Advanced Plus Security Thales Hardened system for 2021

Last updated
Sep 15, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security

WiseVector StopX​

Heuristic Analysis set to High
Ransomware rollback disabled
Enabled document folder protection (MEGA)
Firewall security
Microsoft Defender Firewall
About custom security
Bitlocker Changes (via Group policy)
  • Cypher strenght -> AES XTS 256
  • Disabled new DMA devices when this computer is locked
  • Allowed secure Boot for integrity validation
  • Requires additional authentication at Startup
    • Require TPM
    • Do not allow startup PIN with TPM
    • Do not allow startup key with TPM
    • Do not allow startup key and PIN with TPM

NextDNS
Security
Everything is on
Blocked most abused Top level Domains
Using IPv4 with Linked IP

Privacy
Blocklist

  • NextDNS Ads & Trackers Blocklist
  • UncheckyAds
  • oisd
Native Tracker Protection
  • Xiaomi
  • Huawei
  • Samsung
  • Apple
  • Roku
  • Sonos
Block Disguised Third-Party Trackers

Parental Control
Websites, Apps, Games

  • TikTok
  • Tinder
  • Fortnite
  • Minecraft
  • Tumblr
  • 9GAG
  • VK
  • Roblox
  • WhatsApp
  • Dailymotion
  • Hulu
Categories
  • Dating
  • Piracy
  • Porn
Block Bypass Methods
SafeSearch

Allow list
auth.vodafone.hu
g.api.mega.co.nz
pokercaption.com
qbittorrent.org
eu.static.mega.co.nz
1337x.to
mega.nz
twoplustwo.com
microsoft.com

Settings
Anonymized EDNS Client Subnet
Cache Boost
CNAME Flattening

OSA
Main protection is ON
(LOLBins are also blocked)

Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
  • Block executionof unsigned processes on root folder
  • Block execution of processes on Public Folder
  • Block Execution of processes on All User Folder
  • Block processes executed from Shared folder
  • Block processes executed from Network Drive
  • Block processes executed from USB
  • Block unknown processes from Windows folder
  • Block execution of unsigned processes on Downloads folder
  • Block execution of unsigned processes on Windows Temp
  • Block execution of unsigned processes on Temp Folder
Potentially unwanted processes
very important one, I don't use any remote management software, so I block everything here
  • Block execution of any processes related to Teamviewer
  • Block execution of any processes related to RealVNC
  • Block execution of any processes related to UltraVNC
  • Block execution of any processes related to NirSoft
  • Block execution of any processes related toLogMeIn
  • Block execution of any processes related to Security/Xploded
  • Block execution of any processes related to Radmin
  • Blck execution of PsTools Suite from Systernals
  • Block processes named like "keygen" or "crack"
Restrict Windows Programs
  • Block Execution of Internet Explorer
  • Block execution of Cortana
  • Block Execution of Windows Registry Editor
  • Bloc execution of UAC control Settings
Smart Powershell & CMD Rules
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
  • Block "ExecutionPolicy Bypass" on command-line (powershell)
Block Script Execution
  • Block execution of .ps1 (Powershell) scripts
  • Block ecxecution of .jar scripts
  • Block execution of .msc outside System Folder
  • Block execution of .cpl pplets outside System Folder
Other Useful Block Rules
  • Block any processes executed from mstsc (Remote Dektop)
  • Block any processes executed from runtimebroker.exe
  • Block any processes executed from java.exe
  • Block any processes executed from javaw.exe
  • Block execution of javaw\java.exe
  • Block regedit.exe from silently loading .reg scripts
  • Block reg.exe fro hijacking Registry startup entries
UAC bypass Mitigation Rules
  • Block reg.exe from disabling UAC
  • Block known and possible UAC.bypass attempts
  • Block "tricks" used to run UAC-bypass system processes

Recommended Rules by Firewall hardening
Periodic malware scanners
Hitman Pro Free
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge
  • Adblock plus
  • Enpass
Secure DNS
NextDNS
Desktop VPN
Not at this moment
Password manager
Enpass
Maintenance tools
WiseDiskCleaner Free Automatically runs daily
File and Photo backup
Redundant Backup
(Multiple locations, independent from each other)
System recovery
EasUS todo backup free
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Logging into my bank account
    • Downloading malware samples
Notable changes
2021-06-12 WD, gpedit, syshardener, NextDNS
2021-06-13 NextDNS revamp
2021-06-15 syshardener replaced with SWH, FH, SRP
2021-06-17 Back to Keepass
What I'm looking for?

