Advanced Security TairikuOkami's Configuration 202x

Last updated
Jan 27, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
ISP Controlled Router
Real-time security
Firewall security
Microsoft Defender Firewall with Advanced Security
About custom security
Disabled IPv6, Powershell, Telemetry, WSH, some services. Blocked ports 53/80.
Detailed info: Windows Setup 1 + Windows Setup 2 + Windows Tweaks
Periodic malware scanners
Windows Repair Toolbox (Malware removal): Autoruns + HitmanPro + NPE + RogueKiller
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Brave with ECH for Google/YouTube
LibreWolf with ECH for Facebook
Microsoft Edge with eSNI
Bonjourr · Minimalist Startpage (no 5 secs delay, it shows time and the day of the week)
Cookie-AutoDelete (cleans cache, cookies, indexedDB, localstorage, plugindata, service workers)
I don't care about cookies (get rid of cookie warnings from almost all websites)
Selection Search (use the right-click menu to search for selected text in any search engines)
rem Disabled
rem edge://flags/#allow-all-sites-to-initiate-mirroring
rem edge://flags/#edge-auto-enter-immersive-reader
rem edge://flags/#edge-automatic-profile-switching
rem edge://flags/#edge-drop
rem edge://flags/#edge-omnibox-ui-hide-steady-state-url-scheme
rem edge://flags/#edge-omnibox-ui-hide-steady-state-url-trivial-subdomains
rem edge://flags/#edge-optin-experimentation
rem edge://flags/#edge-prenav
rem edge://flags/#edge-reading-view
rem edge://flags/#edge-screenshot
rem edge://flags/#edge-share-menu
rem edge://flags/#edge-show-feature-recommendations
rem edge://flags/#edge-split-screen
rem edge://flags/#enable-quic
rem edge://flags/#enable-windows-gaming-input-data-fetcher
rem edge://flags/#media-router-cast-allow-all-ips

rem Enabled
rem edge://flags/#block-insecure-private-network-requests
rem edge://flags/#disallow-doc-written-script-loads
rem edge://flags/#edge-auth-manager-delay-load
rem edge://flags/#edge-autoplay-user-setting-block-option
rem edge://flags/#edge-digsig-enabled-pdf
rem edge://flags/#edge-reduce-user-agent-minor-version
rem edge://flags/#enable-first-party-sets
rem edge://flags/#fill-on-account-select
rem edge://flags/#origin-agent-cluster-default
rem edge://flags/#origin-keyed-processes-by-default
rem edge://flags/#partitioned-cookies
rem edge://flags/#strict-origin-isolation
rem edge://flags/#use-dns-https-svcb-alpn
rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------

rem Microsoft Edge release notes for Stable Channel
rem https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies
rem Download Security Compliance Toolkit and Baselines from Official Microsoft Download Center
rem rem Microsoft Edge for Business Group Policy Administrative Templates
rem edge://policy

rem reg delete "HKCU\Software\Policies\Microsoft\Edge" /f
rem reg delete "HKLM\Software\Policies\Microsoft\Edge" /f

rem ________________________________________________________________________________________
rem 1 - Allow users to access the games menu
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AllowGamesMenu" /t REG_DWORD /d "0" /f

rem 1 - Allow the audio sandbox to run
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AudioSandboxEnabled" /t REG_DWORD /d "0" /f

rem 1 - Compose is enabled for writing on the web
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ComposeInlineEnabled" /t REG_DWORD /d "0" /f

rem 1 - Enables CryptoWallet feature
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "CryptoWalletEnabled" /t REG_DWORD /d "0" /f

rem 1 - AllowJavaScriptJit / 2 - BlockJavaScriptJit (Do not allow any site to run JavaScript JIT)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultJavaScriptJitSetting" /t REG_DWORD /d "0" /f

rem 1 - Allow users to open files using the DirectInvoke protocol
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DirectInvokeEnabled" /t REG_DWORD /d "0" /f

rem 1 - Disable taking screenshots
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DisableScreenshots" /t REG_DWORD /d "1" /f

