Advanced Plus Security plat1098 PC Security Configuration 2019

[oldschool]

Hi Dhruv2193: I can hopefully answer... ... Also, I've tried higher Defender settings in past like enabling CFA--it drives me NUTS. Much rather would rely on SysHardener and Group Policy. ...

You can use high settings and disable CFA. It causes many users to go crazy, even myself. Now I appear to have tamed it with exclusions to both CFA and ASR! Otherwise, these two feature categories do not like a lot of 3rd party software.

 

[plat]

Removed: NVT EXE Radar Pro/NVT SysHardener/Mozilla Firefox

Disabled: Windows Defender

Added: F-Secure Safe/NVT OSArmor/Google Chrome

F-Secure isn't the "best" antivirus but it's cooperative and unobtrusive resource-wise and the scan is very fast. Nvidia graphics driver issues and "firefox exe is blocked from accessing graphics hardware" were enough to change the core of this configuration. But now, the problems seem resolved and the graphics driver from October 11, 2018 seems stable.

 

[Deleted member 178]

I don't get the "removed SysHardener" , there is nothing to remove, did you meant you reset the tweaks?

 

[plat]

Yes, I reset to defaults, then removed the program along with almost all other third party programs. Having some trouble with hardware and drivers so trying to find causes and effects and fixes.

Just to emphasize: you find OSArmor and SysHardener to be fine together on the system? Note that ERP is removed from configuration in favor of OSA. Thanks Umbra!

 

[Deleted member 178]

In fact, SH would be fine with everything because it is just a GUI automatizing manual tweaks, you could just use the portable version as i do.

OSA is almost as good as ERP if you use advanced settings and deploy Custom Blocks.
ERP is all about monitoring and needs good knowledge of the system.

 

[plat]

Well here's something kinda neat. Chrome running obediently in Sbie, nested in the loving arms of Windows 10 v.1809. Surely, experts in Sbie/Chrome will know this already but it's new to me, literally. Briefly, sandbox configured for Chrome and a spam of BITS errors occurs in event viewer, without affecting functionality. The issue is better explained here: OK so learning from that to disable the two Google updaters via msconfig (it seems in Windows 10, Chrome uses Windows BITS and Sbie blocks access to the service :emoji_ok_hand However, once machine restarted, the BITS errors stopped and WHEA Logger warnings 17 began spamming instead, dozens and dozens. If one isn't aware of the likely cause and effect, you'd be scared your drive was twirling down the drain, esp if driver is up to date.

Spoiler

What I did, I uninstalled Sbie (not Chrome), reinstalled and configured from scratch. Shutdown machine. Boot machine. Extensions off/on makes no difference but WHEAs gone and haven't returned though Chrome would be searching for updates long ago, two times over. I'm OCD about errors in Event Viewer. Overkill and unnecessary: probably, but very clean and efficiently running at the moment and no wasting of a sub. I write about this only because of the WHEA warnings occuring with an M.2 drive--wonder why it would occur? Right now, the browser runs in Sbie virtually instantly and error-free, with three extensions causing no hangups (trace, uBO, Emsisoft). Anyone with better insight, please don't hesitate to correct anything, but I consider the WHEA issue resolved, at least for now. Haven't found anything like this in searches, general and in Sandboxie forum. Also, I'll have to watch out for Chrome updates and manually update, I guess.

Also, after 2 1/2 years, you wonder if your hardware is sliding downhill so I blew out the dust from the GPU and fans, reseated the RAM, which is 3 yrs old, into slots 1 and 3, and TRIMMED the drive. Ran Passmark thinking "oh well" and surprise, surprise, a small improvement (no overclocks). Left: bench from July 2018, Right: bench from yesterday.

Spoiler

Spoiler

Just air-cooled, browsing only.

Edit: 1/16/2019. Both errors/warnings are back, albeit in far lesser quantity. Sigh. Well, I disabled the Chrome Elevation Service as well, it's not too bad but I don't like these errors, even though they don't affect much. Let's see how it goes.

Spoiler

 

[plat]

Removed: F-Secure Safe
RogueKiller

Re-Enabled: Windows Defender--it decided to behave better w/Google Chrome for some reason.

Added: AdwCleaner as occasional on-demand.
Emsisoft Browser Security to Chrome and Edge

RogueKiller was a very good donation-ware but times change, it seems. If/when it's better streamlined, I will most likely re-instate it.

 

[Moonhorse]

Removed: F-Secure Safe
RogueKiller

Re-Enabled: Windows Defender--it decided to behave better w/Google Chrome for some reason.

Added: AdwCleaner as occasional on-demand.
Emsisoft Browser Security to Chrome and Edge

RogueKiller was a very good donation-ware but times change, it seems. If/when it's better streamlined, I will most likely re-instate it.

For sure it works well with chrome because WD working outside of it, well it scans downloads before they finish

In OSA you may disable powershell + powershell script engine and restrict the constrian languange mode whatever it is

 

[LDogg]

Some good additions to your setup. You all 3 main layers protected.

~LDogg

 

[plat]

Installed latest Sandboxie 5.28 (credit) release version and configured Chrome. So far, so good, but this is something that has to be time-tested. Chrome latest was creating many errors and warnings on here running in the last two Sbie betas. With new release Sbie, it's virtually instant-performing on here.

Possibly Chrome is the least urgent browser to need this but I like the warm and fuzzy feeling.

Edit: no such luck. still getting the sbie2101 error when opening Chrome but it's not consistent, which makes it hard to pinpoint the cause. OK, will have to monitor the situation and see what happens.

