SECURITY: Complete Serious Hoax's Security Configuration 2020

Last updated
Dec 19, 2020
About
Personal, primary device
Desktop OS
Windows 10
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
1. ConfigureDefender with Protection Level set to High + some additional changes including Cloud Protection Level set to "Block", Cloud Check Timeout to "60s", "Block process creations originating from PSExec and WMI commands" set to "On".

2. Hard_Configurator with "Windows_10_MT_Windows_Security_hardening" profile + few custom changes.

3. Firewall Hardening with all LOLBins blocked.
Malware testing
Periodic security scanners
Emsisoft Emergency Kit
Norton Power Eraser
Browsers, Search and Addons
Browser:
Firefox (Primary)
Microsoft Edge (Rarely)

uBlock Origin Hard mode with custom changes
ClearURLs
Cookie AutoDelete
Bitwarden - Free Password Manager
Checker Plus for Gmail
Enhancer for YouTube
Minimal Scrollbar (Edge only)
TrafficLight (Occasional)
Maintenance and Cleaning
Ccleaner portable
Personal Files & Photos backup
Mega.nz
Google Drive
Google Photos
Personal backup routine
Device recovery & backup
Macrium Reflect Free
Device backup routine
PC activity
  1. Browsing the web. 
  2. Working from home. 
  3. PC and cloud gaming. 
  4. Streaming. 
  5. Malware samples. 
Computer specs
Motherboard: Gigabyte B450M S2H ULTRA Durable
CPU: AMD Ryzen 5 3400G with RX Vega 11 Graphics
Ram: Team Dark Z 2x8 GB = 16 GB DDR4 3200MHz Gaming Ram
Storage: Transcend 110S 512GB M.2 2280 NVMe SSD, 500 GB Hitachi HDD
Personal changelog
11.10.2020: Replaced motherboard "ASRock B450M-HDV R4.0" with "Gigabyte B450M S2H ULTRA Durable"
21.10.20: Upgraded to Windows 10 20H2
23.10.20: Replaced Microsoft Defender and related tools Configure_Defender, Firewall Hardening with ESET Internet Security 14.0.21.0
24.10.20: Replaced ESET IS with Microsoft Defender
27.10.20: Replaced Microsoft Defender with Kaspersky Free
30.10.20: Back to Microsoft Defender, Added Adguard Home for DNS over QUIC
01.11.20: Disabled Adguard Home
19.12.20: Freshly installed Windows 10 Enterprise 20H2

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,325
I don't know much about it. What are the requirements? Does it require TPM?
I actually used to use Sandboxie before to open those sites but it hasn't been updated in 7 months since it became open source and the last time I tried in 20H1 it crashed.
You may like trying out the new open-source version Sandboxie developed by @DavidXanatos his version is able to run properly without crashes so far!

Just download only the file SandboxieInstall64-v5.43.6.exe the other version Sandboxie-Plus includes advanced features...

NOTE: there is an issue with Sandboxie driver signing certificate, read more below on GitHub:
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,660
You may like trying out the new open-source version Sandboxie developed by @DavidXanatos his version is able to run properly without crashes so far!

Just download only the file SandboxieInstall64-v5.43.6.exe the other version Sandboxie-Plus includes advanced features...

NOTE: there is an issue with Sandboxie driver signing certificate, read more below on GitHub:
Actually I know about this fork but this certificate issue is the main reason I didn't want to install it. Do you use it?
 
F

ForgottenSeer 85179

I don't know much about it. What are the requirements? Does it require TPM?
I actually used to use Sandboxie before to open those sites but it hasn't been updated in 7 months since it became open source and the last time I tried in 20H1 it crashed.
No need for more surface attack with Sandboxie.

Requirements aren't much and TPM isn't needed. Read:
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,660
@SeriousHoax were those scripts located inside the browser cache folder?
Yes cache folder. So deleting cache is the easiest solution. I tend to keep cache for faster loading.
I tried it for testing purposes, but I prefer to wait for valid signed driver, I'm may considering to donate a few bucks once...
Hmm same. I'm also waiting for that.
No need for more surface attack with Sandboxie.

Requirements aren't much and TPM isn't needed. Read:
I'll check this out. But the easiest solution for me if I want to stick to Defender would be to always and always browse those streaming sites in incognito/private mode (Which I do most of the time but often forget), delete browser cache now and then and keep an portable second opinion scanner like EEK just in case to make sure everything is alright. Also scripts saving in browser cache is not a common, regular occurrence.
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,919
Yes cache folder. So deleting cache is the easiest solution. I tend to keep cache for faster loading.

Hmm same. I'm also waiting for that.

I'll check this out. But the easiest solution for me if I want to stick to Defender would be to always and always browse those streaming sites in incognito/private mode (Which I do most of the time but often forget), delete browser cache now and then and keep an portable second opinion scanner like EEK just in case to make sure everything is alright. Also scripts saving in browser cache is not a common, regular occurrence.
Thanks for posting about this problem (y)
For me it's a valid reason to go to Kaspersky Security Cloud Free like you did.
Those other options like application guard, sandboxie, incognito mode or clearing cache are great but not so practical, especially on a shared family computer.
 