rem 1 - DNS interception checks enabled
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DNSInterceptionChecksEnabled" /t REG_DWORD /d "0" /f

rem 1 - Drop lets users send messages or files to themselves
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeEDropEnabled" /t REG_DWORD /d "0" /f

rem 1 - Microsoft Edge can automatically enhance images to show you sharper images with better color, lighting, and contrast
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeEnhanceImagesEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allows the Microsoft Edge browser to enable Follow service and apply it to users
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeFollowEnabled" /t REG_DWORD /d "0" /f

rem 1 - Microsoft Edge will attempt to connect to the Microsoft Edge management service to download and apply policy assigned to the Azure AD account of the user
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeManagementEnabled" /t REG_DWORD /d "0" /f

rem 1 - Captures the searches user does on third party search providers
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "Edge3PSerpTelemetryEnabled" /t REG_DWORD /d "0" /f

rem 1 - If you enable this policy, users will be able to access the Microsoft Edge Workspaces feature
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeWorkspacesEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allow Google Cast to connect to Cast devices on all IP addresses (Multicast), Edge trying to connect to 239.255.255.250 via UDP port 1900
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EnableMediaRouter" /t REG_DWORD /d "0" /f

rem The Experimentation and Configuration Service is used to deploy Experimentation and Configuration payloads to the client / 0 - RestrictedMode / 1 - ConfigurationsOnlyMode / 2 - FullMode
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ExperimentationAndConfigurationServiceControl" /t REG_DWORD /d "0" /f

rem 1 - Allows Microsoft Edge to prompt the user to switch to the appropriate profile when Microsoft Edge detects that a link is a personal or work link
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "GuidedSwitchEnabled" /t REG_DWORD /d "0" /f

rem 1 - Hide restore pages dialog after browser crash
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "HideRestoreDialogEnabled" /t REG_DWORD /d "1" /f

rem 1 - Show Hubs Sidebar
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "HubsSidebarEnabled" /t REG_DWORD /d "0" /f

rem 1 - Enable Grammar Tools feature within Immersive Reader
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ImmersiveReaderGrammarToolsEnabled" /t REG_DWORD /d "0" /f

rem 1 - Enable Picture Dictionary feature within Immersive Reader
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ImmersiveReaderPictureDictionaryEnabled" /t REG_DWORD /d "0" /f

rem 0 -InPrivate mode available / 1 - disabled / 2 - forced
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "InPrivateModeAvailability" /t REG_DWORD /d "1" /f

rem 1 - Allow sites to be reloaded in Internet Explorer mode (IE mode)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "InternetExplorerIntegrationReloadInIEModeAllowed" /t REG_DWORD /d "0" /f

rem 1 - Shows content promoting the Microsoft Edge Insider channels on the About Microsoft Edge settings page
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEdgeInsiderPromotionEnabled" /t REG_DWORD /d "0" /f

rem 1 - Mouse Gesture Enabled
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MouseGestureEnabled" /t REG_DWORD /d "0" /f

rem 1 - Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewPDFReaderEnabled" /t REG_DWORD /d "0" /f

rem 1 - Hide the default top sites from the new tab page
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageHideDefaultTopSites" /t REG_DWORD /d "1" /f

rem 1 - Allow QUIC protocol
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QuicAllowed" /t REG_DWORD /d "0" /f

rem 1 - Enable Read Aloud feature in Microsoft Edge
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ReadAloudEnabled" /t REG_DWORD /d "0" /f

rem 1 - Configure Related Matches in Find on Page, the results are processed in a cloud service
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RelatedMatchesCloudServiceEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allow remote debugging
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RemoteDebuggingAllowed" /t REG_DWORD /d "0" /f

rem 1 - Launches Renderer processes into an App Container for additional security benefits
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RendererAppContainerEnabled" /t REG_DWORD /d "1" /f

rem 0 - Enable search in sidebar / 1 - DisableSearchInSidebarForKidsMode / 2 - DisableSearchInSidebar
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchInSidebarEnabled" /t REG_DWORD /d "2" /f

