Advanced Plus Security sypqys configuration 2023

Last updated
Sep 4, 2023
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Home x64
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Smart App Control
On
Network firewall
Enabled
Real-time security
Windows Defender (DefenderUI) + Portmaster free version + SpyShelter 15 Pro
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Windows Defender + DefenderUI + SpyShelter Pro + Portmaster free + Hard_Configurator (+Configure Defender), AdGuard Home
---
WIN 10 privacy tweak :
O&O shut up 10
O&O app buster
WPD
BloatyNoisy
Windhawk
main telemetry off
Periodic malware scanners
Malwarebytes
Malware sample testing
I do not participate in malware testing
Environment for malware testing
/
Browser(s) and extensions
Firefox, Chrome (used), Edge, Ungoogled Chromium (not use for the moment) :

search : Duckduckgo

extensions FF : Malwarebytes Browser Guard, uBlock Origin, Tampermonkey, Scamdoc, Canvas blocker, Language Tool, Bitwarden, Decentraleyes, Searchonymous, Honey, Keepa, Chameleon (disabled), VT4Browser, Mailvelope (I don't use for the moment...), h264ify (for Youtube), Shoptimate, CSS Exfil..., etc.
Secure DNS
AdGuard Home
Desktop VPN
/
Password manager
Bitwarden (2FA authentification)
Maintenance tools
Ccleaner portable free, DISM++, PrivaZer free, PatchMyPC, driverscloud, Windows Repair Toolbox ("Revo" for uninstall programs), PureRa, HiBit Uninstaller portable + WIngetUI
File and Photo backup
"Synology DS720+" NAS and cloud like "mega.nz", "Filen", "Dropbox", "pcloud", "Google drive"...
System recovery
Macrium reflect (in progress)
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Requesting and accepting remote access
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Motherboard : msi-b550m-pro-vdh-wifi-micro-atx-am4-motherboard
CPU model : amd-ryzen-5-5600g-39-ghz-6-core-processor
GPU model : to CPU
RAM :
G.Skill Flare X Black (2x8 GB) DDR4-3200 CL16 Memory
storage : 500 Gb SAMSUNG 970 EVO Plus (Win 11 system)
1 Tb HDD WD (storage)
1 Tb SSD M.2 CRUCIAL P3 Plus (Storage)
Notable changes
add some changes

VT4Browser, Shoptimate... extension ...

UAC minimum notify

HiBit Uninstaller portable

06/2022 : new material and Win 11

12/2022 : new NAS DS720+

04/2023 : Portmaster free


09/2023 : AdGuard Home

10/2023 : custom security : Hard_Configurator

12/2023 : Kaspersky Free, ScreenWings add to security software, BloatyNoisy, Windhawk, Wireguard, DefenderUI...
+ new materiel : SSD 1 Tb Crucial P3 Plus, WIngetUI

01/2024 : HitmanPro Alert

01/2024 : Malwarebytes anti exploit and uninstalled HitmanPro Alert

11/01/2024 : MB anti ransomware + OSArmor 1.4.3 replace HitmanPro Alert and MB anti exploit...

10/02/2024 : removed osarmor and mb premium
add SpyShelter Pro
What I'm looking for?

Looking for maximum feedback.

sypqys

Level 3
Thread author
Apr 18, 2022
113
I have Malwarebytes premium but i'm afraid about it's several protection... Also, it's heavy on system ressourse on task manager we can see that.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,669
Can I use "Malwarebytes Anti-Exploit" instead of OSArmor free version ?
Yea, and I wouldn’t use an old version of OSArmor to keep it free.

You can always try out Malwarebytes Premium and see how it behaves. High resource usage isn’t always indicative of poor performance unless you are limited on something like RAM or your CPU can’t handle it.
 

sypqys

Level 3
Thread author
Apr 18, 2022
113
Yea, and I wouldn’t use an old version of OSArmor to keep it free.

You can always try out Malwarebytes Premium and see how it behaves. High resource usage isn’t always indicative of poor performance unless you are limited on something like RAM or your CPU can’t handle it.
Yes I have already a licence key payed for MBAM. But I don't use I have few ressource RAM. Because FF and Chrome takes some of RAM.
 
  • Like
Reactions: Nevi and blackice

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,894
Yes, I think. I mean, I use VB codes, etc. And one option delete all, I restore that, and it work fine now.
Do you use H_C in the current settings? If you allow macros, then you need to apply custom settings. What version of MS Office do you use?

You can also use MS Office as a non-default application to open only your documents (documents will be opened from MS Word, Excel, etc.). As a default application that can open office documents, you can configure Excel, Word, and PowerPoint mobile versions from Microsoft Store. The mobile versions do not allow macros and active content, but you can copy the content and print documents.
 
  • Like
Reactions: Nevi and sypqys

sypqys

Level 3
Thread author
Apr 18, 2022
113
Do you use H_C in the current settings? If you allow macros, then you need to apply custom settings. What version of MS Office do you use?

You can also use MS Office as a non-default application to open only your documents (documents will be opened from MS Word, Excel, etc.). As a default application that can open office documents, you can configure Excel, Word, and PowerPoint mobile versions from Microsoft Store. The mobile versions do not allow macros and active content, but you can copy the content and print documents.
Office 2019 Pro Plus
 
  • Like
Reactions: Andy Ful

sypqys

Level 3
Thread author
Apr 18, 2022
113
What security do you use to mitigate MS Office vulnerabilities, exploits, and fileless malware related to MS Office?
Nothing I guess...

If I configure H_C it broke delete all my vb codes so I don't protect that anymore except with OSArmor free I see, he don't delete anything

How I have to do ? If you have idea...

The files which I download on Excel-downloads are safe.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,959
@sypqys
You should also change for "Network Firewall" that means simply your router:

264461-aa90c4a30cade9119c98349df47305e2.jpg
 

sypqys

Level 3
Thread author
Apr 18, 2022
113
ISP it's the FAI in french ? because I don't paid a third firewall router, I use an internal on Win 10... and my Internet have a firewall and I check this.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,894
Nothing I guess...

If I configure H_C it broke delete all my vb codes ...
What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?

How I have to do ? If you have idea...

The files which I download on Excel-downloads are safe.

Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
  1. Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
    This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.
  2. You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
  3. If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
  4. You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
  5. Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
  6. Learn to recognize phishing attempts.
Be safe.(y)
 
Last edited:

sypqys

Level 3
Thread author
Apr 18, 2022
113
What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?



Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
  1. Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
    This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.
  2. You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
  3. If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
  4. You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
  5. Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
  6. Learn to recognize phishing attempts.
Be safe.(y)
I recognize I don't understand all the answer, but thanks
 
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top