SECURITY: Complete Shmu26 Windows Config in 2019

Last updated
Oct 10, 2019
Windows Edition
Pro
Sign-in identity
Sign in with Google account
Log-in security
    • Account password
Permissions
Administrator user account
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Malware samples
No - malware is not downloaded
Firewall protection
Provided by a third-party security vendor - see details below.
Real-time malware protection
Windows Defender with Hard_Configurator
Comodo Firewall
RTP & OS hardening settings
Windows Defender with some SRP rules
H_C: EXE and TMP allowed
CFW: ComodoFix config
Windows firewall is enabled.
Periodic scanning
--
Browsers
Chrome, Edge
Optimisation apps
Hard_Configurator
My Files & Photos backup
Dropbox
OneDrive
GoogleDrive
My Files backup schedule
Manual - every week to the cloud, or local attached storage
Device recovery & settings
Macrium Reflect
Device backup schedule
Manual - backups are made in my own time to local attached storage
Computer specifications
i5 6500
integrated graphics
8 gb ram
SSD
Device activity usage
  1. Financial and sensitive documents
  2. Generic web browsing
  3. Downloading and installing new software(s)
  4. Shared among other family members
  5. Downloading files from unfamiliar sites
  6. Working from home

blackice

Level 28
Verified
Apr 1, 2019
1,733
Unfortunately, Kaspersky's behavior is not quite as consistent as I would hope for. I have a certain program with a firewall block rule, and every once in a while, like tonight for instance, it somehow manages to connect to the internet anyways, causing my whole system to freeze and the program itself to deactivate. So it looks like I am back to:
Windows Defender with ConfigureDefender
Windows Software Restriction Policies with Hard_Configurator

.
Keep it simple, keep it safe!
 

blackice

Level 28
Verified
Apr 1, 2019
1,733
I am considering going back to WD after Sophos deleted Configure Defender while my router was rebooting. To be fair it put it back once I got the internet back and it did cloud analysis.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
7,970
Default-allow setup has <Default Security Level> = Unrestricted. This forces PowerShell to Full Language Mode
And what happens if I set the Windows environment variable PSLockdownPolicy 4 ? Does "Unrestricted" override the Windows environment variable?
 
  • Like
Reactions: oldschool

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
7,970
Manjaro with the default Xfce desktop.

Manjaro keeps the OS and applications very up to date, and since it is Arch, you don't have the security issues of PPAs and/or installing from random downloads like you do with Ubuntu and its forks.

Manjaro requires more troubleshooting and software installation skills than Ubuntu and its forks do, but the forum is helpful and friendly, and google finds a lot of info on Manjaro and Arch.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
7,970
Back to Windows. It's too much work juggling Linux + Windows in a virtual machine, when Windows alone does everything I need. It's less glamorous this way, but KISS wins.
Windows Defender + Hard_Configurator with EXE and TMP allowed.
Comodo Firewall with ComodoFix config and Windows firewall enabled.
 
Last edited:

LDogg

Level 33
Verified
May 4, 2018
2,201
Back to Windows. It's too much work juggling Linux + Windows in a virtual machine, when Windows alone does everything I need. It's less glamorous this way, but KISS wins.
Windows Defender + Hard_Configurator with EXE and TMP allowed.
Comodo Firewall with ComodoFix config and Windows firewall enabled.
Unless I'm missing something with the Comodofix Config, you have two Firewalls running correct?

~LDogg
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
7,970
Unless I'm missing something with the Comodofix Config, you have two Firewalls running correct?

~LDogg
Correct :)
If you don't have an advanced firewall config, CFW and WFW work well together. That's what @cruelsister always says, and it's true.
My CFW has the 3 exceptions of Comodofix Config, and my WFW has the recommended block rules of Hard_Configurator, and it works smoothly.

Explanation: with ComodoFix config, CFW is at less than full strength in system space (this is in order to avoid a slew of unnecessary network blocks), so that's why it is advisable not to disable WFW.
 
Last edited:

Glynn

Level 2
Aug 16, 2017
66
Back to Windows. It's too much work juggling Linux + Windows in a virtual machine, when Windows alone does everything I need. It's less glamorous this way, but KISS wins.
Windows Defender + Hard_Configurator with EXE and TMP allowed.
Comodo Firewall with ComodoFix config and Windows firewall enabled.
I find that windows inside virtualbox does not want to activate when connected to the internet, any way to solve that issue?
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
7,970
I find that windows inside virtualbox does not want to activate when connected to the internet, any way to solve that issue?
Hmm, I don't know, I didn't have any activation problems. If you are using a single license, keep in mind that the VM is considered a different machine, and thus needs a different license.
If you have a volume license installation, it will work even without any activation at all, but you can't do certain customizations, such as choose your wallpaper.
That's about all I know about it.

again? you play ping-pong lol.
why not, like me, having one machine for Linux and one for Windows...will save you time...
Hi Umbra, it's great to see you active once again on MT! :)
Yes, I am guilty of ping pong, but with Macrium Reflect, ping pong is a pretty easy game to play. Sometimes I need to fix grub, that's all.
 
Top