Advanced Plus Security Thales Minimalist Security Config

[Thales]

So I tried to make a minimalist but secure config here

Spoiler: Installed Apps

• Only a few installed apps mostly because there is no portable version or the shell integration is important
• They don't start automatically. I turned them off!

Spoiler: System tweaks

Performance

• Uninstalled some windows features (IE, xboxlive, onenote, games, etc.)
• Black Viper’s Windows 10 Service Configurations
• Windows Defender is off
• I disabled the auto start of all unnecessary programs and services
  • The system consumes 1,3 GB RAM after the login.

Security

• Basic security tweaks (autoplay disabled, smartscreen, UAC max etc.)
• Security software tweaks: SRP, Win10 Shut up
• Firewall: Inbound and outbound connections that do not match the rule are blocked
• Only a few programs have Internet access
• Windows Firewall Control is the only program that allowed to change the Firewall rules

Spoiler: Backup and Restore

- I prefer redundant backup, so this way the chance to lose my data is extremely small

System Backup

• I can restore the whole system within 5 minutes with Macrium Reflect
• The image file is uploaded to the cloud too

Online Backup

• MEGA (paid): sensitive files are encrypted with 7zip.
• Non-sensitive files are not encrypted.
• Mobile and PC sync.
• OneDrive free

Offline backup

• 2 different SSD and 1 USB drive
• Sensitive files are unencrypted but the whole partition/drive/usb is protected by Bitlocker

Passwords

• Bitwarden online password manager (browser extension)
• My passwords have 2 backup. Physical and digital. The digital one is protected with cascade encryption and uploaded to the cloud.

Spoiler: Privacy

• I do not think the real privacy is achievable , so I don't really care. I am not a criminal and I focus on security instead of paying for placebo services. I protect my whole life from cyber stalkers.
• VPN because I use sometimes open WIFI and I don't like my ISP.
• I do not share any info or photos on the social networks anymore. I use a lookalike photo!

 

[Deletedmessiah]

Are you using WFC over Eset Firewall because of simplicity? Personally I'd take Eset anyday, really great firewall albeit could be easier.
Are you using ReHIPS free(demo) or paid?
Overall very good config. Thanks for sharing!

 

[n0k0m3]

Either SecureAPlus or REHIPS, you don't need both

Instead of WFC try to config ESET in training mode with safe browsing behavior for 2 weeks then swap back to interactive mode. IMO properly configured ESET is better than Windows Firewall alone

Also you atm you can disable ESET HIPS as well

 

[Thales]

I use WFC because ESET firewall gives me annoying pop ups very often (when I think the Windows make updates).
ReHIPS free for now. I will definitely buy it later.

I will try to config ESET Firewall. Thank you.

 

[Prorootect]

Add some extensions/add-ons:

Privacy Defense (both)
BehindTheOverlay (both)
Redirect Control (FF)
BitBlock (FF)
Restart (FF)
Alert Control (Chrome)
Dark Background and Light Text (FF)
High Contrast (Chrome, tick Increased Contrast...)
... and I use
Disable WebRTC (FF)
Modal Remover (Chrome)

 

[Deletedmessiah]

Forgot a thing, you can use Winja as on demand scanner. The best virustotal scanner out there.

 

[MeltdownEnemy]

Either SecureAPlus or REHIPS, you don't need both

Instead of WFC try to config ESET in training mode with safe browsing behavior for 2 weeks then swap back to interactive mode. IMO properly configured ESET is better than Windows Firewall alone

Also you atm you can disable ESET HIPS as well

IMO, ATM, TUK, TAK, PIK, PAK, (FF) I.D.O.N.T....K.N.O.W.N...W.H.A.T...Y.O.U..S.A.Y about of your initials. Lol what meaning is that? The websites should to learn to be humble and avoid this.

 

[JM Safe]

Good config.

Thanks for sharing.

 

[DeepWeb]

You can disable WebRTC in uBlock Origin. It works. Secure setup.

 

[Thales]

You can disable WebRTC in uBlock Origin. It works. Secure setup.

Thank you. It Works!

 

[Thales]

- Removed everything unnecessary to assure my PC stays fast and efficient. No need sanboxie, noscript, ReHips, SecureAplus and similar stuff.
- NoVirusThanks sysHardener is important part of my system. Also only a few programs have access to the Web.
- No need anything else just my AV (Eset) and Voodooshield.

If everything goes wrong (this has very little chance) I can restore my Pc completely within minutes.

 

[Thales]

Removed
- Eset
- SysHardener

NEW
- OsArmor
- FortiClient

Switched to portable Apps to make my Os even lighter. I do not like unnecessary services!

