RISK: Danger TairikuOkami's Crippled Windows

Most recent changes
Aug 5, 2018
Operating System
Windows Edition
Home
Build
1803
System type
64-bit OS
Security Updates
Check for Updates only - User interaction for download and installation
User Access Control
Always Notify - For App installs, Modify system & User settings
Device Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Disabled - Safety mechanisms are turned off
User Account
Administrator - User has complete control over the device
Recent Security Incidents
No malware or privacy issues
Malware Testing
No Malware on host PC or VM
Real-time Web & Malware Protection
Windows Defender Firewall & UltraDNS Threat Protection
Security Protection settings
Custom - Major changes for Increased Security
Virus and Malware Removal Tools
Random (CureIt/FRST/EEK/KVRT/NPE)
Browsers and Extensions
Yandex Browser & AdBlocker for Youtube/Cookie AutoDelete/Context Menu Search/Dictionary Lookup/h264ify/IDN Safe/Netcraft/Poper Blocker/Turn Off the Lights (blocks HTML5 Autoplay)/uBlock Origin (no AD blocking, just Annoyances/Privacy)
Web Privacy
SecureDNS via browser's dnscrypt & browser extensions listed above
Password Management
Keepass (offline)
Default Web Search
DuckDuckGo (Uncensored)
System Utilities collection
Autoruns, Disc Cleanup, Driver Easy, Driver Store Explorer, Geek Uninstaller, Process Hacker Nightly, Windows Repair Toolbox, Wise Disk Cleaner, Wise Registry Cleaner
Personal data Backup
Copy/Paste
Intervals between Personal data backups
Weekly
Disk Imaging Backup
None
Intervals between System Image backups
None
Device Specs
http://steamcommunity.com/id/tairikuokami

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
739
OS
Windows 10
#44
Have you thought of using SRP or anti exes?
Since only exe with a valid digital signatures is allowed to run, that should take care of like 99% of them.
In order to use SRP, I would have to allow scripts, Windows Event Log, etc, that is too much of a compromise.

Currently testing RollBack Rx Home Edition, it seems pretty idiot proof, so that might be just what I need.
Still I do not get, where does it store snapshots. They say, that snapshots are magically hidden somewhere.

Where is the snapshot and what is the filename - Horizon DataSys Community Forum
 

Attachments

Last edited:

tonibalas

Level 39
Trusted
Joined
Sep 26, 2014
Messages
2,881
#45
Go to snapshots choose Explore Snapshot and there you will see that they are loaded on C:
I am not sure if that is all correct because i have removed RB RX about a month now so i can't be sure
 

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
739
OS
Windows 10
#46
Explore will only mount them in VM. I need to know, where they are to see the size, since my partition is tiny, but I guess it will pop up eventually. Windows already refuses to upgrade, because ~50GB is minimum. I could not even install the last update at first, it cried out, that I do not a sufficient space (with 25 GB free). :cautious:
 
Joined
Dec 23, 2014
Messages
1,686
OS
Windows 10
Antivirus
Microsoft
#48
Since only exe with a valid digital signatures is allowed to run, that should take care of like 99% of them.
In order to use SRP, I would have to allow scripts, Windows Event Log, etc, that is too much of a compromise.

Currently testing RollBack Rx Home Edition, it seems pretty idiot proof, so that might be just what I need.
Still I do not get, where does it store snapshots. They say, that snapshots are magically hidden somewhere.

Where is the snapshot and what is the filename - Horizon DataSys Community Forum
You can adopt SRP and set SRP Default Security Level to Disallowed - this applies extended VBScript and CMD script protection. There are two easy solutions for running scripts with active SRP:
1. Copy all useful scripts to Program Files or Windows subfolder - those folders can be safely whitelisted in SRP.
or
2. Run the file manager (like Total Commander) as administrator for executing the scripts. This will bypass SRP.
.
That is not true that you are 99% safe using the EXE protection via valid digital signatures. The UAC setting ValidateAdminCodeSignatures=1, allows running any EXE that does not need to elevate. It also allows all UAC bypasses (not many on Windows 10). The protection is probably closer to 80%.
.
Anyway, If you use Windows 10 + Fortinet + RB RX + your tweaks + ValidateAdminCodeSignatures, and have no happy clicker habits, then you have a pretty much secure setup.
.
I would add only a pendrive or DVD external rescue system, to troubleshoot the event when your system disk will not start (broken partition). (y)
 

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
739
OS
Windows 10
#50
You config will remain in Risky temporally until You enable OS File Reputation (SmartScreen)
That will never happen, since I would not like SWAT team knocking down my doors, MS is known to report everything and helped to arrest many people already.

