Latest changes
Dec 31, 1969
Windows Edition
Enterprise
OS version
1607 (14393.576) Enterprise-N 2016 LTSB
System type
64-bit operating system; x64-based processor
Windows UAC
Always notify
Firewall protection
Custom - Provided by a third-party security vendor
Account privileges
Account type
Exposure to malware
No malware samples are downloaded
Real-time Malware protection
Emsisoft Antimalware Full;
Zemana AntiLogger Premium (Lifetime);
Comodo Firewall w/ Defense+
Periodic scanners
Himan Pro;
MBAM;
Browser and Add-ons
Mozilla Firefox (uBlock Origin Advanced + custom filters | NoScript)
Vivaldi (uBlock Origin Advanced + custom filters)
Chrome (uBlock Origin Advanced + custom filters)
Privacy tools and VPN
uBlock origin (Advanced); NoScript
Password manager
No
Search engine
Google
Maintenance tools
CCleaner
Photos and Files backup
Manually
File Backup schedule
Once or multiple times per week
Backup and Restore
Paragon Hard Disk Manager
Backup schedule
Once or more per month
Computer Specifications
https://malwaretips.com/threads/predrags-workstation.65413/

Predrag Radjenovic

Level 2
Verified
Well, this was my standard setup so far. As I'm planning to upgrade to W10 soon, I want to expand/alter this accordingly. Especially after a company I work for has had a close encounter with Locky Ransomware. I am hoping to learn a lot from more experienced users here.

That's it for now.

Best Regards,
Predrag

EDIT: Updated the security configuration as I moved to W10 Enterprise LTSB. We'll see how this configuration goes, so far I am pleased with the overall system speed and responsiveness. Also, I am starting to slowly get used to using Vivaldi browser - Chrome experience and security with (almost) Firefox like customization - Tabs on the side being the most important one.

I would like to hear some opinions about this configuration, and especially about Vivaldi browser - any good/bad experiences out there?
 
Last edited:

pablozi

Level 25
Verified
Trusted
Hi!
Nice setup, however you can consider setting UAC to max and OS updates to "automatic".
My second thought is Admuncher - do you really need it since you have uBlock Origin? Isn't AdMuncher a dead product?
 

DJ Panda

Level 29
Verified
Looks good consider adding Zemana Anti-Malware as another On Demand Scanner in conjunction with MBAM and HitmanPro.
Setting updates and UAC to max is good too. Optional but possibly upgrade to Windows 10. Very good security.
 
D

Deleted Member 333v73x

Looks good, apart from:
  • Comodo Internet Security and Sophos Home - Two real-time AVs?
  • OS updates - Manual, you could make it automatic.
 

Predrag Radjenovic

Level 2
Verified
Hey there,

thanks for replying and liking. As I said, I want to upgrade soon, but I can't do a fresh install right now, as I'm up to neck with work. I tried a "Click-to-upgrade-from-Win-8" on another PC, and ended up with a disastrously slow system, so that's not an option. Also, I am waiting for Enterprise-N-ltsb license that should arrive next week, as I can't put up with "latest-features-through-update" bs - I need a solid, stable system without it constantly doing something in the background with possible sudden incompatibilities.

Hi!
Nice setup, however you can consider setting UAC to max and OS updates to "automatic".
My second thought is Admuncher - do you really need it since you have uBlock Origin? Isn't AdMuncher a dead product?
Setting UAC to the max, as well as working in non-admin account after finishing the entire setup is the plan, as well. I started writing a step-by-step notes for myself, as I'm likely to forget something at the last moment. Regarding the ad-muncher, it's gonna go - as it was made free, I wanted to try browsing without ABP slowing the FF down. It was only after that I discovered uBlock Origin, but never got to remove the ad-muncher. It's one of those "Bah, I'm going to do a fresh install anyway next week" situations. I don't have to mention that that day still didn't arrive, lol. Seriously now, I the plan is already in motion, so - soon.

Config looks good! Have you considered upgrading to Windows 10?
Thanks, yes.

Looks good consider adding Zemana Anti-Malware as another On Demand Scanner in conjunction with MBAM and HitmanPro.
Setting updates and UAC to max is good too. Optional but possibly upgrade to Windows 10. Very good security.
Yeah, I heard a lot of good stuff about Zemana from all around. I am thinking of it, although I'm a sucker for a free setup :D. I want to try as much as possible to utilize the system hardening, adding srp's and gpo's, setting read/write permissions right, and so on - it requires some extra planning and learning, but it will pay off either way in the end, I believe. Although, if I stumble on some ridiculous offer for it (like I did last night for BitDefender Total security 2016, 3 PC's, 1 year for 20$ :eek:) I will definitely buy it. Same goes for HitmanProAlert.