rem 1 - Search for image enabled
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchForImageEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allow screen capture
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ScreenCaptureAllowed" /t REG_DWORD /d "0" /f

rem 1 - Allow notifications to set Microsoft Edge as default PDF reader
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowPDFDefaultRecommendationsEnabled" /t REG_DWORD /d "0" /f

rem 1 - The policy can be used to prevent users from opting out of the default behavior of isolating all sites
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SitePerProcess" /t REG_DWORD /d "1" /f

rem 1 - Allow Speech Recognition
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SpeechRecognitionEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allow video capture
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "VideoCaptureAllowed" /t REG_DWORD /d "0" /f

rem 1 - Allow Microsoft Edge Workspaces
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeWorkspacesEnabled" /t REG_DWORD /d "0" /f

rem 1 - Wallet Donation Enabled
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "WalletDonationEnabled" /t REG_DWORD /d "0" /f

rem 1 - DNS-based WPAD optimization (Web Proxy Auto-Discovery)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "WPADQuickCheckEnabled" /t REG_DWORD /d "0" /f

rem 0 - Prevent Desktop Shortcut creation upon install default
reg add "HKLM\Software\Policies\Microsoft\EdgeUpdate" /v "CreateDesktopShortcutDefault" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\EdgeUpdate" /v "CreateDesktopShortcut{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\EdgeUpdate" /v "RemoveDesktopShortcutDefault" /t REG_DWORD /d "1" /f

rem ________________________________________________________________________________________
rem 1 - The Sidebar appears in a fixed position on the Microsoft Windows desktop, and is hidden from the browser application frame
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "StandaloneHubsSidebarEnabled" /t REG_DWORD /d "0" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ..................................... Appearances ......................................

rem 0 - Show share button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ConfigureShare" /t REG_DWORD /d "1" /f

rem 1 - Show Collections button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeCollectionsEnabled" /t REG_DWORD /d "0" /f

rem 1 - Show favorites bar
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "FavoritesBarEnabled" /t REG_DWORD /d "1" /f

rem 1 - Show Math Solver button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MathSolverEnabled" /t REG_DWORD /d "0" /f

rem 1 - The performance detector detects tab performance issues and recommends actions to fix the performance issues
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PerformanceDetectorEnabled" /t REG_DWORD /d "0" /f

rem 1 - Pin browser essentials toolbar button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PinBrowserEssentialsToolbarButton" /t REG_DWORD /d "0" /f

rem 1 - Show mini menu when selecting text
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QuickSearchShowMiniMenu" /t REG_DWORD /d "0" /f

rem 1 - Always show the Downloads button on the toolbar
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowDownloadsToolbarButton" /t REG_DWORD /d "1" /f

rem 1 - Show home button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowHomeButton" /t REG_DWORD /d "0" /f

rem 1 - Show feedback button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "UserFeedbackAllowed" /t REG_DWORD /d "0" /f

rem 1 - Show tab actions menu (Show vertical tabs)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "VerticalTabsAllowed" /t REG_DWORD /d "0" /f

rem 1 - Show web capture button
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "WebCaptureEnabled" /t REG_DWORD /d "0" /f

rem ________________________________________________________________________________________
rem 1 - Enables background updates to the list of available templates for Collections and other features that use templates
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BackgroundTemplateListUpdatesEnabled" /t REG_DWORD /d "0" /f

rem 1 - Enable the Search bar
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchbarAllowed" /t REG_DWORD /d "0" /f

rem 1 - Allow the Search bar at Windows startup
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchbarIsEnabledOnStartup" /t REG_DWORD /d "0" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem .............................. Cookies and site permissions ............................