Anyway I reverted back to my original config, I got tired of running AV (hard to test other AVs then) and Rollback was taking too much space. So back to square 1. :coffee:

You might say, that VM or a system imaging would help to test other AVs, but no, that is cheating. I need to know, how well it installs/uninstalls and if there are conflicts with previously installed AVs due to remains (Panda leaves such a mess, just like Zemana). I always like to do it the hard way, it is more fun and it teaches how to clean.
 

Attachments

Last edited:

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
739
OS
Windows 10
#52
Just a little/big update:

Added: K9 Web Protection
Disabled some Windows drivers.


Since 1803, it is no longer possible to uninstall network protocols, MS said: Because we say so ... .
So I have disabled their drivers, plus a few drivers related to remote management/sharing, thanks MS.
I have Server/Workstation disabled, that should take care of the "Client for Microsoft Network" & "File and Printer Sharing".

Cannot uninstall protocols such as client for Microsoft networks

Code:
rem Link-Layer Topology Discovery Responder / Default - 2
reg add "HKLM\System\CurrentControlSet\Services\rspndr" /v "Start" /t REG_DWORD /d "4" /f

rem Link-Layer Topology Discovery Mapper I/O Driver / Default - 2
reg add "HKLM\System\CurrentControlSet\Services\lltdio" /v "Start" /t REG_DWORD /d "4" /f

rem Microsoft LLDP Protocol Driver / Default - 2
reg add "HKLM\System\CurrentControlSet\Services\MsLldp" /v "Start" /t REG_DWORD /d "4" /f

rem Microsoft Virtual Network Adapter Enumerator / Default - 3
reg add "HKLM\System\CurrentControlSet\Services\NdisVirtualBus" /v "Start" /t REG_DWORD /d "4" /f

rem QoS for storage I/O traffic / Default - 2
reg add "HKLM\System\CurrentControlSet\Services\storqosflt" /v "Start" /t REG_DWORD /d "4" /f

rem QoS Multimeda Class Scheduler / Default - 2
reg add "HKLM\System\CurrentControlSet\Services\MMCSS" /v "Start" /t REG_DWORD /d "4" /f

rem QoS Packet Scheduler / Default - 1
reg add "HKLM\System\CurrentControlSet\Services\Psched" /v "Start" /t REG_DWORD /d "4" /f

rem Named pipe service trigger provider / Default - 1
rem https://msdn.microsoft.com/en-us/library/windows/desktop/aa365590(v=vs.85).aspx
reg add "HKLM\System\CurrentControlSet\Services\npsvctrig" /v "Start" /t REG_DWORD /d "4" /f

rem NetBIOS Interface / Default - 1
reg add "HKLM\System\CurrentControlSet\Services\NetBIOS" /v "Start" /t REG_DWORD /d "4" /f

rem NetBIOS over TCP/IP / Default - 1
reg add "HKLM\System\CurrentControlSet\Services\NetBT" /v "Start" /t REG_DWORD /d "4" /f

rem Remote Desktop Device Redirector Bus Driver / Default - 3
reg add "HKLM\System\CurrentControlSet\Services\rdpbus" /v "Start" /t REG_DWORD /d "4" /f

rem The framework for network mini-redirectors / Default - 1
rem https://docs.microsoft.com/en-us/windows-hardware/drivers/ifs/the-redirected-drive-buffering-subsystem
reg add "HKLM\System\CurrentControlSet\Services\rdbss" /v "Start" /t REG_DWORD /d "4" /f