Looking for maximum feedback.

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
I experience higher system impact with Windows Defender compared to F-Secure SAFE.
The lightest program I've ever used was HMPA. I know it is "just" a full-exploit stuff and MT members prefer something else but I liked it very much combined with OSA (old OSA, completely free).
The highest system impact I've ever experienced was with KIS.
I still have 2 years of subscription of AVG Total but it is not lighter than F-secure SAFE or HMPA
Even if we use the same OS systems are different and system impact depends on lot of things, so there is no universal solution that works for everyone. Testing is the only way to find out if something works or not. Even if I believe KIS is fantastic I can't use it because of my system.
What I have is AVG Total 2years of sub and F-secure SAFE 6 months of sub.
The reason why HMPA is so light, is because it isn't even a full AV. Out of AVG and F-Secure i personally would pick F-Secure, but its up to you to decide which one runs smoother on your system.
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
The reason why HMPA is so light, is because it isn't even a full AV. Out of AVG and F-Secure i personally would pick F-Secure, but its up to you to decide which one runs smoother on your system.
Yeah, your are right about HMPA.
I've made serious changes and my system is super responsive and even more secure than before, however not everyone will like it :D
 
Last edited:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
I decided to run my system without any AV solution because I really think my solution is good as a traditional AV could be or even better.

Why it is good for me?
  • I'm tired of finding solutions in every 1 or 2 months because of high system impact, bugs, or any issues related to AV's.
  • I've never got infected and it is not because of any Antivirus.
  • I don't use cracks, hacks, illegal software and this fact reduces the possible infections by 95% if not more.
  • I don't install new programs because I have everything I need to my work, so SRP whitelist rules are permanent and this is also convinient
  • I still use "HitmanPro" and "Novirusthanks" Antimalware Remover regularly to make sure my solution works and OS is clean.
  • This way my system is super responsive and also very secure.
  • My CPU and RAM usage is very low even if Edge is open and Edge is always running :)
Performance is set to Best performance. Only smooth fonts and thumbnails are active.

WD has been disabled via Group policy to prevent running "AntiMalware Service Executable". This caused a high system impact. It is still running but consumes 0 CPU.

Main protection is ON
(LOLBins are also blocked)

Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
  • Block executionof unsigned processes on root folder
  • Block execution of processes on Public Folder
  • Block Execution of processes on All User Folder
  • Block processes executed from Shared folder
  • Block processes executed from Network Drive
  • Block processes executed from USB
  • Block unknown processes from Windows folder
  • Block execution of unsigned processes on Downloads folder
  • Block execution of unsigned processes on Windows Temp
  • Block execution of unsigned processes on Temp Folder
Potentially unwanted processes
very important one, I don't use any remote management software, so I block everything here
  • Block execution of any processes related to Teamviewer
  • Block execution of any processes related to RealVNC
  • Block execution of any processes related to UltraVNC
  • Block execution of any processes related to NirSoft
  • Block execution of any processes related toLogMeIn
  • Block execution of any processes related to Security/Xploded
  • Block execution of any processes related to Radmin
  • Blck execution of PsTools Suite from Systernals
  • Block processes named like "keygen" or "crack"
Restrict Windows Programs
  • Block Execution of Internet Explorer
  • Block execution of Cortana
  • Block Execution of Windows Registry Editor
  • Bloc execution of UAC control Settings
Smart Powershell & CMD Rules
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
  • Block "ExecutionPolicy Bypass" on command-line (powershell)
Block Script Execution
  • Block execution of .ps1 (Powershell) scripts
  • Block ecxecution of .jar scripts
  • Block execution of .msc outside System Folder
  • Block execution of .cpl pplets outside System Folder
Other Useful Block Rules
  • Block any processes executed from mstsc (Remote Dektop)
  • Block any processes executed from runtimebroker.exe
  • Block any processes executed from java.exe
  • Block any processes executed from javaw.exe
  • Block execution of javaw\java.exe
  • Block regedit.exe from silently loading .reg scripts
  • Block reg.exe fro hijacking Registry startup entries
UAC bypass Mitigation Rules
  • Block reg.exe from disabling UAC
  • Block known and possible UAC.bypass attempts
  • Block "tricks" used to run UAC-bypass system processes

