SECURE [STAFF] Umbra Lockdown Security 2017 (3 systems)

Discussion in 'PC Security Configuration' started by Umbra, Feb 14, 2017.

Tags:
  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #1 Umbra, Feb 14, 2017
    Last edited: Dec 8, 2017
    Most recent changes:
    17-10-2017
    Operating System:
    • Windows 10
    OS Edition:
    Home
    OS Build:
    16299.19 (Fall Update)
    OS Architecture:
    64-bit
    User Access Control:
    Always Notfiy
    Firewall:
    Windows Firewall
    OS Security Updates:
    Automatic Updates
    OS File Reputation:
    • SmartScreen for Windows 10
    Type of User Account:
    Microsoft Account
    Recent Malware Attacks:
    No
    Testing AV's with Malware Samples:
    No
    Real-time Malware Protection:
    - Emsisoft Anti-Malware
    - ReHIPS
    - Sandboxie (Paid)
    - Appguard Beta
    On-demand Scanners:
    - Emsisoft Emergency Kit | Zemana AM (free) | Windows Defender
    Security Product Settings:
    Custom
    Browsers and Extensions:
    - Chrome (in ReHIPS) : Adguard extension (integration mode) | Lastpass | Netcraft | HTTPS Everywhere
    - FireFox / TorBrowser (in Sandboxie): Adguard extension (integration mode) | Lastpass | Netcraft | HTTPS Everywhere
    Preferred Search Engine:
    Google
    Password Manager:
    Lastpass | Keepass
    Content Blocker (Ads, Scripts, Trackers):
    Adguard for Desktop
    Frequently used System Utilities:
    - Covert Pro (on USB)
    - Veracrypt (Portable)
    - Gpg4Win
    - DnsCrypt (via Simple DnScrypt )
    - SoftEther VPN (based on VPNgate)
    - Ccleaner (Portable)
    - Wise Disk Cleaner (Portable)
    Frequency of Data Backups:
    Daily Backups
    Data Backup Software:
    Cloud Storage (Mega | Dropbox)
    Frequency of System Image Backups:
    Manual / On-demand Backups
    System Image Backup Software:
    Windows Built-in
    ----------------------------------------------------------------------
    Account Type: Standard User Account |
    UAC: Max (Always Notify ) and ask Password |
    SmartScreen: Max (require admin approval) |
    ----------------------------------------------------------------------
    Main AntiVirus/Anti-Malware/Suite

    Local + Cloud : Emsisoft Anti- Malware (EAM)
    Cloud: /
    ----------------------------------------------------------------------
    Companion AntiVirus/Anti-Malware

    Local + Cloud : /
    Cloud: /
    ----------------------------------------------------------------------
    Intrusion Prevention Systems

    HIPS: /
    Behavior Blocker: EAM
    Application Control: ReHIPS
    Anti-Executable: /
    Software Restriction Policy: Appguard (AG) on Lockdown Mode and Hardened.
    ----------------------------------------------------------------------
    Virtualization & Isolation

    System-Wide: /
    Restriction-based Sandbox:
    ReHIPS
    Full Isolation Sandbox: /
    Browser-only Sandboxing: /
    Virtual Machine: Virtual Box
    Virtual Desktop: CFW
    ----------------------------------------------------------------------
    Firewall & Networking

    Firewall: Comodo Firewall (CFW) with Umbra's paranoid Settings
    Intrusion Detection System: /
    Packet Inspection: /
    Protocol Filter: /
    Certificate checker: /
    Network Protection: /
    DNS Protection:
    Simple DNScrypt
    Backdoor Prevention: /
    Anti-MITM:
    SSL-Eye
    ----------------------------------------------------------------------
    System Reinforcement

