- Feb 10, 2012
- 585
Some windows security layer are off cause i use 3rd soft which work better
and i no need double layers.
and i no need double layers.
Windows 10 Configurate:
PowerShell script, CMD, java - all disabled
Deny elevation of unsigned executable.
Windows Features removed: Internet Explorer, XPS; SMB, Legacy Features, Media Features, etc...
Windows Defender deleted
Ask password for Admin Account
Enable Secure Sign in screen
Harden Windows 10 - A Security Guide. How to secure Windows 10
All traffic connection are disabled from up. Manual enabled only for few program and games.
Auto-update in most apps disabled cause i use 24/7 Shadow defender.
Security Software:
Firewall: SpyShelter Firewall + NetLimiter
HIPS: SpyShelter Firewall
Vritualization: Shadow Defender, VMware Workstation
Sandbox: Sandboxie
SRP: Sandboxie , SSFW
Keystore encryption: SpyShelter Firewall,
Antivirus: SecureAPlus Beta(+Avira/APEX)
Web protection: Adguard, K9, Web Protection
Extra scanner on demand: Zemana, Malwarebytes
Ads blocker & web filter: Adguard
Filters: facebook annoyances blocker, English Filter, Spyware filter, Social media filter, Adblock & uBlock polish filter, Adblock & uBlock polish cookies filter
Block: WebRTC, Push API, Location API, Flash and Java
Disable WFP casue conflic with MBAM web filter.
Backup System: Paragon (2 system image) on external disk which i connect only during backup.
-1st is virgin system almost after fresh install with only some system basic tweaks no 3rd software.
-2 Ready to use with all 3rd software configured
Files backup by Paragon and some important files i also yet upload encrypted to cloud solution by SpiderOak
Software Hardering/ex setup:
Sandboxie limit resource access etc. by ssj100's Security Setup
Read and/or Write access only for files for specific programs which require to work. Rest partition/folder are blocked/hiden for all rest apps.
SpyShelterFW SRP Restricted Applications | SpyShelter Anti-Keylogger
(Auto allow - high, module 48 50 54 set to no - ssfw will always ask me even if app is trusted for allow to conect)
NetLimiter -All apps limited to 80% usage bandwidth (I can play and DL in same time with out lag)
Shadow Defender:
- All disk/partitions covered 24/7
- temp Cache in RamDisk set to 5GB
- some exclusion path folder/reg for only few other security software.
System Performance/setup:
Services setup based on Home | Black Viper | www.blackviper.com
PageFile: Disabled
Some privacy:
Telemetry: killed by OOSU10 + Windows 10 Privacy Guide - Spring Creators Update
Disks Encrypted: VeraCrypt
Mask IP: ProtonVPN and Nord VPN
2FA: Authy
Other info:
Malwarelab (On another machine): VMware Workstation Pro
PowerShell script, CMD, java - all disabled
Deny elevation of unsigned executable.
Windows Features removed: Internet Explorer, XPS; SMB, Legacy Features, Media Features, etc...
Windows Defender deleted
Ask password for Admin Account
Enable Secure Sign in screen
Harden Windows 10 - A Security Guide. How to secure Windows 10
All traffic connection are disabled from up. Manual enabled only for few program and games.
Auto-update in most apps disabled cause i use 24/7 Shadow defender.
Security Software:
Firewall: SpyShelter Firewall + NetLimiter
HIPS: SpyShelter Firewall
Vritualization: Shadow Defender, VMware Workstation
Sandbox: Sandboxie
SRP: Sandboxie , SSFW
Keystore encryption: SpyShelter Firewall,
Antivirus: SecureAPlus Beta(+Avira/APEX)
Web protection: Adguard, K9, Web Protection
Extra scanner on demand: Zemana, Malwarebytes
Ads blocker & web filter: Adguard
Filters: facebook annoyances blocker, English Filter, Spyware filter, Social media filter, Adblock & uBlock polish filter, Adblock & uBlock polish cookies filter
Block: WebRTC, Push API, Location API, Flash and Java
Disable WFP casue conflic with MBAM web filter.
Backup System: Paragon (2 system image) on external disk which i connect only during backup.
-1st is virgin system almost after fresh install with only some system basic tweaks no 3rd software.
-2 Ready to use with all 3rd software configured
Files backup by Paragon and some important files i also yet upload encrypted to cloud solution by SpiderOak
Software Hardering/ex setup:
Sandboxie limit resource access etc. by ssj100's Security Setup
Read and/or Write access only for files for specific programs which require to work. Rest partition/folder are blocked/hiden for all rest apps.
1. Create as many separate sandboxes as is required for your internet facing applications. Try to have one separate sandbox per internet facing application.
2. In each sandbox, use the appropriate start/run and internet access restrictions and only allow your program to start/run and access internet within its sandbox. You may also need to allow other programs depending on whether the application interacts with other processes.
3. In each sandbox, block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
4. In each sandbox, configure Read-Only access to C:\WINDOWS
5. In each sandbox, force the relevant application to always run in its sandbox
6. Do not use any OpenFilePath rules for any internet browsers (note there are a few exceptions here, like enabling an OpenFilePath rule to allow direct access to Firefox phishing database)
7. You will need at least 2 browsers. One browser will be used for everyday browsing and other non-critical/sensitive activity.