About SUA
Unfortunatelly I can't use SUA because Microsoft messed up the last updates and the start menu or anything else connected to the start menu (notifications, search, wifi clock etc) don't work anymore. My admin account is old but updated, so it works however if I make a new SUA account it won't work properly.
Maybe later I will wipe everything and make a fresh install but right now I don't have patient to do that.

Like always any feedback would be appreciated!

 

[Moonhorse]

Eset > forticlient

would use fortinet myself too, but the webfilter just destroys my ping

 

[Thales]

still have my ESET license. It also light and efficient and I'm using it on my mobile device for a good reason.
I wanna see how my system responds. For example opening the FortiClient window (console) is very slow compared to the ESET.
Need more test but we will see

 

[Thales]

Now it's time to test "Amanda" Experimental build I.

Most important changes:
- Only a few programs installed
- Everything else is portable and up to date
- Most useless windows features are uninstalled
- SUA works but still have the start menu problem. Whatever, I know how to handle the system without it. at least for now...

What to do in this build:
- Tweak the system to use less memory and turn off some useless services
- Wait for Microsoft to fix the Start Menu issue

Spoiler: This is how she looks

Spoiler: Firewall Rules

 

[Moonhorse]

Dont you notice any ping issues with forticlient? It filters throught their own proxy and you cant even conf it, decreasin network speed

 

[Thales]

Yes I did. I still don't know if it is really the forticlient or something else.
Sometimes everything is fine but sometimes I can't do anything that requires Internet access.

 

[Moonhorse]

Yes I did. I still don't know if it is really the forticlient or something else.

Just disable web filtering for while and you see. It really does affect only browser not like in games or anything else, but i just find it annoying even you cant see any delay while browsing web

If you care about web filtering, you should try k9 and disable forticlients own

Or just go with eset + k9

 

[Thales]

Done. Thanks for the idea
I will test the system with and without it. Just need to find a ping logger software.

 

[Thales]

Now after a lot of work and test I have a new Experimental build (No2). It works like charm, super FAST and LIGHT and also secure.
I fixed a lot of problems and reverted some changes that didn't work. I still need to fix and improve some major and minor features but the system is ready to use as it is. The codename is "Amanda" and she looks gorgeous. I wish I could show the log-in screen too!
Here is the complete change list.

"Amanda" Experimental build 1

Spoiler: Main features and tweaks

Performance
- Uninstalled some windows features (IE, xboxlive, OneNote, games, etc.)
- Nvidia control panel is tweaked and game ready
- Windows Defender is disabled
- Most of my apps are portable
- The system can be restored completely within 4-5 min

Security
- Basic security tweaks (autoplay disabled, smartscreen, UAC max etc.)
- Installed security software: FortiClient + OSArmor + Voodooshield
- Firewall: Inbound and outbound connections that do not match the rule are blocked
- Only a few programs have Internet access
- On-demand scanner: Hitman pro

Problems to improve and fix (2Dos)
* Untouched, default inbound connections
* SUA is not working properly. The start menu works only with the admin account
* Using the admin account is not safe even if I know what I'm doing
* The system is not lightweight enough
* Portable qBittorrent is very very sloooooooowwwwwww
* High latency problem

Spoiler: How she looks

"Amanda" Experimental build 2

Spoiler: Main features and tweaks

Performance
- Uninstalled some windows features (IE, xboxlive, onenote, games, etrc.)
- Nvidia control panel is tweaked and game ready
- Most of my apps are portable
- The system can be restored completely within 4-5 min
- Black Viper’s Windows 10 Service Configurations

Security
- Basic security tweaks (autoplay disabled, smartscreen, UAC max etc.)
- Security software: Windows Defender + OSArmor + Voodooshield
- Firewall: Inbound and outbound connections that do not match the rule are blocked
- Only a few programs have Internet access
- Inbound connection is extremely limited (system update only)
- On-demand scanner: Hitman pro + Norton Power Eraser
- Windows Firewall Control (the only program that allowed to change the Firewall rules)
- SRP installed and works properly

SUM Fixes and important changes
- THE SYSTEM NOW IS SUPER LIGHTWEIGHT AND FAST
- FortiClient replaced with the Built-In Windows Defender
- SUA works properly and I use it
- Revo Uninstaller portable (Geek Uninstaller portable deleted)
- Using Black Viper’s Windows 10 Service Configurations
- Another on-Demand scanner: Norton power Eraser portable
- Latency problem fixed
- Installed qBittorrent and deleted the portable version

Problems to improve and fix (2Dos)
* Need to test the portable VPN client to avoid connection drops
* OSArmor GUI doesn't start (This is just the GUI, the tweaks are still work)
* More light system and security tweaks

Spoiler: How she looks

Spoiler: FireWall Rules

Spoiler: Performance