    Anti-Exploit: Windows' Exploit Guard
    Anti-PUP: EAM |
    Anti-Spyware: EAM |
    Anti-Rootkit: EAM |
    Removable Media/USB Protection:
    EAM | AG
    Apps Hardening : /
    Process Hardening: /
    System Encryption: /
    Docs/File/Folders Protection: SecureFolders
    File Reputation: EAM |
    Registry Protection: EAM
    Autorun Protection: EAM
    Keystroke Encryption:
    Banking/Shopping protection: /
    Anti-keylogger:
    EAM
    Alternate Data Streams Scanner: NVT Stream Detector
    Infection Rollback: /
    ----------------------------------------------------------------------
    2nd Opinion Scanners (On-Demand)

    Local+ Cloud: Emsisoft Emergency Kit | Windows Defender Periodic Scanning | Zemana AM
    Cloud: none installed on the system, all in USB (see below)
    ----------------------------------------------------------------------
    Browsers Security

    Secured Browsers: /
    Security Addons: Adguard (Integration mode) | Netcraft
    Browser Protection: /
    Web Shield/URL Filter: EAM's Surf Protection
    Web Reputation: / |
    Adblocker: Adguard for Windows (AdG)
    Anti-Exploit/Script:
    /
    ----------------------------------------------------------------------
    Web Protection:

    Anti-Phishing: EAM | Adguard
    Domain/Website Manager: /
    Hosts Blocker: EAM
    Hosts File Protection: /
    DNS Checker: /
    Secured DNS: /
    DNS Traffic Encryption:
    DNSCrypt (via Simple DNsCrypt)
    ----------------------------------------------------------------------
    Privacy & Anonymity

    Anti-Windows 10 Telemetry: Shutup10
    Encrypted Container: VeraCrypt (Portable)
    File Protection: Secure Folders (Portable)
    File Encryption: Gpg4Win (Kleopatra)
    Encrypted Mailing Service: www.Protonmail.com
    Encrypted Mail Client: /
    Encrypted Messenger: /
    Encrypted File Sharing Service: /
    Password/Form Protection:
    - Lastpass (Browser addon)
    - Keepass (Portable)
    VPN: SoftEther VPN-Gate (SSL & DNSsec)
    Secure Desktop: /
    ----------------------------------------------------------------------
    3rd Party Standalone Protection

    Anti-PUP: /
    Anti-Spyware: /
    Anti-Rootkit: Combofix
    Anti-keylogger: /
    Anti-Phising: /
    Hash Checker: Hashtab
    File Reputation: /
    Registry Protection: /
    Autorun Protection: /
    Email & Antispam Protection: /
    Instant Messenger Protection: /
    P2P Protection: /
    Document Protection: /
    Removable Media/USB Protection: /
    Banking/Shopping protection: /
    Social Media Protection: /
    Anti-Theft: /
    ----------------------------------------------------------------------
    Monitoring

    System Vulnerabilities Monitor: /
    Autorun/Startup Monitor: Autorun (Portable), Comodo Autorun,
    Process Monitor: Process Hacker (portable), Process Explorer (Portable), Comodo Killswitch,
    Resources Monitoring: /
    Registry Manager: /
    Network Monitor: /
    ----------------------------------------------------------------------
    System Maintenance & Optimization

    Browser Cleaner: /
    System Cleaner:
    - Ccleaner (Portable) | Wise Disk Cleaner (portable)
    System Optimizer: /
    ----------------------------------------------------------------------
    Recovery

    Backup: Windows Backup
    Boot CDs: Acronis TI
    System Rollback: /
    ----------------------------------------------------------------------
    USB Toolbox:

    Boot CD: Strelec Boot CD made bootable via USB
    Portable OS: Mini-WinXP/Windows 7
    Scanners: Emsisoft Emergency Kit, McAffee Stinger, Malwarebytes Anti-Malware, Comodo CE, Norton PE,Kaspersky TDSSKiller, Dr Web CureIt, Gmer,
    disinfecting tools: Rkill, Combofix, Sanitycheck, etc...

