Latest Changes
Oct 10, 2019
Operating System
  • Windows 10
  • Windows Edition
    Pro
    Version or Build no.
    1903
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    3rd-party Firewall app by a trusted vendor
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Administrator
    Sign-in Accounts
    Google (@gmail.com)
    Sign-in Options
  • Password
  • Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    Windows Defender with Hard_Configurator
    Comodo Firewall
    RTP - Custom security settings
  • Minor changes for Increased security
  • RTP - Details of Custom security settings
    Windows Defender with some SRP rules
    H_C: EXE and TMP allowed
    CFW: ComodoFix config
    Windows firewall is enabled.
    Virus and Malware Removal Tools
    --
    Browsers and Extensions
    Chrome, Edge
    Privacy-focused Apps and Extensions
    uBlock Origin
    Password Managers
  • Bitwarden
  • Web Search
  • Google
  • System Utilities
    Hard_Configurator
    Data Backup
    Dropbox
    OneDrive
    GoogleDrive
    Frequency of Data backups
    Weekly
    System Backup
    Macrium Reflect
    Frequency of System backups
    Regularly
    Computer Activity
  • Online banking
  • Browsing web and email
  • Install new programs on a weekly basis
  • Shared device is used by family members
  • Download files from different sources
  • Office and work related tasks
  • Computer Specifications
    i5 6500
    integrated graphics
    8 gb ram
    SSD

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    If I remember correctly it blocks 3rd party everything by default but check as I haven't had to use the default since forever (save settings on the cloud).
    This is right. Out of the box it blocks 3rd party by default.
    I tried it out a little. Looks good! Thanks for the suggestion.
     
    • Like
    Reactions: Nevi and oldschool

    SHvFl

    Level 35
    Verified
    Trusted
    Content Creator
    This is right. Out of the box it blocks 3rd party by default.
    I tried it out a little. Looks good! Thanks for the suggestion.
    As usual it will be a bit annoying but the more you use it the less annoying it gets. I usually visit my normal websites from a umatrix browser and any research i want to do that will be on random websites is done on another browser (deletes on close).
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Trying out this config:
    Kaspersky Internet Security 2020 with Trusted Applications Mode
    Hard_Configurator (default-allow)

    I don't know what magic spells they uttered over Kaspersky 2020, but it is wicked fast.
     

    Andy Ful

    Level 48
    Verified
    Trusted
    Content Creator
    Sorry Andy, I will never skip H_C :)
    Although there is some advantage of using H_C even as default-allow (hardening + blocked Sponsors + forced SmartScreen + Documents Anti-Exploit), I think that KIS & TAM would be strong enough for most users. Please note, that in default - allow setup, PowerShell should be blocked because Constrained Language Mode works only in default - deny setup.:giggle:
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    What exactly is your H_C default-allow setup? Could you post here the screenshot?
    If you used Avast profile or Allow EXE, then it is stronger than default-allow setup.
    I used Windows_10_Recommended_Enhanced.hdc as a base, but I allowed EXE and TMP, and blocked *script.exe in Sponsors, and made a couple other modifications.
    What is the proper meaning of "default-allow", in terms of H_C?

    Annotation 2019-06-11 120721.png
     
    Last edited:

    Andy Ful

    Level 48
    Verified
    Trusted
    Content Creator
    I used Windows_10_Recommended_Enhanced.hdc as a base, but I allowed EXE and TMP, and blocked *script.exe in Sponsors, and made a couple other modifications.
    What is the proper meaning of "default-allow", in terms of H_C?

    View attachment 214833
    This is Allow-EXE setup. In your case, it is equal to the Enhanced default-deny setup (scripts, MSI, all files from Designated File Types List, blocked Sponsors). PowerShell works in Constrained Language Mode and only PowerShell command lines are allowed - PowerShell script files cannot be executed from hard local disks. Only EXE files are allowed to run Unrestricted.
    It is a hybrid between default-deny and default-allow setup. If you would use it with Avast Hardened Mode Aggressive, then H_C + Avast = default-deny setup.

    Default-allow setup has <Default Security Level> = Unrestricted. This forces PowerShell to Full Language Mode (it is not restricted any more) and all extensions from SRP Designated File Types are not protected in UserSpace except LNK files, if <More SRP ...> <Protect Shortcuts> = ON. The chosen Sponsors can be still blocked by SRP if <Block Sponsors> feature was used. Scripting can be blocked by <Disable Win. Script Host> = ON and <No PowerShell Exec> = ON or by blocking script Interpreters via <Bloc Sponsors>.
    The below is a typical default-allow setup based on Enhanced profile:
    214838
     
    Last edited:

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Trying out this config:
    Kaspersky Internet Security 2020 with Trusted Applications Mode
    Hard_Configurator (default-allow)
    I had a glitch with customized Kaspersky firewall settings, so I downgraded to Kaspersky Free Antivirus 2020, coupled with Hard_Configurator (default-deny, EXE blocked).
    It looks like the issue is solved, thanks to @harlan4096 the wizard. So I am checking out the 2021 technical preview...
     
    Last edited:

    Andy Ful

    Level 48
    Verified
    Trusted
    Content Creator
    Kaspersky with activated TAM works as a kind of SRP + forced SmartScreen. It can check/block the following file types: .bat, .cmd, .com, .js, .jse, .msc, .msi, .msp, .pif, .ps1, .reg, .scr, settingcontent-ms, .vbe, .vbs, .wsf, .wsh, and maybe some more.
    But it seems that .chm and .hta scriptlets are not covered.
     
    Last edited:

    Andy Ful

    Level 48
    Verified
    Trusted
    Content Creator
    I had no time to test .cpl, .dll, .ocx, .sys, .tmp (for DLL), .tmp (for .exe). Avast Hardened Mode Aggressive can block .tmp (for .exe) but not the rest.
    While activating TAM, the snapshot of executables already present on disk is made. So, these executables are automatically excluded from reputation checking, even when they are not recognized as Trusted.
     
    Last edited:

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Kaspersky with activated TAM works as a kind of SRP + forced SmartScreen. It can check/block the following file types: .bat, .cmd, .com, .js, .jse, .msc, .msi, .msp, .pif, .ps1, .reg, .scr, settingcontent-ms, .vbe, .vbs, .wsf, .wsh, and maybe some more.
    But it seems that .chm and .hta scriptlets are not covered.
    Interesting. TAM does more than I thought.
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Unfortunately, Kaspersky's behavior is not quite as consistent as I would hope for. I have a certain program with a firewall block rule, and every once in a while, like tonight for instance, it somehow manages to connect to the internet anyways, causing my whole system to freeze and the program itself to deactivate. So it looks like I am back to:
    Windows Defender with ConfigureDefender
    Windows Software Restriction Policies with Hard_Configurator

    .
     

    oldschool

    Level 35
    Verified
    Unfortunately, Kaspersky's behavior is not quite as consistent as I would hope for. I have a certain program with a firewall block rule, and every once in a while, like tonight for instance, it somehow manages to connect to the internet anyways, causing my whole system to freeze and the program itself to deactivate. So it looks like I am back to:
    Windows Defender with ConfigureDefender
    Windows Software Restriction Policies with Hard_Configurator

    .
    What a coincidence! I had an issue with KFA and website rendering, so it's been removed.