Advanced Plus Security dronefox1166 configuration 2024/2025

Last updated
Jun 9, 2025
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Home x64
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Notify me only when programs try to make changes to my computer (do not dim my desktop)
Smart App Control
On
Network firewall
Enabled
Real-time security
Windows Defender + simplewall portable + ConfigureDefender + FirewallHardening
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Windows Defender + Safing Portmaster + H_C (no agressive)
---
WIN 11 privacy tweak :
- BloatyNosy
- ChrisTitus Tech
main telemetry off
Periodic malware scanners
- Malwarebytes
Malware sample testing
I do not participate in malware testing
Environment for malware testing
/
Browser(s) and extensions
Firefox, Chrome, Brave, Ungoogled Chromium (used), Edge, Ungoogled Chromium (not use for the moment) :

search : Duckduckgo

extensions FF : uBlock Origin, Decentreleyes, Language Tool, Bitwarden, Keepa, Fakespot (for Amazon), h264ify (for Youtube), IDM extension, DarkReader, BetterRYM, cat-catch, AutoTabDiscard
Secure DNS
NextDNS (into Portmaster)
Desktop VPN
/
Password manager
Bitwarden (2FA authentification)
Maintenance tools
BleachIt, PatchMyPC, Windows Repair Toolbox, HiBit Uninstaller portable + UniGetUI
File and Photo backup
"Synology DS720+" NAS and cloud like 'MEGA(.nz)", "Amazon Photos" (unlimited with "Prime"), "OneDrive", "Google drive", "Proton drive", "MEGA.nz", "KDrive", "Filen", "Twake", "pcloud"...
Subscriptions
    • None
System recovery
N/A
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Requesting and accepting remote access
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
    • Coding and development
Computer specs
Motherboard : msi-b550m-pro-vdh-wifi-micro-atx-am4-motherboard
CPU model : amd-ryzen-5-5600g-39-ghz-6-core-processor
GPU model : to CPU
RAM :
G.Skill Flare X Black (2x8 GB) DDR4-3200 CL16 Memory
storage : 1 Tb SAMSUNG 990 EVO Plus (Win 11 system)
1 Tb HDD 2,5' WD (storage)
1 Tb SSD M.2 CRUCIAL P3 Plus (Storage)
Notable changes
add some changes

VT4Browser, Shoptimate... extension ...

UAC minimum notify

HiBit Uninstaller portable

06/2022 : new material and Win 11

12/2022 : new NAS DS720+

04/2023 : Portmaster free


09/2023 : AdGuard Home

10/2023 : custom security : Hard_Configurator

12/2023 : Kaspersky Free, ScreenWings add to security software, BloatyNoisy, Windhawk, Wireguard, DefenderUI...
+ new materiel : SSD 1 Tb Crucial P3 Plus, WIngetUI

01/2024 : HitmanPro Alert

01/2024 : Malwarebytes anti exploit and uninstalled HitmanPro Alert

11/01/2024 : MB anti ransomware + OSArmor 1.4.3 replace HitmanPro Alert and MB anti exploit...

10/02/2024 : removed osarmor and mb premium
add SpyShelter Pro

07/2024 : remove SpyShelter, remove AdGuard Home

11/2024 : NextDNS and H_C removed (only ConfigureDefender and FirewallHardening from H_c tools)

- Fort Firewall and HostsMan

- Office 365

12/2024 : AdGuard DNS, PrivaZer Pro...

01/2025 : NextDNS

03/2025 : Portmaster add and Fort Firewall removed

06/2025 : Fort Firewall, SimpleWindowsHardening added

06/2025 : Fort Firewall removed, simplewall portable added

02/2026 : Add Portmaster, remove Office 365,
What I'm looking for?

Looking for maximum feedback.

Andy Ful said:
What do you mean by vb codes? Are they related to VBA features of MS Office (Macros, Add-ins, etc.)?
Do the original documents work differently after disabling H_C restrictions?



Most people infected via MS Office thought that the downloaded files were safe. Most of them were infected via MS Office macros or MS Office Add-ins. There are many other ways that can be adopted by the attackers in the near future to bypass the AV protection by using MS Office.
I do not have a convenient solution for you. Most security applications that protect MS Office use parent-child process monitoring, which is insufficient when you allow macros. I can only advise what I already posted:
  1. Use a safe application as the default program to open documents. So when you open the document, template, Add-in, etc., from the Desktop or Explorer (file explorer) it is not opened/installed via MS Office.
    This can be done by the custom configuration of default applications via Windows Settings >> Apps & features >> Default apps >> Set defaults by app. Next, choose MS Office Word, Excel, PowerPoint, and change the default application that can open the listed file types to a safe application.
  2. You can still open your documents by opening the MS Office application and using File >> Open from the application menu.
  3. If you must edit an unsafe document, then do not do it at once. Check it online and if it looks clean, then open it in MS Office after one or more days.
  4. You can additionally use Defender with ASR rules or anti-exploit solutions related to MS Office.
  5. Harden your firewall to block LOLBins' connections or use H_C to block popular LOLBins.
  6. Learn to recognize phishing attempts.
Be safe.(y)
Click to expand...
The first step after install of Office is to disable add-ons; macros are disabled by default; is this enough?
 
Parkinsond said:
The first step after install of Office is to disable add-ons; macros are disabled by default; is this enough?
Click to expand...
Only macros with MotW are disabled by default. However, malicious macros are not currently as prevalent as they were in 2022, when I wrote the advice you referred to.
Two years ago, weaponized Microsoft Office documents were a dangerous initial attack vector. Currently, they are dangerous as payloads (fortunately, not so prevalent).
For example, the attacker can use tricks disguised as a document opening:

Read_this_document.bat ----> weaponized DOC file downloaded with no MotW -----> DOC file opened ----> macro executed

ClickFix ----> PowerShell code ----> weaponized DOC file downloaded with no MotW -----> DOC file opened ----> macro executed

In the above examples, the user expects that the document is going to be opened. Most people will not notice anything suspicious.
 
  • +Reputation
  • Like
Reactions: dronefox1166, Parkinsond and simmerskool
So why is the countermeasure so dependent on motw? Shouldnt we disable macros altogether? Who uses them anyways, not the avergage joe. We just use MS Word as a glorified notepad.
 
Last edited:
  • Like
  • Hundred Points
Reactions: Andy Ful, Parkinsond and simmerskool
Victor M said:
So why is the countermeasure so dependent on motw? Shouldnt we disable macros altogether? Who uses them anyways, not the avergage joe. We just use MS Word as a glorified notepad.
Click to expand...
Disabled all the time
Capture.PNG
Capture2.PNG
 
  • Like
Reactions: [correlate] and Andy Ful
Victor M said:
So why is the countermeasure so dependent on motw? Shouldnt we disable macros altogether? Who uses them anyways, not the avergage joe. We just use MS Word as a glorified notepad.
Click to expand...
Dependence on MotW is practical, especially in Enterprises (documents downloaded from the Internet are restricted, but local resources are not). Security layers must be usable.
However, most people do not need macros. Disabling macros is a good prevention against dangerous threats.
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool, [correlate] and Parkinsond
Generally, Microsoft Office is vulnerable to exploitation. For example, it contains VBA support, which can be used as a programming language (similar to Python, Java, etc.). The attackers can use scripting or a simple loader to enable access to Visual Basic Object Model (VBOM) in MS Office and silently run VBA malware without running MS Office applications or opening documents.
 
Last edited:
  • +Reputation
  • Like
Reactions: simmerskool, [correlate] and Parkinsond

You may also like...