F

ForgottenSeer 85179

I'll check this out. But the easiest solution for me if I want to stick to Defender would be to always and always browse those streaming sites in incognito/private mode (Which I do most of the time but often forget), delete browser cache now and then and keep an portable second opinion scanner like EEK just in case to make sure everything is alright. Also scripts saving in browser cache is not a common, regular occurrence.
incognito/ private mode always delete all data after closing. Same for Application Guard while Application Guard protect the PC better and even if the session gets compromised, it's gone after session closed.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,660
Thanks for posting about this problem (y)
For me it's a valid reason to go to Kaspersky Security Cloud Free like you did.
Those other options like application guard, sandboxie, incognito mode or clearing cache are great but not so practical, especially on a shared family computer.
Thanks. But I would also like to mention that, this particular javascript file alone on the disk can't do any harm on your system. It only works on browser level. I also didn't see any ad on the browser and no adware was downloaded so the system was safe and if some apps were downloaded then Defender with PUA enabled probably would've detected it. It's possible that I may have slightly overreacted.
If your family PC has been safe so far then no need the change from Defender to something else just because I had this incident. But of course something like Kaspersky Free is an amazing free alternative. Even then, Kaspersky with "inject script into web traffic/the browser extension" enabled causes input lag while typing on some sites including our MalwareTips. This is a sort of annoying bug an average user would never be able to troubleshoot. So the fact still remains that, "Microsoft Defender is the least problematic AV out there".
 
Last edited:

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,919
Thanks. But I would also like to mention that, this particular javascript file alone on the disk can't do any harm on your system. It only works on browser level. I also didn't see any ad on the browser and no adware was downloaded so the system was safe and if some apps were downloaded then Defender with PUA enabled probably would've detected it. It's possible that I may have slightly overreacted.
If your family PC has been safe so far then no need the change from Defender to something else just because I had this incident. But of course something like Kaspersky Free is an amazing free alternative. Even then, Kaspersky with "inject script into web traffic/the browser extension" enabled causes input lag while typing on some sites including our MalwareTips. This is a sort of annoying bug an average user would never be able to troubleshoot. So the fact still remains that, "Microsoft Defender is the least problematic AV out there".
I completely agree with you, but I always had the same "problem" when testing malware. It was blocked but remained in the browser cache.
Harmless but annoying, adding a browser extension like Bitdefender TrafficLight or using another AV like I did before (F-Secure Safe or Kaspersky Security Cloud Free) solves that.
Kaspersky Security Cloud Free is an amazing AV and doesn't slow down my system or browsing and has better PUP protection.
I don't have input lag. That could also be caused by Kaspersky's password extension that I don't use.
 
Last edited:

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,660
I completely agree with you, but I always had the same "problem" when testing malware. It was blocked but remained in the browser cache.
Harmless but annoying, adding a browser extension like Bitdefender TrafficLight or using another AV like I did before (F-Secure Safe or Kaspersky Security Cloud Free) solves that.
Kaspersky Security Cloud Free is an amazing AV and doesn't slow down my system or browsing and has better PUP protection.
I don't have input lag. That could also be caused by Kaspersky's password extension that I don't use.
Right, Bitdefender TrafflicLight is a great addition for those scenarios.
I don't use Kaspersky password extension either but there's input lag if I have script injection or the Kaspersky Protection extension installed. I also found about it in Kaspersky forum and they said they are aware of it and will be fixed in November.
 

oldschool

Level 61
Verified
Mar 29, 2018
5,033
deleting cache is the easiest solution. I tend to keep cache for faster loading.
Easy to do and, frankly, I think its effect on page loading is negligible with modern browsers.
If your family PC has been safe so far then no need the change from Defender to something else just because I had this incident.
Agree wholeheartedly. We tend to get "twitchy" on MT! :D
Yes, uBO in medium mode is good enough.
And yes again! especially for risky browsing of any kind.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,660
Reverted back to a system image before installing any third party AV. I kept losing space on my C drive, not sure why. More than 4 gb lately. There's no malware that's for sure and checking via WinDirStat didn't reveal anything worth noteworthy either. So reverted back to a problem free image, so back to Windows Defender again. I may later do a clean installation of 20H2.
Reading this two articles again made me think about HTTPS scanning again so not meddling with that for the time being.
1) Exploiting Bitdefender Antivirus: RCE from any website
2) Kaspersky in the Middle – what could possibly go wrong?

Added Adguard Home and using DNS over QUIC of Adguard DNS. Don't know if it's Adguard Home or DNS over QUIC but some pages are honestly loading slightly faster. I often measure page loading speed with a stopwatch to make sure there's no placebo effect involved. Whatever it is, I'm happy.
Also back to using Firefox as the main browser again and Edge as a backup. I may create a thread later discussing the reason behind it but it's nothing too serious.
q.pngz.png
Hopefully I won't make any more changes to the system and only update here with a comment if there's something worth mentioning.
 
Last edited:
Top