rem PDF Documents
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AlwaysOpenPdfExternally" /t REG_DWORD /d "1" /f

rem Ads setting for sites with intrusive ads / 1 - Allow ads on all sites / 2 - Block ads on sites with intrusive ads. (Default value)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AdsSettingForIntrusiveAdsSites" /t REG_DWORD /d "1" /f

rem Clipboard / 2 - BlockClipboard / 3 - AskClipboard
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultClipboardSetting" /t REG_DWORD /d "2" /f

rem File Editing / 2 - BlockFileSystemRead / 3 - AskFileSystemRead
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultFileSystemReadGuardSetting" /t REG_DWORD /d "2" /f

rem File Editing / 2 - BlockFileSystemWrite / 3 - AskFileSystemWrite
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultFileSystemWriteGuardSetting" /t REG_DWORD /d "2" /f

rem Location / 1 - AllowGeolocation / 2 - BlockGeolocation / 3 - AskGeolocation
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultGeolocationSetting" /t REG_DWORD /d "2" /f

rem Insecure Content / 2 - BlockInsecureContent / 3 - AllowExceptionsInsecureContent
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultInsecureContentSetting" /t REG_DWORD /d "2" /f

rem Notifications / 1 - AllowNotifications / 2 - BlockNotifications / 3 - AskNotifications
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultNotificationsSetting" /t REG_DWORD /d "2" /f

rem Motion or light sensors / 1 - AllowSensors / 2 - BlockSensors
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultSensorsSetting" /t REG_DWORD /d "2" /f

rem Serial ports / 2 - BlockSerial / 3 - AskSerial
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultSerialGuardSetting" /t REG_DWORD /d "2" /f

rem USB Devices / 2 - BlockWebUsb / 3 - AskWebUsb
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultWebUsbGuardSetting" /t REG_DWORD /d "2" /f

rem ________________________________________________________________________________________
rem 1 - Allow audio capture
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AudioCaptureAllowed" /t REG_DWORD /d "0" /f

rem Bluetooth / 2 - BlockWebBluetooth / 3 - AskWebBluetooth
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultWebBluetoothGuardSetting" /t REG_DWORD /d "2" /f

rem Access to HID devices via the WebHID API / 2 - BlockWebHid / 3 - AskWebHid
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultWebHidGuardSetting" /t REG_DWORD /d "2" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ...................................... Downloads .......................................

rem Set download directory
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DownloadDirectory" /t REG_SZ /d "Z:\Desktop" /f

rem 1 - Ask me what to do with each download (Ignored when download directory is set)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PromptForDownloadLocation" /t REG_DWORD /d "1" /f

rem 1 - Open Office files in the browser
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QuickViewOfficeFilesEnabled" /t REG_DWORD /d "0" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ..................................... Extensions .......................................

rem 1 - Allow extensions from other stores
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled" /t REG_DWORD /d "0" /f

rem 1 - DeveloperToolsAllowed / 2 - DeveloperToolsDisallowed (Don't allow using the developer tools)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DeveloperToolsAvailability" /t REG_DWORD /d "2" /f

rem ________________________________________________________________________________________
rem 1 - Blocks external extensions from being installed
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BlockExternalExtensions" /t REG_DWORD /d "1" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ...................................... Languages .......................................

rem 1 - Enable spellcheck
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SpellcheckEnabled" /t REG_DWORD /d "1" /f

rem 1 - Offer to translate pages that aren't in a language I read
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TranslateEnabled" /t REG_DWORD /d "0" /f

rem ________________________________________________________________________________________
rem 1 - The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages
rem Google, Microsoft can get your passwords via web browser's spellcheck
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEditorProofingEnabled" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEditorSynonymsEnabled" /t REG_DWORD /d "0" /f

rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ..................................... New tab page .....................................

rem Page Layout / 1 - DisableImageOfTheDay / 2 - DisableCustomImage / 3 - DisableAll
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageAllowedBackgroundTypes" /t REG_DWORD /d "1" /f

rem 1 - Allow Microsoft News content on the new tab page
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageContentEnabled" /t REG_DWORD /d "0" /f

rem 1 - Preload the new tab page for a faster experience
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPagePrerenderEnabled" /t REG_DWORD /d "0" /f

rem ________________________________________________________________________________________
rem 1 - Hide the default top sites from the new tab page
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageHideDefaultTopSites" /t REG_DWORD /d "1" /f

rem 1 - Allow quick links on the new tab page
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageQuickLinksEnabled" /t REG_DWORD /d "0" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ....................................... Personal .......................................