    ----------------------------------------------------------------------

    ----------------------------------------------------------------------
    Account Type: Standard User Account |
    UAC: Max (Always Notify ) and ask Password |
    SmartScreen: Max (require admin approval) |
    ----------------------------------------------------------------------
    Main AntiVirus/Anti-Malware/Suite

    Local + Cloud : /
    Cloud: /
    ----------------------------------------------------------------------
    Companion AntiVirus/Anti-Malware

    Local + Cloud : /
    Cloud: /
    ----------------------------------------------------------------------
    Intrusion Prevention Systems

    HIPS: /
    Behavior Blocker: /
    Application Control:
    /
    Anti-Executable: /
    Software Restriction Policy: Appguard (AG) on Lockdown Mode and Hardened.
    ----------------------------------------------------------------------
    Virtualization & Isolation

    System-Wide: /
    Restriction-based Sandbox:
    /
    Full Isolation Sandbox: /
    Browser-only Sandboxing: /
    Virtual Machine: Virtual Box
    ----------------------------------------------------------------------
    Firewall & Networking

    Firewall: Windows Firewall +
    Intrusion Detection System: /
    Packet Inspection: /
    Protocol Filter: /
    Certificate checker: /
    Network Protection: /
    DNS Protection: /
    Backdoor Prevention: /
    Anti-MITM:
    SSL-Eye
    ----------------------------------------------------------------------
    System Reinforcement

    Anti-Exploit: Windows' Exploit Guard
    Anti-PUP: EAM |
    Anti-Spyware: EAM |
    Anti-Rootkit: EAM |
    Removable Media/USB Protection:
    /
    Apps Hardening : /
    Process Hardening: /
    System Encryption: /
    Docs/File/Folders Protection: SecureFolders
    File Reputation: /
    Registry Protection: /
    Autorun Protection: /
    Keystroke Encryption: /
    Banking/Shopping protection: /
    Anti-keylogger: /
    Alternate Data Streams Scanner: /
    Infection Rollback: /
    ----------------------------------------------------------------------
    2nd Opinion Scanners (On-Demand)

    Local+ Cloud: Emsisoft Emergency Kit (EEK) | Zemana AM
    Cloud: none installed on the system, all in USB (see below)
    ----------------------------------------------------------------------
    Browsers Security

    Secured Browsers: /
    Security Addons: Adguard (Integration mode) | HTTPS Everywhere | Netcraft
    Browser Protection: /
    Web Shield/URL Filter: /
    Web Reputation: / |
    Adblocker: Adguard for Windows (AdG)
    Anti-Exploit/Script: /
    ----------------------------------------------------------------------
    Web Protection:

    Anti-Phishing: Adguard
    Domain/Website Manager: /
    Hosts Blocker: /
    Hosts File Protection: /
    DNS Checker: /
    Secured DNS: /
    DNS Traffic Encryption:
    DNSCrypt (via Simple DNsCrypt)
    ----------------------------------------------------------------------
    Privacy & Anonymity

    Anti-Windows 10 Telemetry: Shutup10
    Encrypted Container: VeraCrypt (Portable)
    File Protection: Secure Folders (Portable)
    File Encryption: Gpg4Win (Kleopatra)
    Encrypted Mailing Service: www.Protonmail.com
    Encrypted Mail Client: /
    Encrypted Messenger: Covert Pro
    Encrypted File Sharing Service: /
    Password/Form Protection:
    - Lastpass (Browser addon)
    - Keepass (Portable)
    VPN: SoftEther VPN-Gate (SSL & DNSsec)
    Secure Desktop: /
    ----------------------------------------------------------------------
    3rd Party Standalone Protection

    Anti-PUP: /
    Anti-Spyware: /
    Anti-Rootkit: Combofix
    Anti-keylogger: /
    Anti-Phising: /
    Hash Checker: Hashtab
    File Reputation: /
    Registry Protection: /
    Autorun Protection: /
    Email & Antispam Protection: /
    Instant Messenger Protection: /
    P2P Protection: /
    Document Protection: /
    Removable Media/USB Protection: /
    Banking/Shopping protection: /
    Social Media Protection: /
    Anti-Theft: /
    ----------------------------------------------------------------------
    Monitoring

