Advanced Plus Security sypqys configuration 2023

Last updated
Sep 4, 2023
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Home x64
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Smart App Control
On
Network firewall
Enabled
Real-time security
Windows Defender (DefenderUI) + Portmaster free version + SpyShelter 15 Pro
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Windows Defender + DefenderUI + SpyShelter Pro + Portmaster free + Hard_Configurator (+Configure Defender), AdGuard Home
---
WIN 10 privacy tweak :
O&O shut up 10
O&O app buster
WPD
BloatyNoisy
Windhawk
main telemetry off
Periodic malware scanners
Malwarebytes
Malware sample testing
I do not participate in malware testing
Environment for malware testing
/
Browser(s) and extensions
Firefox, Chrome (used), Edge, Ungoogled Chromium (not use for the moment) :

search : Duckduckgo

extensions FF : Malwarebytes Browser Guard, uBlock Origin, Tampermonkey, Scamdoc, Canvas blocker, Language Tool, Bitwarden, Decentraleyes, Searchonymous, Honey, Keepa, Chameleon (disabled), VT4Browser, Mailvelope (I don't use for the moment...), h264ify (for Youtube), Shoptimate, CSS Exfil..., etc.
Secure DNS
AdGuard Home
Desktop VPN
/
Password manager
Bitwarden (2FA authentification)
Maintenance tools
Ccleaner portable free, DISM++, PrivaZer free, PatchMyPC, driverscloud, Windows Repair Toolbox ("Revo" for uninstall programs), PureRa, HiBit Uninstaller portable + WIngetUI
File and Photo backup
"Synology DS720+" NAS and cloud like "mega.nz", "Filen", "Dropbox", "pcloud", "Google drive"...
System recovery
Macrium reflect (in progress)
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Requesting and accepting remote access
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Motherboard : msi-b550m-pro-vdh-wifi-micro-atx-am4-motherboard
CPU model : amd-ryzen-5-5600g-39-ghz-6-core-processor
GPU model : to CPU
RAM :
G.Skill Flare X Black (2x8 GB) DDR4-3200 CL16 Memory
storage : 500 Gb SAMSUNG 970 EVO Plus (Win 11 system)
1 Tb HDD WD (storage)
1 Tb SSD M.2 CRUCIAL P3 Plus (Storage)
Notable changes
add some changes

VT4Browser, Shoptimate... extension ...

UAC minimum notify

HiBit Uninstaller portable

06/2022 : new material and Win 11

12/2022 : new NAS DS720+

04/2023 : Portmaster free


09/2023 : AdGuard Home

10/2023 : custom security : Hard_Configurator

12/2023 : Kaspersky Free, ScreenWings add to security software, BloatyNoisy, Windhawk, Wireguard, DefenderUI...
+ new materiel : SSD 1 Tb Crucial P3 Plus, WIngetUI

01/2024 : HitmanPro Alert

01/2024 : Malwarebytes anti exploit and uninstalled HitmanPro Alert

11/01/2024 : MB anti ransomware + OSArmor 1.4.3 replace HitmanPro Alert and MB anti exploit...

10/02/2024 : removed osarmor and mb premium
add SpyShelter Pro
What I'm looking for?

Looking for maximum feedback.

sypqys

Level 3
Thread author
Apr 18, 2022
113
What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?



Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
  1. Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
    This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.
  2. You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
  3. If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
  4. You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
  5. Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
  6. Learn to recognize phishing attempts.
Be safe.(y)
ScreenWings_4TX6WcddJy.png

for example a VB code, but when I applies, and open my document, this type of VB codes don't work anymore...
I have to make a copy one to restore that primary restore the values on H_C.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,894
View attachment 266027
for example a VB code, but when I applies, and open my document, this type of VB codes don't work anymore...
Please answer my question. 🙏
The code is related to the VBA project (VBA = Visual Basic for Applications).
I understand that your code did not work with H_C restrictions. It is normal because H_C can block the VBA interpreter, so your code could not be processed.
But, this does not mean that this code was deleted from the original file. It should be still there.
Did you check that the code was really removed from the original file?(y)
 
  • Like
Reactions: sypqys

sypqys

Level 3
Thread author
Apr 18, 2022
113
Please answer my question. 🙏
I understand that your code did not work with H_C restrictions. It is normal because H_C can block the VBA interpreter, so your code could not be processed.
But, this does not mean that this code was deleted from the original file. It should be still there.
Did you check that the code was really removed from the original file?(y)
No I think on my souvenir my memory it will be delete all but I'm not sure. The part of VB code was unclickable since my memory... I prefer use that VB code... I protect my computer otherwise with the other options of H_C with LOLBins rules for my Windows 10 firewall. It's not a problem, because I'm not front of my computer right now. Maybe I made an error when I wrote there are delete all my codes from my Excel sheet.
 
  • Like
Reactions: Andy Ful

sypqys

Level 3
Thread author
Apr 18, 2022
113
The UAC disturb me. Because when I launch a legitimate program whose I know as secure, he attempt me. There is a possibility to class program at legitime in order to UAC warn me on program not classed ?
 
  • Like
Reactions: M4RT1NE2

M4RT1NE2

Level 13
Verified
Top Poster
Well-known
Mar 19, 2022
638
The UAC disturb me. Because when I launch a legitimate program whose I know as secure, he attempt me. There is a possibility to class program at legitime in order to UAC warn me on program not classed ?

That's what UAC is for, to warn you. :)
That is the job of the UAC.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,394
Config' uptaded ...
Can you create your own rules in the free version of Portmaster? Feature comparison is vague.

Is ScreenWings free?

Would Ghostpress not serve a better purpose than ScreenWings?
 

sypqys

Level 3
Thread author
Apr 18, 2022
113
Yes ScreenWings is free see on Softpedia.
I have create rules I thing if im right on Portmaster Free version...
Ghostpress I don'k know, I use it, but I prefer ScreenWings...
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,610
I just tried also Ghostpress and even can't end the initial configuration, it can't recognize Spanish accents in vowels in Verification step...
 
  • Like
  • Sad
Reactions: Nevi and sypqys

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top