rem 1 - Add profile
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BrowserAddProfileEnabled" /t REG_DWORD /d "0" /f

rem 1 - Browse as guest
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BrowserGuestModeEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allow users to configure Family safety and Kids Mode
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "FamilySafetySettingsEnabled" /t REG_DWORD /d "0" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ............................ Privacy, search, and services .............................

rem 1 - Suggest similar sites when a website can't be found
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AlternateErrorPagesEnabled" /t REG_DWORD /d "0" /f

rem Automatically switch to more secure connections with Automatic HTTPS / 0 - Disabled / 1 - Switch to supported domains / 2 - Always
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutomaticHttpsDefault" /t REG_DWORD /d "2" /f

rem Diagnostic Data / 0 - Off / 1 - RequiredData / 2 - OptionalData
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DiagnosticData" /t REG_DWORD /d "0" /f

rem Enhance the security state in Microsoft Edge / 0 - Standard mode / 1 - Balanced mode / 2 - Strict mode
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EnhanceSecurityMode" /t REG_DWORD /d "2" /f

rem Search on new tabs uses search box or address bar / redirect - address bar / bing - search box
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageSearchBox" /t REG_SZ /d "redirect" /f

rem 1 - Use a web service to help resolve navigation errors
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ResolveNavigationErrorsUseWebService" /t REG_DWORD /d "0" /f

rem 1 - Show me search and site suggestions using my typed characters
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchSuggestEnabled" /t REG_DWORD /d "0" /f

rem 1 - Turn on site safety services to get more info about the sites you visit
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SiteSafetyServicesEnabled" /t REG_DWORD /d "0" /f

rem 1 - Suggest group names when creating a new tab group
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TabServicesEnabled" /t REG_DWORD /d "0" /f

rem Tracking prevention / 0 - Off / 1 - Basic / 2 - Balanced / 3 - Strict
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TrackingPrevention" /t REG_DWORD /d "0" /f

rem 1 - Typosquatting Checker (just sending what you type to MS)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TyposquattingCheckerEnabled" /t REG_DWORD /d "0" /f

rem 1 - Visual search (sending what you are looking at to MS)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "VisualSearchEnabled" /t REG_DWORD /d "0" /f

rem ________________________________________________________________________________________
rem Enable Microsoft Search in Bing suggestions in the address bar
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AddressBarMicrosoftSearchInBingProviderEnabled" /t REG_DWORD /d "0" /f

rem Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PersonalizationReportingEnabled" /t REG_DWORD /d "0" /f

rem Enable full-tab promotional content
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PromotionalTabsEnabled" /t REG_DWORD /d "0" /f

rem Allow recommendations and promotional notifications from Microsoft Edge
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowRecommendationsEnabled" /t REG_DWORD /d "0" /f

rem Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services)
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SpotlightExperiencesAndRecommendationsEnabled" /t REG_DWORD /d "0" /f

rem Use secure DNS (DoH)
rem reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BuiltInDnsClientEnabled" /t REG_DWORD /d "1" /f
rem reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DnsOverHttpsMode" /t REG_SZ /d "secure" /f
rem reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DnsOverHttpsTemplates" /t REG_SZ /d "https://security.cloudflare-dns.com/dns-query?" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ...................................... Profiles ........................................

rem 1 - Save and fill personal info
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutofillAddressEnabled" /t REG_DWORD /d "1" /f

rem 1 - Save and fill payment info
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutofillCreditCardEnabled" /t REG_DWORD /d "1" /f

rem 1 - Let users compare the prices of a product they are looking at, get coupons or rebates from the website they're on
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeShoppingAssistantEnabled" /t REG_DWORD /d "0" /f

rem 1 - Forces data synchronization in Microsoft Edge. This policy also prevents the user from turning sync off.
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ForceSync" /t REG_DWORD /d "1" /f

rem If you enable this policy all the specified data types will be included for synchronization
reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "1" /t REG_SZ /d "extensions" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "2" /t REG_SZ /d "favorites" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "3" /t REG_SZ /d "passwords" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "4" /t REG_SZ /d "settings" /f

