Advanced Security oldschool's surfing laptop configuration

Last updated
Feb 16, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
VoodooShield
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Block all unknown executables | ASR rules | Platform & Engine updates Beta channel
Exploit Protection settings
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox I µBO | Brave Search
Brave | Brave Search
Edge | Privacy Badger | JShelter | Brave Search
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
Mem Reduct
DNS Jumper
File and Photo backup
Copy/Paste
Active subscriptions
    • None
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
What I'm looking for?

Looking for minimum feedback.

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,952
Judging by this rule number and the number used rule used for filters in the picture in your other comment, have you enabled the "Disable generic cosmetic filters" option in uBO?
Yes because I've never used them.
I guess it would be for Microsoft Defender to skip executables which hash has not been changed. Did you notice a difference?
No performance impact that I notice. This setting was one of a number advised by @SpyNetGirl in her hardening thread.
Did you enabled it through GPO or registry (link) ?
Via powershell command.
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
533
Using NextDNS here.
Yes, I know. In your post #217 you wrote: "I'm using mostly tracker blocking like @TairikuOkami" As I said, he relies on Next DNS. Besides that he only uses the browser built-in blocking but not any blocking extension. You're using uBO. That's a significant difference. Is the Medium Mode option in uBO your motive?
 

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,952
Last edited:

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,616
Yes because I've never used them.
That's alright. Gorhill and Adguard don't like generic cosmetic filters either, especially for Annoyance filters. But I notice that in your two annoyance filters there's barely any rule that's not generic. For example, "I don't care about cookies", only 1,355 out of 25,608 are being used meaning only the used ones are not generic. This indicates that the filter is almost entirely generic filter based and might not be very helpful. That's not a good thing since generic filters have performance impact (Though I don't notice in real life). So not sure how effective it is in your config. On the other hand, Adguard Annoyance (Optimized) is the reverse. They have only 1K+ generic filters out of 38K rules. So, 37k is in use even when generic cosmetic filters are disabled.
Anyway, if your current settings works then it's fine. Just letting you know.
I guess it would be for Microsoft Defender to skip executables which hash has not been changed. Did you notice a difference?
I'm also curious if there's any benefit of adding this. Does it really help in anyway? Maybe it's mainly for MD Endpoint products.
Regarding hash, what I find super helpful is the logging of sha1 hash of samples detected by MD Real-Time protection. So, it's possible to quickly copy the hash and check on Virustotal to know about the malware or potential false positives. It can be enabled via registry tweak or GPO.
 

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,952
Based in part on the above discussion I re-did my µBO medium mode setup once again to stay closer to @Kees1958 original intention behind his 3rd party filter lists, so I removed more filter lists. 😅
1680047006751.png
My total now stands @ 22,349 Network filters + 58 My filters. Hope you're well Kees! (y) :cool:
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
834
Thanks for you anti-paywall filters. I added them to my uBlock config. To be honest I have way too many filters, a few big lists such as OISD and LightSwitch's take up most though about 90%. However, the only time I really need to disable uBlock is on ecommerce sites, they can get a bit funny with tracker blocking and I find NextDns is the same that you need to disable it to use some ecommerce sites.
 

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,952
Thanks for you anti-paywall filters.
You're welcome. These filters don't claim to be as good as the BypassPaywalls extension but are OK for my purposes.
However, the only time I really need to disable uBlock is on ecommerce sites, they can get a bit funny with tracker blocking and I find NextDns is the same that you need to disable it to use some ecommerce sites.
My purpose in using this light list Medium mode is so I'm in full control, can easily noop sites as needed, and don't have to deal with breakage from filters. I even downsized my NextDNS fitlers to disguised 3rd party tracker blocking only.
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
533
Based in part on the above discussion I re-did my µBO medium mode setup once again to stay closer to @Kees1958 original intention behind his 3rd party filter lists, so I removed more filter lists. 😅
View attachment 273961
My total now stands @ 22,349 Network filters + 58 My filters. Hope you're well Kees! (y) :cool:
You can slimming your uBO-setup a little bit by activating the lists of Dan Pollock and Peter Lowe in NextDNS.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,616
My purpose in using this light list Medium mode is so I'm in full control, can easily noop sites as needed, and don't have to deal with breakage from filters. I even downsized my NextDNS fitlers to disguised 3rd party tracker blocking only.
Blocking connections via extensions is not a bad idea. Things that are blocked by extensions actually stops DNS queries from happening in the first place. But the benefit of using something like NextDNS is that all the blocking is happening on their servers, there is no performance overhead on your own device. So the combination of Extension + DNS is better IMO.
For medium mode, you can check out Yuki's noop filters for English language sites.
 
F

ForgottenSeer 97327

Yes, nothing beats a hard-whitelist (I like WDAC), but with SRP you can block execution for standard user and allow execution for admin using Hard_Configrator ('soft SUA-whitelist')

A problem free alterative is the 'hardened-Cloud-whitelist'. In this scenario you would be using the Avast profile of Hard_Configrator adding additional sponsors to block (script interpreters plus enhanced) with Configure_Defender on MAX. I prefer this (H_C Avast profile) over SWH + CD because of the additional sponsor blocks. Despite all post with "MD slowing down my PC" I a have not ever seen a (potato) PC launching applications faster than this combo (measured with AppTimer, not on I think or feel it is faster). Before I put this on relative's PC I always check whether MD is the fastest.

Because I like the concept of VS very much and it was free, (at that time, now not anymore) I have tried this also on a few potato-PC's (PC's of family members given to older relatives because they bough a new one). When you check the startup of Edge and Office, the Avast profile with MD on MAX is at least 1 to 2 seconds faster when first starting a program (after reboot). Consecutive (from paged out memory) starts are only 0,1 to 0,3 seconds faster (MD with SRP faster than MD + VoodooShield).

I have also noticed this (MD being faster) when measuring H_C Avast + C_D Max against Avira, BitDefender, F-secure and ESET!
 
Last edited by a moderator:

oldschool

Level 80
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
6,952
I have also noticed this (MD being faster)
Possibly still true even though VS' performance has improved, though I don't really notice a difference with or without it so far. I'm running it in relaxed Autpilot mode as this was a clean install/upgrade to the new CyberLock. I'm quite happy with Defender + SAC since I've commited to its whitelisting limitations but I'll see how it goes with VS.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top