Advanced Plus Security Thales Hardened system for 2021

Last updated
Sep 15, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security

WiseVector StopX​

Heuristic Analysis set to High
Ransomware rollback disabled
Enabled document folder protection (MEGA)
Firewall security
Microsoft Defender Firewall
About custom security
Bitlocker Changes (via Group policy)
  • Cypher strenght -> AES XTS 256
  • Disabled new DMA devices when this computer is locked
  • Allowed secure Boot for integrity validation
  • Requires additional authentication at Startup
    • Require TPM
    • Do not allow startup PIN with TPM
    • Do not allow startup key with TPM
    • Do not allow startup key and PIN with TPM

NextDNS
Security
Everything is on
Blocked most abused Top level Domains
Using IPv4 with Linked IP

Privacy
Blocklist

  • NextDNS Ads & Trackers Blocklist
  • UncheckyAds
  • oisd
Native Tracker Protection
  • Xiaomi
  • Huawei
  • Samsung
  • Apple
  • Roku
  • Sonos
Block Disguised Third-Party Trackers

Parental Control
Websites, Apps, Games

  • TikTok
  • Tinder
  • Fortnite
  • Minecraft
  • Tumblr
  • 9GAG
  • VK
  • Roblox
  • WhatsApp
  • Dailymotion
  • Hulu
Categories
  • Dating
  • Piracy
  • Porn
Block Bypass Methods
SafeSearch

Allow list
auth.vodafone.hu
g.api.mega.co.nz
pokercaption.com
qbittorrent.org
eu.static.mega.co.nz
1337x.to
mega.nz
twoplustwo.com
microsoft.com

Settings
Anonymized EDNS Client Subnet
Cache Boost
CNAME Flattening

OSA
Main protection is ON
(LOLBins are also blocked)

Nlock Specific Location
This is crucial, maybe AppData is also should be blocked.
  • Block executionof unsigned processes on root folder
  • Block execution of processes on Public Folder
  • Block Execution of processes on All User Folder
  • Block processes executed from Shared folder
  • Block processes executed from Network Drive
  • Block processes executed from USB
  • Block unknown processes from Windows folder
  • Block execution of unsigned processes on Downloads folder
  • Block execution of unsigned processes on Windows Temp
  • Block execution of unsigned processes on Temp Folder
Potentially unwanted processes
very important one, I don't use any remote management software, so I block everything here
  • Block execution of any processes related to Teamviewer
  • Block execution of any processes related to RealVNC
  • Block execution of any processes related to UltraVNC
  • Block execution of any processes related to NirSoft
  • Block execution of any processes related toLogMeIn
  • Block execution of any processes related to Security/Xploded
  • Block execution of any processes related to Radmin
  • Blck execution of PsTools Suite from Systernals
  • Block processes named like "keygen" or "crack"
Restrict Windows Programs
  • Block Execution of Internet Explorer
  • Block execution of Cortana
  • Block Execution of Windows Registry Editor
  • Bloc execution of UAC control Settings
Smart Powershell & CMD Rules
Maybe I should block more powershell commands. I'm not sure because I'm not familiar with powershell.
  • Block "ExecutionPolicy Bypass" on command-line (powershell)
Block Script Execution
  • Block execution of .ps1 (Powershell) scripts
  • Block ecxecution of .jar scripts
  • Block execution of .msc outside System Folder
  • Block execution of .cpl pplets outside System Folder
Other Useful Block Rules
  • Block any processes executed from mstsc (Remote Dektop)
  • Block any processes executed from runtimebroker.exe
  • Block any processes executed from java.exe
  • Block any processes executed from javaw.exe
  • Block execution of javaw\java.exe
  • Block regedit.exe from silently loading .reg scripts
  • Block reg.exe fro hijacking Registry startup entries
UAC bypass Mitigation Rules
  • Block reg.exe from disabling UAC
  • Block known and possible UAC.bypass attempts
  • Block "tricks" used to run UAC-bypass system processes

Recommended Rules by Firewall hardening
Periodic malware scanners
Hitman Pro Free
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge
  • Adblock plus
  • Enpass
Secure DNS
NextDNS
Desktop VPN
Not at this moment
Password manager
Enpass
Maintenance tools
WiseDiskCleaner Free Automatically runs daily
File and Photo backup
Redundant Backup
(Multiple locations, independent from each other)
System recovery
EasUS todo backup free
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Logging into my bank account
    • Downloading malware samples
Notable changes
2021-06-12 WD, gpedit, syshardener, NextDNS
2021-06-13 NextDNS revamp
2021-06-15 syshardener replaced with SWH, FH, SRP
2021-06-17 Back to Keepass
What I'm looking for?

Looking for maximum feedback.

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,472
This is my current setup for 2021

Reminder how antiviruses perform on my system. (only performance, not protection)
Sophos = 1/5
Very heavy on my system. I uninstalled and won't use it in the near future.
Heimdal = 5/5
Very fast and responsive program however the protection rate is very bad and for this price there are better alternatives.