rem If you enable this policy all the specified data types will be excluded from synchronization
reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "1" /t REG_SZ /d "addressesAndMore" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "2" /t REG_SZ /d "apps" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "3" /t REG_SZ /d "collections" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "4" /t REG_SZ /d "history" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "5" /t REG_SZ /d "openTabs" /f

rem 1 - Suggest strong passwords
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordGeneratorEnabled" /t REG_DWORD /d "1" /f

rem 1 - Offer to save passwords
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordManagerEnabled" /t REG_DWORD /d "1" /f

rem 1 - Show alerts when passwords are found in an online leak
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordMonitorAllowed" /t REG_DWORD /d "0" /f

rem 1 - Show the "Reveal password" button in password fields
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordRevealEnabled" /t REG_DWORD /d "0" /f

rem Sign in: / 0 - Automatically / 1 - With device password
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PrimaryPasswordSetting" /t REG_DWORD /d "1" /f

rem 1 - Show Microsoft Rewards experience and notifications
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowMicrosoftRewards" /t REG_DWORD /d "0" /f

rem ________________________________________________________________________________________
rem 1 - Single sign-on for work or school sites using this profile enabled
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AADWebSiteSSOUsingThisProfileEnabled" /t REG_DWORD /d "0" /f

rem 1 - Allow single sign-on for Microsoft personal sites using this profile
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MSAWebSiteSSOUsingThisProfileAllowed" /t REG_DWORD /d "0" /f

rem Configure the list of domains where Microsoft Edge should disable the password manager
reg add "HKLM\Software\Policies\Microsoft\Edge\PasswordManagerBlocklist" /v "1" /t REG_SZ /d "Steam Community" /f
reg add "HKLM\Software\Policies\Microsoft\Edge\PasswordManagerBlocklist" /v "2" /t REG_SZ /d "Steam Store" /f


rem =================================== Windows Policies ===================================
rem ------------------------------------ Microsoft Edge ------------------------------------
rem ................................ System and performance ................................

rem 1 - Continue running background apps when Microsoft Edge is closed
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BackgroundModeEnabled" /t REG_DWORD /d "0" /f

rem Efficiency Mode / 1 - Enables efficiency mode
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EfficiencyModeEnabled" /t REG_DWORD /d "0" /f

rem 1 - Use hardware acceleration when available
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f

rem 1 - Save resources with sleeping tabs
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SleepingTabsEnabled" /t REG_DWORD /d "0" /f

rem 1 - Startup boost
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "StartupBoostEnabled" /t REG_DWORD /d "0" /f

rem ________________________________________________________________________________________
rem 1 - If ECH is enabled, Microsoft Edge might or might not use ECH depending on server support, the availability of the HTTPS DNS record
rem Enable: DOH + #use-dns-https-svcb-alpn + the paramater: --enable-features="EncryptedClientHello" - Cloudflare Browser Check
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EncryptedClientHelloEnabled" /t REG_DWORD /d "1" /f

rem 1 - Enable Gamer Mode
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "GamerModeEnabled" /t REG_DWORD /d "0" /f

rem NetworkPrediction / 0 - Always / 1 - WifiOnly / 2 - Never
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NetworkPredictionOptions" /t REG_DWORD /d "2" /f
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --enable-features="EnableCsrssLockdown,EncryptedClientHello,IsolatePrerenders,IsolateSandboxedIframes,RendererAppContainer,WinSboxDisableExtensionPoint" --disable-webgl --no-pings
Secure DNS
NextDNS (DoH)
Blocked all TLDs except a select few
Desktop VPN
Password manager
Maintenance tools
File and Photo backup
System recovery
Risk factors
    • Browsing to popular websites
    • Browsing the Internet without an ad-blocker
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Notable changes
28-Oct-23 Microsoft 365 Basic & DDG (the only usable search)
11-Sep-23 Brave Search, simple and clean unlike Bing AI
14-July-23 Bing, I am already using everything from MS
07-May-23 Searx instances
04-Feb-23 Removed Panda, it slowed down boot/shutdown
10-Nov-22 Added Panda Dome Free
29-Oct-22 Blocked all TLDs except for a select few
28-Sep-22 Enabled Encrypted Client Hello (ECH)
26-Sep-22 Replaced SwissCows with Neeva Search
18-Sep-22 Disabled Microsoft Editor
16-Sep-22 Added Cookie Dialog Monster
11-Sep-22 Replaced DDG with SwissCows
29-Aug-22 Blocking GAFAM on Edge
17-Aug-22 Added Brave for YouTube
17-Aug-22 Added LibreWolf for Facebook
17-Aug-22 Removed Enhancer for YouTube
22-Jul-22 Added I don't care about cookies
22-Jul-22 Removed AdGuard AdBlocker
20-May-22 Added 2FA on Windows
20-May-22 Updated Edge polices
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team
  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Windows Quiet Edition - 65 processes / 600 threads / 23000 handles / 1,8GB RAM (1GB used by ramdisk)