    System Vulnerabilities Monitor: /
    Autorun/Startup Monitor: Autorun (Portable)
    Process Monitor: Process Hacker (portable), Process Explorer (Portable)
    Resources Monitoring: /
    Registry Manager: /
    Network Monitor: /
    ----------------------------------------------------------------------
    System Maintenance & Optimization

    Browser Cleaner: /
    System Cleaner:
    - Ccleaner (Portable) | Wise Disk Cleaner (portable)
    System Optimizer: /
    ----------------------------------------------------------------------
    Recovery

    Backup: Windows Backup
    Boot CDs: Acronis TI
    System Rollback: /

    ------------------------------------------------------------------------

    ----------------------------------------------------------------------
    Account Type: Standard User Account |
    UAC: Max (Always Notify ) and ask Password |
    SmartScreen: Max (require admin approval) |
    ----------------------------------------------------------------------
    Main AntiVirus/Anti-Malware/Suite

    Local + Cloud : Windows Defender |
    Cloud: /
    ----------------------------------------------------------------------
    Companion AntiVirus/Anti-Malware

    Local + Cloud :
    Cloud: /
    ----------------------------------------------------------------------
    Intrusion Prevention Systems

    HIPS: /
    Behavior Blocker: /
    Application Control: /
    Anti-Executable:
    /
    Software Restriction Policy: Appguard (AG) on Lockdown Mode and Hardened.
    ----------------------------------------------------------------------
    Virtualization & Isolation

    System-Wide: /
    Restriction-based Sandbox:
    /
    Full Isolation Sandbox: Sandboxie
    Browser-only Sandboxing: /
    Virtual Machine: Virtual Box
    ----------------------------------------------------------------------
    Firewall & Networking

    Firewall: Windows Firewall + Binisoft Windows Firewall Control (WFC)
    Intrusion Detection System: /
    Packet Inspection: /
    Protocol Filter: /
    Certificate checker: /
    Network Protection: /
    DNS Protection: /
    Backdoor Prevention: /
    Anti-MITM:
    SSL-Eye
    ----------------------------------------------------------------------
    System Reinforcement

    Anti-Exploit: Windows' Exploit Guard
    Anti-PUP: WD
    Anti-Spyware: /
    Anti-Rootkit: /
    Removable Media/USB Protection:
    AG
    Apps Hardening : /
    Process Hardening: /
    System Encryption: /
    Docs/File/Folders Protection: SecureFolders
    File Reputation: /
    Registry Protection: /
    Autorun Protection:
    /
    Keystroke Encryption: /
    Banking/Shopping protection: /
    Anti-keylogger: /
    Alternate Data Streams Scanner: NVT Stream Detector
    Infection Rollback: /
    ----------------------------------------------------------------------
    2nd Opinion Scanners (On-Demand)

    Local+ Cloud: Emsisoft Emergency Kit (EEK) | Zemana AM
    Cloud: none installed on the system, all in USB (see below)
    ----------------------------------------------------------------------
    Browsers Security

    Secured Browsers: /
    Security Addons: Adguard (Integration mode) | Netcraft
    Browser Protection: /
    Web Shield/URL Filter: /
    Web Reputation: /
    Adblocker: Adguard for Windows (AdG)
    Anti-Exploit/Script: /
    ----------------------------------------------------------------------
    Web Protection:

    Anti-Phishing: Adguard
    Domain/Website Manager: /
    Hosts Blocker: EAM
    Hosts File Protection: /
    DNS Checker: /
    Secured DNS: /
    DNS Traffic Encryption:
    DNSCrypt (via Simple DNsCrypt)
    ----------------------------------------------------------------------
    Privacy & Anonymity