System Restriction Policy
Set to Disallowed and controlled via Group policy
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
I decided to run my system without any AV solution because I really think my solution is good as a traditional AV could be or even better.

Why it is good for me?
  • I'm tired of finding solutions in every 1 or 2 months because of high system impact, bugs, or any issues related to AV's.
  • I've never got infected and it is not because of any Antivirus.
  • I don't use cracks, hacks, illegal software and this fact reduces the possible infections by 95% if not more.
  • I don't install new programs because I have everything I need to my work, so SRP whitelist rules are permanent and this is also convinient
  • I still use "HitmanPro" and "Novirusthanks" Antimalware Remover regularly to make sure my solution works and OS is clean.
  • This way my system is super responsive and also very secure.
  • My CPU and RAM usage is very low even if Edge is open and Edge is always running :)
Performance is set to Best performance. Only smooth fonts and thumbnails are active.

WD has been disabled via Group policy to prevent running "AntiMalware Service Executable". This caused a high system impact. It is still running but consumes 0 CPU.

Main protection is ON
(LOLBins are also blocked)

Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
  • Block executionof unsigned processes on root folder
  • Block execution of processes on Public Folder
  • Block Execution of processes on All User Folder
  • Block processes executed from Shared folder
  • Block processes executed from Network Drive
  • Block processes executed from USB
  • Block unknown processes from Windows folder
  • Block execution of unsigned processes on Downloads folder
  • Block execution of unsigned processes on Windows Temp
  • Block execution of unsigned processes on Temp Folder
Potentially unwanted processes
very important one, I don't use any remote management software, so I block everything here
  • Block execution of any processes related to Teamviewer
  • Block execution of any processes related to RealVNC
  • Block execution of any processes related to UltraVNC
  • Block execution of any processes related to NirSoft
  • Block execution of any processes related toLogMeIn
  • Block execution of any processes related to Security/Xploded
  • Block execution of any processes related to Radmin
  • Blck execution of PsTools Suite from Systernals
  • Block processes named like "keygen" or "crack"
Restrict Windows Programs
  • Block Execution of Internet Explorer
  • Block execution of Cortana
  • Block Execution of Windows Registry Editor
  • Bloc execution of UAC control Settings
Smart Powershell & CMD Rules
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
  • Block "ExecutionPolicy Bypass" on command-line (powershell)
Block Script Execution
  • Block execution of .ps1 (Powershell) scripts
  • Block ecxecution of .jar scripts
  • Block execution of .msc outside System Folder
  • Block execution of .cpl pplets outside System Folder
Other Useful Block Rules
  • Block any processes executed from mstsc (Remote Dektop)
  • Block any processes executed from runtimebroker.exe
  • Block any processes executed from java.exe
  • Block any processes executed from javaw.exe
  • Block execution of javaw\java.exe
  • Block regedit.exe from silently loading .reg scripts
  • Block reg.exe fro hijacking Registry startup entries
UAC bypass Mitigation Rules
  • Block reg.exe from disabling UAC
  • Block known and possible UAC.bypass attempts
  • Block "tricks" used to run UAC-bypass system processes

System Restriction Policy
Set to Disallowed and controlled via Group policy
I actually think you might be fine with NextDNS + OS Armor and don't even need an AV if you are careful online. NoVirusThanks Malware Remover however is outdated and didn't receive updates for a long time according to the information on their website. Somehow it's still optimized for Windows 10 even tho it didn't get updated since 2011... :unsure:. Maybe consider using at least WiseVector, people say it's really light and even cruelsister was losing some good words about it, and that means something.
Here the info I found about NVT Malware Remover:
Unbenannt.PNG
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
Boredom is here, so I decided to give some antivirus a chance and I won't use SRP.