capture_09172023_194855.jpg

Anti-ransomware - backup folder - denied access to SYSTEM, Users permissions are set to read only.
I turn off PC with Wise Cleaners + tweaks, to remove startup entries/policies and to restore my settings.
Browser's cache, Desktop, Downloads and Temp folders are stored in the RAMDisk, where malware likes to hide.
In case of an emergency (ransomware) I can hit Reset and Windows will boot with all those reset to the previous state.
 
Last edited:

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,064
I would like to see the extension of Malwarebytes to help more smartscreen and Nextdns. Good configuration, thank you very much for sharing.

Edit: I would try Firefox because you don't have to be sending all your navigation data to ms. I would replace Windows Repair Toolbox with FRST. (y)
 
Last edited:

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I would try Firefox because you don't have to be sending all your navigation data to ms.
I have disabled most of it via policies and NextDNS helps too.

capture_05202022_102441.jpg

Besides I like MS services connected to each other, thus I started to use onedrive and outlook as well.
Saved passwords within Edge are available in MS Authenticator and Edge on android is also more smooth.
I would replace Windows Repair Toolbox with FRST.
WRT contains FRST. :)
 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
And any anti-exploit settings for your browser and mail client if you have it?
Exploits would have a hard time running without Powershell and WSH. I have restricted some exes (lolbins) like mshta.exe via Disallow policy. Port 80 aka http is not allowed. To partially prevent malware using legitimate processes, I have allowed only trusted IP ranges for the most vulnerable apps like svchost or discord. Process Hacker checks running processes in VirusTotal.
 

Attachments

  • capture_05202022_105411.jpg
    capture_05202022_105411.jpg
    490.4 KB · Views: 344
Last edited:

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I started to use Brave for YouTube and LibreWolf for Facebook for security and privacy reasons. Edge seems to be a tad faster now. My ramdisk with all browser's profiles and caches takes only ~400MB. I have unlinked my real name from all other accounts except facebook, because ... the world has changed, money accounts are being seized and some opinions are considered illegal.
 

Attachments

  • capture_08202022_160335.jpg
    capture_08202022_160335.jpg
    281.8 KB · Views: 241
  • capture_08292022_200147.jpg
    capture_08292022_200147.jpg
    216.7 KB · Views: 243

Watarud

Level 1
Jun 26, 2022
25
Good afternoon, the author of the topic, tell me please, I was interested in your installation, how to repeat it and do it the same way as you?
 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452

Attachments

  • capture_09102022_094728.jpg
    capture_09102022_094728.jpg
    489.1 KB · Views: 214
Last edited:

