly mine :) These settings were the most practical without breaking the chromium browser. Helpful to an extent to avoid common exploit techniques.
I just could not enable 'Code Integrity Guard' as it messed up ESET's protection.
A chrome-specific DLL eplgChrome.dll and the Safe Banking monitoring DLL are signed by ESET itself. Hence blocked, raising multiple error dialog boxes everytime.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top