My first pick is

HEIMDAL™ PREMIUM SECURITY HOME​

I totally forget this software but an email reminded me that my licence has expired.

Performance:
Every module is active and I'm impressed how light it is. The GUI is nice and the software is responsive.
Protection:
I don't know how strong the protection is but I don't really care because OSA is still active :D

Another changes:
Back to syncbackpro because it is the best. Period :D
I'm thinking about using a password manager again but can't make up my mind. My current solution is good but not convenient.
Maybe firefox lockwise but changing to firefox from edge is not the first thing I would chose. Also Windows hello PIN is important because I don't wanna type my password again and again.
 
Last edited:

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
Boredom is here, so I decided to give some antivirus a chance and I won't use SRP.

My first pick is

HEIMDAL™ PREMIUM SECURITY HOME​

I totally forget this software but an email reminded me that my licence has expired.

Performance:
Every module is active and I'm impressed how light it is. The GUI is nice and the software is responsive.
Protection:
I don't know how strong the protection is but I don't really care because OSA is still active :D

Another changes:
Back to syncbackpro because it is the best. Period :D
I'm thinking about using a password manager again but can't make up my mind. My current solution is good but not convenient.
Maybe firefox lockwise but changing to firefox from edge is not the first thing I would chose. Also Windows hello PIN is important because I don't wanna type my password again and again.
Tried it too for a while but it was quite unstable and crashed from time to time back then. Is it stable for you and is it finally recognized by Windows as an AV?
Also, why you state using a third party firewall while using FirewallHardening?
 
Last edited:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
Tried it too for a while but it was quite unstable and crashed from time to time back then. Is it stable for you and is it finally recognized by Windows as an AV?
Also, why you state using a third party firewall while using FirewallHardening?
It is stable now. I don't remember why I didn't use it but I had a license.
Forget to delete the firewall hardening line. Thanks :D

1612534242513.png
 

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
I deleted Heimdal Premium Security Home because I download some suspicious files intentionally and it failed to detect while HitmanPro recognized them. Also checked them on virustotal. The product is very light but the protection also light :D

My 2nd pick is

TREND MICRO MAXIMUM SECURITY​

My first impression is good. It is also very light but compared to Heimdal the protection is better. It recognized the files I downloaded and the test results of this product I found are good. I'm not a malware tester, so my opinion relies on other tests.
The GUI isn't bad, and it is responsive. Instantly stops the scan when I press the cancel button and it is rare in antivirus products.
I was impressed and I'm thinking about buying this product but still have 6 months of trial but Trend Micro Internet security is cheap. It has everything I need however I still have 2 years from AVG Ultimate but I don't use it except the VPN on my mobile phone.

Also back to Enpass. Convenient and it is a very good Password manager with Windows Hello.
 
Last edited:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
So, I tried McAfee again in the last week and it is still good. I had no any problem with it.
Since Norton my browser makes unknown disconnection sometimes. I'm pretty sure it is because of Norton firewall.
  • I bought Norton 360 Standard and I've been made few changes to maximum protection without sacrificing performance..
  • Removed OSA (I had no problem with it)
  • Removed Next DNS app because Norton and other AV'S say it is unsafe and malicious (probably false positive), but I set it up in the browser, so it works.
more info NextDNS agent 2.0.1 now detected as malware
 
Last edited:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
732
Couldn't solved the delay when loading webpages, so I'm temporally back to Firefox.
I tried to disable every protection Norton has but nothing helped. Maybe it is Edge itself but don1T care because the next system restore is coming and will see.
Firefox seems fine and works as Edge before.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top