Advanced Security Thales' Config 2023

Last updated
Oct 30, 2023
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
Real-time security
  1. Avast
  2. OSA
Firewall security
Microsoft Defender Firewall
About custom security
Avast Free
File Shield + Behavior Shield only
High Sensitivity everywhere + hardened mode.
OSA: Custom
GPO: Bitlocker is changed to 256 bit
Periodic malware scanners
Windows Defender
Malware sample testing
I do not participate in malware testing
Environment for malware testing
None
Browser(s) and extensions
Firefox: I don't care about cookies
Secure DNS
ControlD
Desktop VPN
Nope
Password manager
Keepass
Maintenance tools
Wise Disk Cleaner Free (Auto clean-up daily)
File and Photo backup
Mainly: Local Offline backups.
Google One (200GB)
Other clouds for my password database
System recovery
Macrium Reflect
Freefilesync
Risk factors
    • Browsing to popular websites
    • Working from home
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
What I'm looking for?

Looking for maximum feedback.

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Have you tried trend micro? I havent used it , but they promote ai and i have decided to give it a go this year
I tried Trend Micro a few months ago out of curiousity for about 6 weeks, it seemed OK, no 2nd opinion scans found anything that got past it, nor did F-Secure SAFE when I installed it in place of TM. I went back to SAFE because I'm a long time user of it, I like it and am happy with the deal I got for it.
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
Have you tried trend micro? I havent used it , but they promote ai and i have decided to give it a go this year
Basically Defender can do the same. According to AV tests, Defender appears to perform very good. As AI is being integrated into various tools, such as a chatbot in Bing, I am interested in continuing to use Defender and seeing if it can improve even more.

I hope by this that you mean AI implementations in things such as security applications. AI used in things like the chatbots that I've encountered could seriously cause people to question the meaning of life.
I've been using Midjourney for months and I find it insanely helpful. I love it so much. 😍
Also, ChatGPT has assisted me in various tasks in the past, and I am excited to see what else it can help me learn in the future. It has already helped me with tasks such as translation, learning about physics, biology, philosophy, IT and religion.
People try to discredit ChatGPT and make fun of it because they do not understand its potential use. Their attitude only reflects their ignorance and lack of imagination.
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Basically Defender can do the same. According to AV tests, Defender appears to perform very good. As AI is being integrated into various tools, such as a chatbot in Bing, I am interested in continuing to use Defender and seeing if it can improve even more.


I've been using Midjourney for months and I find it insanely helpful. I love it so much. 😍
Also, ChatGPT has assisted me in various tasks in the past, and I am excited to see what else it can help me learn in the future. It has already helped me with tasks such as translation, learning about physics, biology, philosophy, IT and religion.
People try to discredit ChatGPT and make fun of it because they do not understand its potential use. Their attitude only reflects their ignorance and lack of imagination.
AI looks like it might be about to take really big steps in the IT security and associated fields, which should be good, but I worry about the 'dark side' escalating their attacks even more than at present through using it.

Fraction Pollack and RAMbrandt! I knew nothing about Midjourney, but seeing that the home page resembles a Blade Runner style gallery scene, IMO, I'm very curious now, spare time might be spent with there. I need to catch up with AI, ChatGPT is another item on my explore list. I need to postpone my redundancy date!
 

Attachments

  • Midjourney -home.PNG
    Midjourney -home.PNG
    2.7 MB · Views: 111

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
AI looks like it might be about to take really big steps in the IT security and associated fields, which should be good, but I worry about the 'dark side' escalating their attacks even more than at present through using it.

Fraction Pollack and RAMbrandt! I knew nothing about Midjourney, but seeing that the home page resembles a Blade Runner style gallery scene, IMO, I'm very curious now, spare time might be spent with there. I need to catch up with AI, ChatGPT is another item on my explore list. I need to postpone my redundancy date!
You can find a lots of bad generated AI arts on the internet because finding the right prompt is very difficult due to the almost infinite possibilities.
As a former artist, I find it to be like heaven. :D
I'm not gonna spam this thread but here are a few examples of what Midjourney is capable of.
Untitled-1.jpg
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
Is your Syshardener updated to the subscription service at all? And may I ask the reason why you may not need a VPN?

~LDogg
I'm still using the trial version but I'm not gonna buy/renew it until I can provide similar things via GPO.
I don't need VPN because privacy is not my first priority. There is no censorship in my country, I don't use remote access and anonymous browsing is just a myth.
Probably geo-restricted content and ISP throttling are the reason why I should use it.
 
Last edited:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
I've changed the settings of Keepass.