rem A little bonus - Disable IPv6/LMHOSTS lookup/NetBIOS and Set DNS Servers
netsh int ipv6 isatap set state disabled
netsh int teredo set state disabled
netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
reg add "HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters" /v "DisabledComponents" /t REG_DWORD /d "255" /f
wmic nicconfig where DHCPEnabled=TRUE call SetDNSServerSearchOrder ("1.1.1.1")
reg add "HKLM\System\CurrentControlSet\Services\NetBT\Parameters" /v "EnableLMHOSTS" /t REG_DWORD /d "0" /f
wmic nicconfig where TcpipNetbiosOptions=0 call SetTcpipNetbios 2
wmic nicconfig where TcpipNetbiosOptions=1 call SetTcpipNetbios 2
 

LDogg

Level 11
Joined
May 4, 2018
Messages
516
#53
Important changes to be made:
- Have Smartscreen turned on
- Backup files using either Macrium Reflect or Aomei Backupper

Smartscreen doesn't do anything like arrest people or any other fake news propaganda crap.

Things you could add to your config:
  • OSArmor combined with VoodooShield
  • Syshardener & UnChecky for Windows Firewall/OS Hardening & PUP aspects
  • Sandboxie for web browser security/privacy
  • PrivaZer for privacy cleanup ppr junk files
~LDogg
 
Joined
May 16, 2018
Messages
52
OS
Windows 10
Antivirus
Norton
#56
come on...you seriously believe that? :ROFLMAO:
Yeah.

Don't buy that conspiracy theory.

I can assure you, MS is not interested in doing law enforcement activities on your machine. They don't make any money out of that. Yes, they will comply with law enforcement subpoenas and passively resist software piracy mostly for MS products... but that's about it.
 
Joined
Nov 8, 2014
Messages
1,268
OS
Windows 10
Antivirus
Microsoft
#57
@TairikuOkami
You need to remove similar extensions from your browser such as Cookie autodelete & I don't care about cookies. You can install uBO or BD Traffic light for added protection.
As for DNS, use the DNS server in your router and or use DNS query using Windows and switch to Quad9.
As for W10 telemetry, use donotspy10 or O&O Shutup 10 to do the job. Disable sihclient and similar( In task scheduler) if you want to disable Auto WU w/o user consent over metered connections. You can use WUMT wrapepr script to block WU and enable them when needed.
Macrium reflect has a freeware version for Image backup.
 

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
739
OS
Windows 10
#58
come on...you seriously believes that? :ROFLMAO:
MS reported it on its own blog just this year, mostly for onedrive, but the same EULA applies to all services. But it was obvious before, since MS helped to arrest people dozen of times, it was all over the news, but I guess some people are only interested in security news. :D

2004 - Police: Microsoft helped catch suspect
2014 - Microsoft alerts police to child porn (onedrive)

You need to remove similar extensions from your browser such as Cookie autodelete & I don't care about cookies.
Cookie autodelete removes cookies. I don't care about cookies blocks cookie notices caused by EU laws.
 
Joined
May 31, 2015
Messages
424
OS
Windows 10
Antivirus
Kaspersky
#59
You may add decentraleyes,HTTPS everywhere. & regarding Cookie autodelete & I don't care about cookies, it won't conflict. If you use adguard,you can enable I don't care about cookies in its filter & don't need d extension.
btw do you use yandex stable or beta?
 

davisd

Level 16
Joined
Feb 2, 2016
Messages
784
#60
That will never happen, since I would not like SWAT team knocking down my doors, MS is known to report everything and helped to arrest many people already
What criminal activities you are doing online to be worried about that? :D I'd be more worried about ISP collecting info than MS, they for sure can sue you if their services gets abused, unless you use custom DNS servers/VPN, but they still can get to you easy. I think it's less than 0.1% chanse that MS will actually do anything/care about you/your online activities. If you fade some day away from Malwaretips, we will know that SWAT got you. :D I know there are privacy paranoids, but to disable SmartScreen because of that is next level.. stay safe! ;)
 
Last edited:
Forgot your password?