 

[plat]

Made a small upgrade to Samsung 970 EVO Plus for Windows drive and installed it in an aluminum heatsink. Does anyone run benchmarks to see if the hardware is sliding downhill? If so, what ones do you recommend? I ran a couple, they seem respectable and slightly improved over prev. Ran Time Spy by 3D mark in the past, it did well but the gpu got mighty hot.

Spoiler

Spoiler

The hardware is otherwise 3 years old and no scores went down from one year ago. An upgraded SSD works wonders, right?

 

[Wraith]

Made a small upgrade to Samsung 970 EVO Plus for Windows drive and installed it in an aluminum heatsink. Does anyone run benchmarks to see if the hardware is sliding downhill? If so, what ones do you recommend? I ran a couple, they seem respectable and slightly improved over prev. Ran Time Spy by 3D mark in the past, it did well but the gpu got mighty hot.

Spoiler

View attachment 213494

Spoiler

View attachment 213495

The hardware is otherwise 3 years old and no scores went down from one year ago. An upgraded SSD works wonders, right?

Your scores seem okay to me (except the GPU). Going from a HDD to SSD indeed does wonders my friend. I think your GPU is passing the 83 degrees marker and throttling itself. A Stock GTX 1080 should have a higher score than a stock GTX 1070 Ti. This is my passmark score with a 7600K(4.5GHz), 16GB RAM, 1TB SSD and GTX 1070 Ti Stock. Your GPU should have a higher score than mine.

 

[plat]

OK, yes I see. I will have to look into why my 2D score is a lot lower than yours. Is there any setting in the NVIDIA Control Panel that you adjusted from default settings? And yes, throttling is exactly what it was doing, I guess b/c it's a Founders card, I read they tend to get hot more quickly than others.

I ran User Benchmark mainly since it references your score to others with the same or similar hardware.

Thanks a lot for pointing this out. I'll see what the deal is with the gpu.

 

[Wraith]

No I didn't alter any settings except for the fact that I always do a custom and clean install of the drivers excluding GeForce Experience. I see you have a founders edition card. Those are designed to run till 83 degrees and then throttle down. If the GPU hasn't been cleaned in a while you can try the following steps-
1) clean the GPU with a can of compressed air.
2) use MSI Afterburner to create a custom fan profile.
3) clean the old thermal compound and apply a new one. Thermal Grizzly Kryonaut would be the best choice.
4) last but not the least make sure you have the latest drivers.
If the GPU temps go above 90 degrees celsius I would suggest you to immediately clean it and apply a new thermal compound.

 

[plat]

Added the Firewall Hardening Tool, courtesy of Mr. Ful. I'm a poet and don't know it. Anyway, please confirm, It's a one-time setup? I add LOLbins and recommended Hard_Configurator settings. I will also read some of the dedicated thread to get a little more info. So grateful for tools like this, a blessing for users of Defender and Windows firewall.

Added some other more minor stuff and switched to Edge.old until I can replace it more fully with Edge.release.

 

[oldschool]

Added the Firewall Hardening Tool, courtesy of Mr. Ful. I'm a poet and don't know it. Anyway, please confirm, It's a one-time setup? I add LOLbins and recommended Hard_Configurator settings. I will also read some of the dedicated thread to get a little more info. So grateful for tools like this, a blessing for users of Defender and Windows firewall.

Added some other more minor stuff and switched to Edge.old until I can replace it more fully with Edge.release.

It's a one-time setup. Be aware that rules enabled in hardening tool can only be removed via FWHT. Plus, you can make rules of your own.

 

[plat]

Added:

AdGuard Desktop via a half-way decent Black Friday discount.
Intel Extreme Tuning Utility
HitmanPro via 50% off online discount

Warning to any XTU user who may not be aware: the Intel service does not always start with Windows, in fact, for me, less than 50% of the time. So your voltage could be back at defaults without your knowing it. If you run a cpu-intensive task, you're back to maybe overheating. There's a tutorial here for triggering the XTU service to run at startup. Where I've still seen it fail on here is waking from sleep. Throttlestop is an upcoming alternative. If anyone uses Throttlestop, please share your impressions !

 

[plat]

Updated to Windows 10 version 2004, build 19536.1000. No problems even with a defective restart function on here.

This feels very stable even though it's a fast ring, Insiders build. I will keep it installed for now. There are some things I had to re-enable, like recognizing all cpu cores via msconfig. I'm wondering whether I should refresh the H_C Firewall Hardening Tool, though it seems like it survived the upgrade intact. Once again, I had to whack the watermark with Winaero's file.

I'm seeing an uptick in concern that OSArmor is either abandonware or on the verge of-. It is at least partially working on this Windows beta build, for example: blocking unsigned processes executing w/highest privileges. However, it hard to know for sure if every single rule is going to be honored. If anyone has any comments related to continuing using this software, please feel free. Right now, I'm keeping it on here. We'll see. A new build was promised back in October. This has not yet materialized nearly three months later. So, it's time to start looking elsewhere soon, maybe. I wish the developer would say something, you know?

 

[bribon77]

Bravo @plat1098 you are a Hacker, nothing to add.

 

[oldschool]

I'm seeing an uptick in concern that OSArmor is either abandonware or on the verge of-. This has not yet materialized nearly three months later. So, it's time to start looking elsewhere soon, maybe. I wish the developer would say something, you know?

I see @Umbra recently mentioned a new version was due soon but I have also read many of the concerns you cite, so it has me wondering. I'm not sure I'd want it on my system - but others may feel differently. You're using Windows Defender with tweaked settings so I wouldn't be concerned. I assume you are a safe surfer and WD should suffice if you decide to remove OSA.

And this

Bravo @plat1098 you are a Hacker, nothing to add.