Advanced Plus Security Serious Hoax's Security Configuration 2020

Last updated
Dec 19, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates
User Access Control
Always notify
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
1. ConfigureDefender with Protection Level set to High + some additional changes including Cloud Protection Level set to "Block", Cloud Check Timeout to "60s", "Block process creations originating from PSExec and WMI commands" set to "On".

2. Hard_Configurator with "Windows_10_MT_Windows_Security_hardening" profile + few custom changes.

3. Firewall Hardening with all LOLBins blocked.
Periodic malware scanners
Emsisoft Emergency Kit
Norton Power Eraser
Malware sample testing
Browser(s) and extensions
Browser:
Firefox (Primary)
Microsoft Edge (Rarely)

uBlock Origin Hard mode with custom changes
ClearURLs
Cookie AutoDelete
Bitwarden - Free Password Manager
Checker Plus for Gmail
Enhancer for YouTube
Minimal Scrollbar (Edge only)
TrafficLight (Occasional)
Maintenance tools
Ccleaner portable
File and Photo backup
Mega.nz
Google Drive
Google Photos
System recovery
Macrium Reflect Free
Risk factors
    • Browsing to popular websites
    • Working from home
    • Gaming
    • Streaming audio/video content from shady sites
    • Downloading malware samples
Computer specs
Motherboard: Gigabyte B450M S2H ULTRA Durable
CPU: AMD Ryzen 5 3400G with RX Vega 11 Graphics
Ram: Team Dark Z 2x8 GB = 16 GB DDR4 3200MHz Gaming Ram
Storage: Transcend 110S 512GB M.2 2280 NVMe SSD, 500 GB Hitachi HDD
Notable changes
11.10.2020: Replaced motherboard "ASRock B450M-HDV R4.0" with "Gigabyte B450M S2H ULTRA Durable"
21.10.20: Upgraded to Windows 10 20H2
23.10.20: Replaced Microsoft Defender and related tools Configure_Defender, Firewall Hardening with ESET Internet Security 14.0.21.0
24.10.20: Replaced ESET IS with Microsoft Defender
27.10.20: Replaced Microsoft Defender with Kaspersky Free
30.10.20: Back to Microsoft Defender, Added Adguard Home for DNS over QUIC
01.11.20: Disabled Adguard Home
19.12.20: Freshly installed Windows 10 Enterprise 20H2

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
Why did you then not just use edge application guard?
I don't know much about it. What are the requirements? Does it require TPM?
I actually used to use Sandboxie before to open those sites but it hasn't been updated in 7 months since it became open source and the last time I tried in 20H1 it crashed.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,265
I don't know much about it. What are the requirements? Does it require TPM?
I actually used to use Sandboxie before to open those sites but it hasn't been updated in 7 months since it became open source and the last time I tried in 20H1 it crashed.
You may like trying out the new open-source version Sandboxie developed by @DavidXanatos his version is able to run properly without crashes so far!

Just download only the file SandboxieInstall64-v5.43.6.exe the other version Sandboxie-Plus includes advanced features...

NOTE: there is an issue with Sandboxie driver signing certificate, read more below on GitHub:
 

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
You may like trying out the new open-source version Sandboxie developed by @DavidXanatos his version is able to run properly without crashes so far!

Just download only the file SandboxieInstall64-v5.43.6.exe the other version Sandboxie-Plus includes advanced features...

NOTE: there is an issue with Sandboxie driver signing certificate, read more below on GitHub:
Actually I know about this fork but this certificate issue is the main reason I didn't want to install it. Do you use it?
 
F

ForgottenSeer 85179

I don't know much about it. What are the requirements? Does it require TPM?
I actually used to use Sandboxie before to open those sites but it hasn't been updated in 7 months since it became open source and the last time I tried in 20H1 it crashed.
No need for more surface attack with Sandboxie.

Requirements aren't much and TPM isn't needed. Read:
 

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
@SeriousHoax were those scripts located inside the browser cache folder?
Yes cache folder. So deleting cache is the easiest solution. I tend to keep cache for faster loading.
I tried it for testing purposes, but I prefer to wait for valid signed driver, I'm may considering to donate a few bucks once...
Hmm same. I'm also waiting for that.
No need for more surface attack with Sandboxie.

Requirements aren't much and TPM isn't needed. Read:
I'll check this out. But the easiest solution for me if I want to stick to Defender would be to always and always browse those streaming sites in incognito/private mode (Which I do most of the time but often forget), delete browser cache now and then and keep an portable second opinion scanner like EEK just in case to make sure everything is alright. Also scripts saving in browser cache is not a common, regular occurrence.
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Yes cache folder. So deleting cache is the easiest solution. I tend to keep cache for faster loading.

Hmm same. I'm also waiting for that.

I'll check this out. But the easiest solution for me if I want to stick to Defender would be to always and always browse those streaming sites in incognito/private mode (Which I do most of the time but often forget), delete browser cache now and then and keep an portable second opinion scanner like EEK just in case to make sure everything is alright. Also scripts saving in browser cache is not a common, regular occurrence.
Thanks for posting about this problem (y)
For me it's a valid reason to go to Kaspersky Security Cloud Free like you did.
Those other options like application guard, sandboxie, incognito mode or clearing cache are great but not so practical, especially on a shared family computer.
 
