Latest changes
Sep 11, 2020
Daily driver
My primary device
Operating system
Windows 10 Pro
OS version
2004
System type
64-bit operating system; x64-based processor
Security updates
Automatically allow security and feature updates
Windows UAC
Always notify
Firewall protection
Microsoft Defender Firewall
Account privileges
Standard account
Account type
Sign in with local account
Account log-in
  • Account Password
  • Exposure to malware
    No malware samples are downloaded
    Real-time Malware protection
    Windows Defender
    RTP configuration
    ConfigureDefender Max settings
    Custom exploit protection settings for apps and browsers
    Periodic scanners
    Hitman Pro (paid)
    Browser and Add-ons
    Brave/Brave Nightly --> Brave Shields + ClearURLs + LocalCDN
    Edge Chromium --> Strict Tracking Protection + ClearURLs + LocalCDN
    Privacy tools and VPN
    Cloudfare DNS
    ClearURLs
    LocalCDN
    Password manager
    Brain.exe + little black book
    Search engine
    DuckDuckGo
    Maintenance tools
    Windows built-in
    Photos and Files backup
    Copy/Paste --> Free Agent drive
    File Backup schedule
    Once or multiple times per month
    Backup and Restore
    Aomei Backupper Pro --> image monthly or as needed
    System protection --> restore points as needed @ app or data changes
    Backup schedule
    Once or more per month
    Computer Activity
  • Browsing the web and checking emails
  • Streaming movies, TV shows and music from the Internet
  • Downloading files from different websites
  • Office and other work-related software (Work from Home)
  • Recording and editing video or photos
  • Computer Specifications
    Lenovo L340 i3 8145U CPU @ 2.10 GHz 2.300 GHz 8GB DDR4 RAM 1 TB HDD
    Your changelog
    5/3/20 --> Removed Bitdefender and back to Windows Defender --> Updated RunBySmartscreen
    May 2020 ---> various small changes
    3 June, 2020 --> updated to W10 2004
    7 June 2020 --> rolled back to 1909
    8 August 2020 --> Back to Bitdefender until M$ figures out a fix for buggy Network Inspection Service
    10 August 2020 --> Added Trace and re-enabled µBO in Brave
    23 August 2020 --> Added LocalCDN to browsers
    --------------------> Added VoodooShield v.5.92
    27 August 2020 --> Removed µBO, added Privacy Badger in Edge
    31 August 2020 --> Removed Bitdefender Free
    --------------------> Reverted to Windows Defender
    --------------------> Removed Trafficlight and added Malwarbytes Browser Guard
    7 September 2020 --> Removed Malwarebytes Browser Guard
    ----------------------------> Added Emsisoft Browser Protection
    Later in September --> Removed Emsisoft Browser Guard
    --> Enabled Google SafeBrowsing in Brave

    Andy Ful

    Level 62
    Verified
    Trusted
    Content Creator
    oldschool,
    The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?
     

    oldschool

    Level 54
    Verified
    oldschool,
    The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?
    I'm not sure if it's a common way to use it either. I've only used it for installers myself so far.
     

    Andy Ful

    Level 62
    Verified
    Trusted
    Content Creator
    I'm not sure if it's a common way to use it either. I've only used it for installers myself so far.
    Ha, ha. It seems, that most users apply only one half of RunBySmartScreen. :)
    RunBySmartScreen works like on-demand "SRP + Forced SmartScreen" (although it does not use SRP). So, when the user opens a file by pressing Enter or the left-mouse--click, the file is opened normally. When he/she uses the right-mouse-click and chooses RunBySmartScreen, the file opening is restricted and the alert is displayed (for unsafe files). In this way, the user can apply two security setups by simply choosing between normal file opening and opening it via the right-mouse-click RunBySmartScreen entry.
    If you open in MS Office or Adobe Reader a document from a flash drive, then it will not be opened in Protected view. If you will do it via RunBySmartScreen, then the MOTW is added and MS Office or Adobe Reader will open the document in Protected view (as if it was downloaded by the web browser).

    MT members usually pay attention to file extensions and do not open files with unsafe or unknown extensions. So, they can use only one half of RunBySmartScreen.:)(y)
     
    Last edited:

    oldschool

    Level 54
    Verified
    Exploit Protection settings for browsers (thanks to @Umbra). These haven't broken anything yet, e.g. extensions crashing.

    - for Brave, Edge and Firefox:

    Block low integrity images - ON
    Block remote images - ON
    Block untrusted fonts - ON
    Control flow guard (CFG) - ON
    Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
    Disable extension points - ON
    Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
    Randomize memory allocations (Bottom-up ASLR) - ON
    Validate exception chains (SEHOP) - ON
    Validate handle usage - ON
    Validate heap integrity - ON
    Validate image dependency integrity - ON

    ADD for Edge Chromium only:

    Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
     
    Last edited:

    Parsh

    Level 25
    Verified
    Trusted
    Malware Hunter
    Exploit Protection settings for browsers (thanks to @Umbra). These have broken anything yet, e.g. extensions crashing.

    - for Brave, Edge and Firefox:
    Block low integrity images - ON
    Block remote images - ON
    Block untrusted fonts - ON
    Control flow guard (CFG) - ON
    Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
    Disable extension points - ON
    Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
    Randomize memory allocations (Bottom-up ASLR) - ON
    Validate exception chains (SEHOP) - ON
    Validate handle usage - ON
    Validate heap integrity - ON
    Validate image dependency integrity - ON

    ADD for Edge Chromium only:
    Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
    Exactly mine :) These settings were the most practical without breaking the chromium browser. Helpful to an extent to avoid common exploit techniques.
    I just could not enable 'Code Integrity Guard' as it messed up ESET's protection.
    A chrome-specific DLL eplgChrome.dll and the Safe Banking monitoring DLL are signed by ESET itself. Hence blocked, raising multiple error dialog boxes everytime.
     
    Top