Trend Micro = 5/5
It is fast and offers better protection than Heaimdal.
McAfee = 5/5
Fast and the protection rate is also good.
AVG = 4/5
I have mixed feeling about it.
Norton = 5/5
It is crazy fast and responsive. Protection rate is on the top. Must have product. Probably the fastest and most improved complete suit I 've tried. Scanning consume 30-35% CPU which is very good and this way the system remains very usable..
Sophos 1/5? :oops:
I mean yea it has many processes, but is it actually slowing down your system that much? I have it installed for some days now and I can barely see any CPU usage.

Unbenannt.PNG

When scanning:

Scan.PNG

But as I can see you are totally fine with Norton. :)
 
Last edited by a moderator:

Thales

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2017
708
Sophos 1/5? :oops:
I mean yea it has many processes, but is it actually slowing down your system that much? I have it installed for some days now and I can barely see any CPU usage.
Yes, and I was surprised too. It slowed down my system as hell. I couldn't even browsing or use my PC as usual.
I tried to make a quick scan to see how it performs but it used all of my CPU. I liked HMPA that's why I gave it a chance (I know different product but same brand).
Maybe it is my system that Sophos didn't like who knows.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,719
Yes, and I was surprised too. It slowed down my system as hell. I couldn't even browsing or use my PC as usual.
I tried to make a quick scan to see how it performs but it used all of my CPU. I liked HMPA that's why I gave it a chance (I know different product but same brand).
Maybe it is my system that Sophos didn't like who knows.
What do you use to measure system performance? Do you just browse and open programs, or do you use a benchmark of some sort?
 
F

ForgottenSeer 89360

@Thales
I agree with your opinion about Trend Micro, it's light, easy to use and intuitive.

Regarding McAfee, I personally would advise you to stay clear, as long as Avast, Kaspersky, Trend and Norton exist.
I tested it few nights ago and I have to say I am not impressed at all.
UI is now very fast and snappy, that's a plus. Programs launch fast, another plus.
But it missed too much malware and even missed a document with macro...Every AV now handles these, only McAfee doesn't.
I would recommend McAfee to people who work with a small set of trusted content, but people looking for protection, better look elsewhere.
 
Last edited by a moderator:

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,472
In my experience, it is better to install SHP on a newly configured system. It takes days to wind down and cache everything, so if you install it on a system with bunch of installed software, I can imagine how unresponsive the system would be.
That's what I did actually. Might be the reason why its running so smoothly on my side.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,719
In my experience, it is better to install SHP on a newly configured system. It takes days to wind down and cache everything, so if you install it on a system with bunch of installed software, I can imagine how unresponsive the system would be.
That's what I did actually. Might be the reason why its running so smoothly on my side.
I had the same experience. After waiting about 48 hours for it to cache things it ran very smooth. But, I know some people have had issues where it never settles in.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
I had the same experience. After waiting about 48 hours for it to cache things it ran very smooth. But, I know some people have had issues where it never settles in.
Exactly. SHP was not for me and I had to look somewhere else, but I saw it working very light on some systems, high-end systems with decent internet speed. The product always slowed down Firefox.
 

Dex4Sure

Level 3
Verified
Well-known
May 14, 2019
116
Not doing too bad

Test again on Android ;) Big difference. On Windows 10 FF does pretty well I agree. Still behind Chrome. And over time it still gets slower until you reinstall it while I've noticed while Chrome doesn't seem to. I just used 2 months Firefox straight cause I was fed up with Google, but nah I realized just can't do it any longer. The moment I tried Chrome again, everything just seemed to work faster and in some cases just more reliably too... Not to mention printing with Firefox... My printer just doesn't play nicely with FF while Chrome never had any issues.
 

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,472
Test again on Android ;) Big difference. On Windows 10 FF does pretty well I agree. Still behind Chrome. And over time it still gets slower until you reinstall it while I've noticed while Chrome doesn't seem to. I just used 2 months Firefox straight cause I was fed up with Google, but nah I realized just can't do it any longer. The moment I tried Chrome again, everything just seemed to work faster and in some cases just more reliably too... Not to mention printing with Firefox... My printer just doesn't play nicely with FF while Chrome never had any issues.
Oh, I only use the Windows version anyway so I can't say anything about the phone versions. Even tho Chrome might be faster, privacy goes first for me.
 

Dex4Sure

Level 3
Verified
Well-known
May 14, 2019
116
Oh, I only use the Windows version anyway so I can't say anything about the phone versions. Even tho Chrome might be faster, privacy goes first for me.
I need to use my browser across different devices. Gotta say that when you need fast browser with great syncing capabilities Chrome is still the top dog to this day. There are many other fast Chromium browsers, but none of them really come close to Chrome in reliability of their sync feature. That's big problem for me as multi-device user. I have large number of bookmarks of which many are vital to me. For example Brave is great, but its sync is just inadequate for me.

The only browser that can somewhat compete in syncing with Chrome is Firefox, but it has the issues I mentioned earlier. And well perhaps Edge, but never really used it and don't think I will... So looks like I'm stuck with Google unfortunately.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top