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Disabled Microsoft Editor, apparently it is something to be concerned about. So much for putting all my fate into MS. :unsure:
Code:
rem 1 - The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEditorProofingEnabled" /t REG_DWORD /d "0" /f
reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEditorSynonymsEnabled" /t REG_DWORD /d "0" /f
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
I ran the scripts you gave Windows Setup 1 + Windows Setup 2 + Windows Tweaks for trial purposes. My internet adapters are completely gone, I couldn't connect to the internet. Good thing I took a backup and restored windows from the backup :D
His tweaks are based on his requirements only, which is quite extreme. So it's normal that it doesn't work for you.
I copied his files and filtered out a lot of things based on my requirements and added to my own GitHub. So you'll have to do something like that. Consider his tweaks as a complex procedure to simplify things.
 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
His tweaks are based on his requirements only, which is quite extreme. So it's normal that it doesn't work for you.
Well said, I never intended to share them, but people begged me to do so. My pastebin had 80k views before it was removed, after reported as malicious, thus I put warning on top. :whistle:
My internet adapters are completely gone, I couldn't connect to the internet.
I disable Network Connections, since 11 deprecates it in favor of Network Connection Broker. Radio Management is needed for WiFi. I also disable DHCP Client since I setup a static IP.

EDIT: I have recently managed to enable ECH in Edge, thanks to Sampei Nihira. Runing Edge 105 with the parameter: --enable-features="EncryptedClientHello" and flag #dns-https-svcb
capture_09302022_173933.jpg
 
Last edited:

StRonK

Level 1
Apr 19, 2020
18
I disable Network Connections, since 11 deprecates it in favor of Network Connection Broker. Radio Management is needed for WiFi. I also disable DHCP Client since I setup a static IP.
Really interesting, I thought the code wasn't working for me, actually I didn't think you disabled it on purpose. As far as I know, it is not possible to connect to the internet without an internet adapter, how do you connect to the internet? Also what is the code that disables internet adapters? if i remove it from the codes, i think i can use the codes you gave, normally your codes worked fine for me. thank you :D
 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
As far as I know, it is not possible to connect to the internet without an internet adapter, how do you connect to the internet?
Actually when you setup IP/DNS manually and then disable "Network Store Interface Service", it will disable all network services, thus all network "optimizations" and you will get a rock solid connection. It will make Windows think that there is no internet, so will also get zero telemetry. But as the result, it disables windows updates, windows firewall and so on.

Also what is the code that disables internet adapters?
You can just run this, it will reset network and network services.

I didn't think you disabled it on purpose.
I am trying to disable/block anything that could be possibly malicious. Even Windows boot logo can be dangerous.
Code:
bcdedit /set {globalsettings} custom:16000067 true
bcdedit /set {globalsettings} custom:16000068 true
bcdedit /set {globalsettings} custom:16000069 true
 

StRonK

Level 1
Apr 19, 2020
18
Actually when you setup IP/DNS manually and then disable "Network Store Interface Service", it will disable all network services, thus all network "optimizations" and you will get a rock solid connection. It will make Windows think that there is no internet, so will also get zero telemetry. But as the result, it disables windows updates, windows firewall and so on.

I will try to do what you said, I hope I will be successful.
You can just run this, it will reset network and network services.
thank you
I am trying to disable/block anything that could be possibly malicious. Even Windows boot logo can be dangerous.
It's unbelievable, I didn't know something like this could happen. Today I realized once again how ignorant I was about security. Before I joined this forum, I thought security was just about installing antivirus and that anti virus would protect me from everything. I understand that I need to be much more careful, I am grateful to you for the information you have given. thank you for everything. ❤️💕
 
Last edited:

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Just did some quick testing and I was quite surprised. I was expecting exploit protections to lower perfomance, but it was the other way around, I got noticable stuttering without them.

NoAV, Disabled everything: SecureBoot, TPM, Exploit Protections (CFG, DEP, SEHOP, ASLR)


NoAV, all security enabled, standalone TPM (the best result)


NoAV, all security enabled, plus enabled Spectre (the worst)


Defender, all security enabled


Adaware, all security enabled


So disabling Spectre mitigations is definitelly worth it on AMD. 🧐

 

TairikuOkami

Level 35
Thread author
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I have finally figured out, how to install Panda, I have to unpack an offline installer and run setup.exe, not in temp though.
I do not need nor want AV, but Windows 11 does, it causes an unpredictable behaviour without AV, I better keep a light one.

Besides, the tray icon looks really neat and it fits the overall GUI.
 

Attachments

  • capture_11102022_032728.jpg
    capture_11102022_032728.jpg
    132 KB · Views: 222
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top