8. The other browser will be used for online banking and other critical/sensitive activity.
9. For the browser in step 8, configure its sandbox to automatically delete whenever the browser closes.
10. Depending on the nature of your other internet facing applications, you may choose to also configure their respective sandboxes to automatically delete on closing.
11. This step is obviously optional: have one sandbox to test applications/malware in (the DefaultBox will do) where the only configurations are to enable automatically delete and block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
12. Create separate sandboxes for each USB/external drive hardware you have connected (or would connect) to your computer. Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
13. Create separate sandbox(es) for your CD/DVD drive(s). Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
14. Create a separate sandbox for your Virtual Machine program. Other configurations/restrictions may be applied here (see above).
15. Create a separate sandbox for opening newly introduced files (with a sandboxed explorer.exe) on your REAL system. For easy access, you will also need to create a shortcut to this sandbox and place this shortcut appropriately. Configure this sandbox to automatically delete on closing. Please click here for more information about this step.
16. This step is only necessary if you're using SRP to block cmd.exe (see above):
Make a copy of cmd.exe and rename it (eg. cmd1234.exe). Change the Sandboxie Delete Command accordingly in each sandbox to:
%SystemRoot%\System32\cmd1234.exe /c RMDIR /s /q "%SANDBOX%"
2. In each sandbox, use the appropriate start/run and internet access restrictions and only allow your program to start/run and access internet within its sandbox. You may also need to allow other programs depending on whether the application interacts with other processes.
3. In each sandbox, block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
4. In each sandbox, configure Read-Only access to C:\WINDOWS
5. In each sandbox, force the relevant application to always run in its sandbox
6. Do not use any OpenFilePath rules for any internet browsers (note there are a few exceptions here, like enabling an OpenFilePath rule to allow direct access to Firefox phishing database)
7. You will need at least 2 browsers. One browser will be used for everyday browsing and other non-critical/sensitive activity.
8. The other browser will be used for online banking and other critical/sensitive activity.
9. For the browser in step 8, configure its sandbox to automatically delete whenever the browser closes.
10. Depending on the nature of your other internet facing applications, you may choose to also configure their respective sandboxes to automatically delete on closing.
11. This step is obviously optional: have one sandbox to test applications/malware in (the DefaultBox will do) where the only configurations are to enable automatically delete and block file access to any areas of your computer containing sensitive information (eg. “My Documents”).
12. Create separate sandboxes for each USB/external drive hardware you have connected (or would connect) to your computer. Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
13. Create separate sandbox(es) for your CD/DVD drive(s). Force run the relevant drive letter to run in the relevant sandbox. Other configurations/restrictions may be applied here (see above).
14. Create a separate sandbox for your Virtual Machine program. Other configurations/restrictions may be applied here (see above).
15. Create a separate sandbox for opening newly introduced files (with a sandboxed explorer.exe) on your REAL system. For easy access, you will also need to create a shortcut to this sandbox and place this shortcut appropriately. Configure this sandbox to automatically delete on closing. Please click here for more information about this step.
16. This step is only necessary if you're using SRP to block cmd.exe (see above):
Make a copy of cmd.exe and rename it (eg. cmd1234.exe). Change the Sandboxie Delete Command accordingly in each sandbox to:
%SystemRoot%\System32\cmd1234.exe /c RMDIR /s /q "%SANDBOX%"
(Auto allow - high, module 48 50 54 set to no - ssfw will always ask me even if app is trusted for allow to conect)
NetLimiter -All apps limited to 80% usage bandwidth (I can play and DL in same time with out lag)
Shadow Defender:
- All disk/partitions covered 24/7
- temp Cache in RamDisk set to 5GB
- some exclusion path folder/reg for only few other security software.
System Performance/setup:
Services setup based on Home | Black Viper | www.blackviper.com
PageFile: Disabled
Some privacy:
Telemetry: killed by OOSU10 + Windows 10 Privacy Guide - Spring Creators Update
Disks Encrypted: VeraCrypt
Mask IP: ProtonVPN and Nord VPN
2FA: Authy
Other info:
Malwarelab (On another machine): VMware Workstation Pro
Wallpaper Engine
Ashampo Snap
Mirilis Action
Notepad++
NitroPDF
Total Commander
Microsoft Office (Excel and Word)
Discord
MPC-HC
AIMP + FxSound Enhancer
Spotify
Droid4X
Ashampo Snap
Mirilis Action
Notepad++
NitroPDF
Total Commander
Microsoft Office (Excel and Word)
Discord
MPC-HC
AIMP + FxSound Enhancer
Spotify
Droid4X
Duelyst
RIFT
Warhammer: Vermintide 2
Dying light
Dota 2
RIFT
Warhammer: Vermintide 2
Dying light
Dota 2
Paragon Hard Disk Manager
Hiren & Parted Magic
Avira Rescue CD
Hiren & Parted Magic
Avira Rescue CD
Last edited:
