Advanced Plus Security Shmu26 Windows Config in 2019

Last updated
Oct 10, 2019
Windows Edition
Pro
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Windows Defender with Hard_Configurator
Comodo Firewall
Firewall security
About custom security
Windows Defender with some SRP rules
H_C: EXE and TMP allowed
CFW: ComodoFix config
Windows firewall is enabled.
Periodic malware scanners
--
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome, Edge
Maintenance tools
Hard_Configurator
File and Photo backup
Dropbox
OneDrive
GoogleDrive
System recovery
Macrium Reflect
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Downloading software and files from reputable sites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
Computer specs
i5 6500
integrated graphics
8 gb ram
SSD

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If I remember correctly it blocks 3rd party everything by default but check as I haven't had to use the default since forever (save settings on the cloud).
This is right. Out of the box it blocks 3rd party by default.
I tried it out a little. Looks good! Thanks for the suggestion.
 
  • Like
Reactions: Nevi and oldschool

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
This is right. Out of the box it blocks 3rd party by default.
I tried it out a little. Looks good! Thanks for the suggestion.
As usual it will be a bit annoying but the more you use it the less annoying it gets. I usually visit my normal websites from a umatrix browser and any research i want to do that will be on random websites is done on another browser (deletes on close).
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Trying out this config:
Kaspersky Internet Security 2020 with Trusted Applications Mode
Hard_Configurator (default-allow)

I don't know what magic spells they uttered over Kaspersky 2020, but it is wicked fast.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
They have improved also the speed when TAM is enabled, I reported some slowdown when opening applications + TAM On during beta testing and in later beta builds I already noticed the increasing of speed...
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Sorry Andy, I will never skip H_C :)
Although there is some advantage of using H_C even as default-allow (hardening + blocked Sponsors + forced SmartScreen + Documents Anti-Exploit), I think that KIS & TAM would be strong enough for most users. Please note, that in default - allow setup, PowerShell should be blocked because Constrained Language Mode works only in default - deny setup.:giggle:
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Thanks for the info.
Besides blocking it, I also set the Windows environment variable of PSLockdownPolicy 4.
What exactly is your H_C default-allow setup? Could you post here the screenshot?
If you used Avast profile or Allow EXE, then it is stronger than default-allow setup.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
What exactly is your H_C default-allow setup? Could you post here the screenshot?
If you used Avast profile or Allow EXE, then it is stronger than default-allow setup.
I used Windows_10_Recommended_Enhanced.hdc as a base, but I allowed EXE and TMP, and blocked *script.exe in Sponsors, and made a couple other modifications.
What is the proper meaning of "default-allow", in terms of H_C?

Annotation 2019-06-11 120721.png
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I used Windows_10_Recommended_Enhanced.hdc as a base, but I allowed EXE and TMP, and blocked *script.exe in Sponsors, and made a couple other modifications.
What is the proper meaning of "default-allow", in terms of H_C?

View attachment 214833
This is Allow-EXE setup. In your case, it is equal to the Enhanced default-deny setup (scripts, MSI, all files from Designated File Types List, blocked Sponsors). PowerShell works in Constrained Language Mode and only PowerShell command lines are allowed - PowerShell script files cannot be executed from hard local disks. Only EXE files are allowed to run Unrestricted.
It is a hybrid between default-deny and default-allow setup. If you would use it with Avast Hardened Mode Aggressive, then H_C + Avast = default-deny setup.

Default-allow setup has <Default Security Level> = Unrestricted. This forces PowerShell to Full Language Mode (it is not restricted any more) and all extensions from SRP Designated File Types are not protected in UserSpace except LNK files, if <More SRP ...> <Protect Shortcuts> = ON. The chosen Sponsors can be still blocked by SRP if <Block Sponsors> feature was used. Scripting can be blocked by <Disable Win. Script Host> = ON and <No PowerShell Exec> = ON or by blocking script Interpreters via <Bloc Sponsors>.
The below is a typical default-allow setup based on Enhanced profile:
214838
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Trying out this config:
Kaspersky Internet Security 2020 with Trusted Applications Mode
Hard_Configurator (default-allow)
I had a glitch with customized Kaspersky firewall settings, so I downgraded to Kaspersky Free Antivirus 2020, coupled with Hard_Configurator (default-deny, EXE blocked).
It looks like the issue is solved, thanks to @harlan4096 the wizard. So I am checking out the 2021 technical preview...
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Kaspersky with activated TAM works as a kind of SRP + forced SmartScreen. It can check/block the following file types: .bat, .cmd, .com, .js, .jse, .msc, .msi, .msp, .pif, .ps1, .reg, .scr, settingcontent-ms, .vbe, .vbs, .wsf, .wsh, and maybe some more.
But it seems that .chm and .hta scriptlets are not covered.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I had no time to test .cpl, .dll, .ocx, .sys, .tmp (for DLL), .tmp (for .exe). Avast Hardened Mode Aggressive can block .tmp (for .exe) but not the rest.
While activating TAM, the snapshot of executables already present on disk is made. So, these executables are automatically excluded from reputation checking, even when they are not recognized as Trusted.
 
Last edited:

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Kaspersky with activated TAM works as a kind of SRP + forced SmartScreen. It can check/block the following file types: .bat, .cmd, .com, .js, .jse, .msc, .msi, .msp, .pif, .ps1, .reg, .scr, settingcontent-ms, .vbe, .vbs, .wsf, .wsh, and maybe some more.
But it seems that .chm and .hta scriptlets are not covered.
Interesting. TAM does more than I thought.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Unfortunately, Kaspersky's behavior is not quite as consistent as I would hope for. I have a certain program with a firewall block rule, and every once in a while, like tonight for instance, it somehow manages to connect to the internet anyways, causing my whole system to freeze and the program itself to deactivate. So it looks like I am back to:
Windows Defender with ConfigureDefender
Windows Software Restriction Policies with Hard_Configurator

.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Unfortunately, Kaspersky's behavior is not quite as consistent as I would hope for. I have a certain program with a firewall block rule, and every once in a while, like tonight for instance, it somehow manages to connect to the internet anyways, causing my whole system to freeze and the program itself to deactivate. So it looks like I am back to:
Windows Defender with ConfigureDefender
Windows Software Restriction Policies with Hard_Configurator

.

What a coincidence! I had an issue with KFA and website rendering, so it's been removed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top