Key transformation Argon 2id
Iterations: 80
Memory 500 MB
Parallelism: 20

It takes 7-8 sec to save/open my database.
Also I added keyfile again.
The keyfile is encrypted by Zip with different password than the password database.
I have also eliminated any unsecured encrypted plaintexts.
As a precaution, I have an encrypted USB drive where I can restore the database in case if Keepass database becomes corrupt.
 
  • Like
Reactions: oldschool

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
I have changed my backup plan and method.

I encrypted my sensitive files with zip and I upload them to the cloud. I have many pictures that are probably only important to me, but you never know. I have deleted all of them and now I only keep them offline on three devices which are encrypted with Bitlocker.
I don't trust programs that offer encryption like 7zip, bandizip, etc. because a single bad line of code can make the implementation vulnerable. VeraCrypt is good and I trust it, but 20-25GB of data requires too many containers.

Also I've changed from MEGA to Onedrive basic. 100GB is more than enough and it is very cheap.
 
Last edited:
  • Like
Reactions: oldschool

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
I had a small issue. Windows 11 prompted me to install, but I had enabled the "Require trusted path for credential entry" setting, so the splash screen prevented me from doing anything. As a result, I had to restore the system.

Changes
Require trusted path for credential entry Enabled
Now I only use portable apps if I can. It's more convenient for me and the system also works much more efficiently.
NO SRP for now.
 

piquiteco

Level 14
Oct 16, 2022
624
@Thales That I remember in a post if I'm not mistaken this one post #11 once you told me that you used for 2 Years the sticky password and it was very good, you don't use nowadays? have you used it? maybe I had misunderstood.
 
  • Like
Reactions: Thales

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
@Thales That I remember in a post if I'm not mistaken this one post #11 once you told me that you used for 2 Years the sticky password and it was very good, you don't use nowadays? have you used it? maybe I had misunderstood.
You remember well, I used it for at least 2 years. The program was very good, and the browser extension worked well too. I would say it was secure (and probably still is), although it doesn't have as many settings as Keepass, but it does offer 2FA and local sync. local sync is not a reason to switch to Sticly IMO.

In my opinion, Keepass offers better options. If you prefer an offline password manager, Keepass is the best option. If you prefer a cloud-based option, Bitwarden is a good choice.

I use Keepass with keyfile and hardened encryption. 2 plugins only without browsers extension and redundant backups.
Keepass is good, but if I had to switch, I would choose Bitwarden first and then Sticky.
 
Last edited:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
Changes:

I added new ASR rules.

Block process creations from Win32 system binaries 1E99423B-41E0-4FE0-BAEA-1DBD9FA9C9F4
Block process creations originating from PSExec and other remote management tools 9E6B2D5F-9C79-4CB2-AFEA-8BDE36EAD7DD
Block Office applications from creating files in user profile paths CA1F5E86-BBCE-4375-A5E0-44C6A9153ABA
Block execution of binaries from compressed and encrypted archives BE1A3039-4BD6-4523-A7BC-4B8A0E0D452A
Block Office applications from creating child processes through OLE 9B5E5345-4B75-4B0F-8212-AC128AD5A033
Block code from running in PowerShell unless it's signed by a trusted publisher 0F3B97A3-2C43-4F31-8B46-9F9D80269B60


My new backup app is Paragon Backup. Works perfectly.

As I mentioned before I use portable apps. If I can't find the portable version of the desired app I install it first and then I just copy/paste the entire folder. It works.
Here is the list of the apps.
Installed
7zip (shell integration is important)
Geforce Now
Paragon backup
WPs Office

Portable
Driver Booster Pro (Copy/Paste)
Goodsync pro (copy/paste)
Hibit Uninstaller
Keepass
PotPlayer
qBittorrent (copy/paste)
Wise Disk cleaner
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
Just a little summarization of my security, to see what I have and what should I change. I marked the neuralgic points with color.

Email Security
(1 email account only)
- Private login mail, never shared, 2FA is required to login or change something
- Public Email, only for communicating

Password manager
- Offline, Keyfile, 40+ character. AES, Argon2id

Password Backup
- Redundant
- Unencrypted form of Password database on 3 physical drives but encrypted with bitlocker
- Original password database on 4 clouds

Windows Security
- Drive encryption: Bitlocker, AES 256bit
- Administrator account
- PIN
- F-Secure
- OSArmor
- Windows Firewall

Browser Security

- Extension: PayPal Honey: Automatic Coupons & Cash Back
- NextDNS

Cloud Security
- Onedrive 100GB
- No sensitive information stored on the cloud in unencrypted form
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top