On a side note, I am also looking at Sandboxie, Voodoo shield, Bouncer, NoVirusThanks-ExeRadarPro, or the multiengine SecureAplus... All interesting new approaches to securing the endpoint (well this last one is not entirely new, but nvm)

Looks good, apart from:
  • Comodo Internet Security and Sophos Home - Two real-time AVs?
  • OS updates - Manual, you could make it automatic.
Yes, I haven't really explained well - Comodo's Antivirus is disabled, I run the Firewall with D+ mostly custom rules and Sandbox with Viruscope ON. Only Sophos is Realtime - I must say, I am pleasantly surprised by this one. It's a bit of a pain to set the excluded folders and files (persistent little guy with browser control), but after a bit of fiddling around, I quite like it.
Regarding the updates, I kind of had a little rage episode when I desperately needed to send a project correction urgently, and Windoze decided a session beforehand to leave only the Update-and-shutdown option. When I turned it on, I had to wait 45mins for it to finish updating. The client had to wait as well, which sucked, so I switched it to manual afterwards.

So, a question: Anyone noticed the trend lately that eastern AV's have better/faster definitions for zero-day malware? Coincidentally (of course), eastern based malware are prevalent ATM, and I wonder if anyone had some experience with these AVs - Qihoo or Baidu or Kingsoft, for example? Do you thnk it's worth adding them to your setup somehow - purely because of the signatures/response speed?

Thanks in advance,
Predrag
 

Predrag Radjenovic

Level 2
Verified
I installed the aforementioned Bitdefender Total 2016 on wifes Laptop with Win10 - I really didn't expect it to run so smooth and so light on it. Security wise, I only heard the best about it, so we'll see. Perhaps it ends up on my machine as well, together with all the tweaks and layers mentioned above.
The only thing I have to warn you about is that BD installs it's own certificate for SSL/TSL data encryption, which ends up not being recognized by the browser when visiting https websites - BD is effectively being seen as MITB. BD support says that this issue was fixed, and if it happens we should turn off SSL scanning. No need for that really, just manually import the certificate into the browser and you're good to go - thanks to the Billy S from BD forum - here's how:

Found this, it worked.
QUOTE (Savoy @ November 4, 2015, 7:11 PM) <{POST_SNAPBACK}>
Rebonsoir, Well, after much wasted time on this problem, I think I found a solution! (It would be good in future Firefox -portable- working with BitDefender ...) If it serve other people, I indicate here the process I followed: 1) for Windows 7: Start / certmgr.msc / Authorities certification trusted root / Certificates right click the BitDefender certificate / All tasks / Export / Next / Next / (choose a location and name the file) 2) Under Firefox Portable:Options / Advanced / View certificates / Import / (change the previously exported file and tick three boxes) Everything works flawlessly, as before . I'm proud of myself ;-))) Jerome, Savoie.
 

jamescv7

Level 85
Verified
Trusted
So, a question: Anyone noticed the trend lately that eastern AV's have better/faster definitions for zero-day malware? Coincidentally (of course), eastern based malware are prevalent ATM, and I wonder if anyone had some experience with these AVs - Qihoo or Baidu or Kingsoft, for example? Do you thnk it's worth adding them to your setup somehow - purely because of the signatures/response speed?
@Predrag Radjenovic: In my view, origin of the threats may one of the factor where fast response time may occur however very slight on the impact. AV's contains robotic components to gather numerous sources around the web so for there are times that identical countries contain more samples.

Now in the case of adding to a setup then make background check to yourself if what are your habits done in the internet. ;)
 
D

Deleted Member 333v73x

For Maximum Security:
  1. Enable UAC to 'Always Notify'.
  2. Add HTTPS Everywhere to your browsers.
  3. Change Windows Updates to 'Automatic'.
  4. Enable these in uBlock Origin:
ublock.PNG
 

Predrag Radjenovic

Level 2
Verified
EDIT: Updated the security configuration as I moved to W10 Enterprise LTSB. We'll see how this configuration goes, so far I am pleased with the overall system speed and responsiveness. Also, I am starting to slowly get used to using Vivaldi browser - Chrome experience and security with (almost) Firefox like customization - Tabs on the side being the most important one.

I would like to hear some opinions about this configuration, and especially about Vivaldi browser - any good/bad experiences out there?
 

Logethica

Level 12
Hey @Predrag Radjenovic :)
I really like your Config...
As you know Bitdefender is a top AV of late...Zemana is a top AM....and uBlock is Awesome IMO..
Personally I am a fan of an Anti-EXE,with Voodooshield being my favourite.
Unfortunately I am yet to use Vivaldi,so cannot give you feedback on it.
 

jamescv7

Level 85
Verified
Trusted
@Predrag Radjenovic : Well I use Vivaldi for about a month from now and overall the reliability is good alongside of quick responsiveness.

However loading times sometimes takes longer, likely because of customization and interface.
 

Predrag Radjenovic

Level 2
Verified
Well, I noticed a flaw in BitDefender Total Security 2016. After customizing the settings a bit, I ran into an error that obviously wasn't fixed for a while. Namely, I was unable to change Explorer options of showing/hiding hidden files. After digging through different forums for a while, the "solution" was to put back the Intrusion Prevention module setting from Medium to Permissive, as was on default. The forum reply was back from 2012, I think.
BD support told me it was because of MBAM real time protection (which I don't have, although I have MBAE free, so perhaps the effects are the same). Anyway, I'm too busy now to stretch that discussion to infinity, so I marked the issue as solved. Perhaps it's nothing serious, but it still feels kinda mehh...
 
Top