F

ForgottenSeer 85179

I'll check this out. But the easiest solution for me if I want to stick to Defender would be to always and always browse those streaming sites in incognito/private mode (Which I do most of the time but often forget), delete browser cache now and then and keep an portable second opinion scanner like EEK just in case to make sure everything is alright. Also scripts saving in browser cache is not a common, regular occurrence.
incognito/ private mode always delete all data after closing. Same for Application Guard while Application Guard protect the PC better and even if the session gets compromised, it's gone after session closed.
 

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
Thanks for posting about this problem (y)
For me it's a valid reason to go to Kaspersky Security Cloud Free like you did.
Those other options like application guard, sandboxie, incognito mode or clearing cache are great but not so practical, especially on a shared family computer.
Thanks. But I would also like to mention that, this particular javascript file alone on the disk can't do any harm on your system. It only works on browser level. I also didn't see any ad on the browser and no adware was downloaded so the system was safe and if some apps were downloaded then Defender with PUA enabled probably would've detected it. It's possible that I may have slightly overreacted.
If your family PC has been safe so far then no need the change from Defender to something else just because I had this incident. But of course something like Kaspersky Free is an amazing free alternative. Even then, Kaspersky with "inject script into web traffic/the browser extension" enabled causes input lag while typing on some sites including our MalwareTips. This is a sort of annoying bug an average user would never be able to troubleshoot. So the fact still remains that, "Microsoft Defender is the least problematic AV out there".
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,421
Thanks. But I would also like to mention that, this particular javascript file alone on the disk can't do any harm on your system. It only works on browser level. I also didn't see any ad on the browser and no adware was downloaded so the system was safe and if some apps were downloaded then Defender with PUA enabled probably would've detected it. It's possible that I may have slightly overreacted.
If your family PC has been safe so far then no need the change from Defender to something else just because I had this incident. But of course something like Kaspersky Free is an amazing free alternative. Even then, Kaspersky with "inject script into web traffic/the browser extension" enabled causes input lag while typing on some sites including our MalwareTips. This is a sort of annoying bug an average user would never be able to troubleshoot. So the fact still remains that, "Microsoft Defender is the least problematic AV out there".
I completely agree with you, but I always had the same "problem" when testing malware. It was blocked but remained in the browser cache.
Harmless but annoying, adding a browser extension like Bitdefender TrafficLight or using another AV like I did before (F-Secure Safe or Kaspersky Security Cloud Free) solves that.
Kaspersky Security Cloud Free is an amazing AV and doesn't slow down my system or browsing and has better PUP protection.
I don't have input lag. That could also be caused by Kaspersky's password extension that I don't use.
 
Last edited:

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
The more paranoid me would return to using NoScript when I was a happy clicker (saved my bacon los of times) but my Edge AppGuard tweaks and uBO medium tweaked is probably sufficient.
Yes, uBO in medium mode is good enough. I disabled mine while watching those stream, otherwise this wouldn't have happened.
 

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
I completely agree with you, but I always had the same "problem" when testing malware. It was blocked but remained in the browser cache.
Harmless but annoying, adding a browser extension like Bitdefender TrafficLight or using another AV like I did before (F-Secure Safe or Kaspersky Security Cloud Free) solves that.
Kaspersky Security Cloud Free is an amazing AV and doesn't slow down my system or browsing and has better PUP protection.
I don't have input lag. That could also be caused by Kaspersky's password extension that I don't use.
Right, Bitdefender TrafflicLight is a great addition for those scenarios.
I don't use Kaspersky password extension either but there's input lag if I have script injection or the Kaspersky Protection extension installed. I also found about it in Kaspersky forum and they said they are aware of it and will be fixed in November.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,711
deleting cache is the easiest solution. I tend to keep cache for faster loading.
Easy to do and, frankly, I think its effect on page loading is negligible with modern browsers.
If your family PC has been safe so far then no need the change from Defender to something else just because I had this incident.
Agree wholeheartedly. We tend to get "twitchy" on MT! :D
Yes, uBO in medium mode is good enough.
And yes again! especially for risky browsing of any kind.
 

SeriousHoax

Level 49
Thread author
Verified
Top Poster
Well-known
Mar 16, 2019
3,880
Reverted back to a system image before installing any third party AV. I kept losing space on my C drive, not sure why. More than 4 gb lately. There's no malware that's for sure and checking via WinDirStat didn't reveal anything worth noteworthy either. So reverted back to a problem free image, so back to Windows Defender again. I may later do a clean installation of 20H2.
Reading this two articles again made me think about HTTPS scanning again so not meddling with that for the time being.
1) Exploiting Bitdefender Antivirus: RCE from any website
2) Kaspersky in the Middle – what could possibly go wrong?

Added Adguard Home and using DNS over QUIC of Adguard DNS. Don't know if it's Adguard Home or DNS over QUIC but some pages are honestly loading slightly faster. I often measure page loading speed with a stopwatch to make sure there's no placebo effect involved. Whatever it is, I'm happy.
Also back to using Firefox as the main browser again and Edge as a backup. I may create a thread later discussing the reason behind it but it's nothing too serious.
q.pngz.png
Hopefully I won't make any more changes to the system and only update here with a comment if there's something worth mentioning.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top