    Anti-Windows 10 Telemetry: Shutup10
    Encrypted Container: VeraCrypt (Portable)
    File Protection: Secure Folders (Portable)
    File Encryption: Gpg4Win (Kleopatra)
    Encrypted Mailing Service: www.Protonmail.com
    Encrypted Mail Client: /
    Encrypted Messenger: Covert Pro
    Encrypted File Sharing Service: /
    Password/Form Protection:
    - Lastpass (Browser addon)
    - Keepass (Portable)
    VPN: SoftEther VPN-Gate (SSL & DNSsec)
    Secure Desktop: /
    ----------------------------------------------------------------------
    3rd Party Standalone Protection

    Anti-PUP: /
    Anti-Spyware: /
    Anti-Rootkit: Combofix
    Anti-keylogger: /
    Anti-Phising: /
    Hash Checker: Hashtab
    File Reputation: /
    Registry Protection: /
    Autorun Protection: /
    Email & Antispam Protection: /
    Instant Messenger Protection: /
    P2P Protection: /
    Document Protection: /
    Removable Media/USB Protection: /
    Banking/Shopping protection: /
    Social Media Protection: /
    Anti-Theft: /
    ----------------------------------------------------------------------
    Monitoring

    System Vulnerabilities Monitor: /
    Autorun/Startup Monitor: Autorun (Portable)
    Process Monitor: Process Hacker (portable), Process Explorer (Portable)
    Resources Monitoring: /
    Registry Manager: /
    Network Monitor: /
    ----------------------------------------------------------------------
    System Maintenance & Optimization

    Browser Cleaner: /
    System Cleaner:
    - Ccleaner (Portable) | Wise Disk Cleaner (portable)
    System Optimizer: /
    ----------------------------------------------------------------------
    Recovery

    Backup: Windows Backup
    Boot CDs: Acronis TI
    System Rollback: /

    ----------------------------------------------------------------------



    ----------------------------------------------------------------------------------------

    All my security softwares are selected specifically to run together without conflict, i set them for maximum compatibility/protection with the lowest resources usage possible.


    This kind of configuration is not suited for beginners, many settings and tweaks are dangerous and have been perfected after years of training to make it fully functional and system-safe.

    "Stay Safe, Don't try this "
    ----------------------------------------------------------------------------------------

    This is my 2017 thread.

    2016 thread here : Umbra's Lockdown Security 2016

    This year my config will focus mostly on virtualization & antiexecutables. lot of softs in those fields are coming.
     
    Nevi, TerrakionSmash, davisd and 27 others like this.
  2. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    It works perfectly.
     
    BearHug, lobo001, SHvFl and 1 other person like this.
  3. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,256
    24,184
    Yash Khan, JM Security and SHvFl like this.
  4. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,392
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    When you add the exception for rehips in appguard. Don't remember which are those but you can confirm. We have them in a topic over at rehips forum.
     
    Yash Khan likes this.
  5. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,957
    SecureMyBit Developer
    Unknown
    I have nothing to add here, congrats! You are protected.

    Thanks for sharing.
     
    MalwareTracker, Yash Khan and SHvFl like this.
  6. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,527
    Utopia
    Umbra, what does netcraft do for you?
     
    Yash Khan and SHvFl like this.
  7. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,957
    SecureMyBit Developer
    Unknown
    Netcraft is an extension which allows to gather info about the websites you visit and it gives protection against phishing sites.
     
  8. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,527
    Utopia
    there is some overlap, but ReHIPS is mainly about sandboxing (isolating) vulnerable applications, while AppGuard is mainly about system-wide software restriction policies.
    The combination of the two creates the ultimate lockdown config.
     
    Yash Khan, BugCode and SHvFl like this.
  9. sudo -i

    sudo -i Level 4

    Jan 17, 2017
    154
    486
    $
    @Umbra Ignoring ReHIPS being in beta, if you had to choose between uninstalling ReHIPS and Appguard (as a consumer), which would you uninstall?
     
    Yash Khan, SHvFl and shmu26 like this.
  10. DJ Panda

    DJ Panda Level 29

    Aug 30, 2015
    1,811
    8,661
    Madison, Wisconsin
    Windows 10
    Emsisoft
    Looks really good Umbra! Though your specialty was security configs. ;) I have heard many positive and negative reviews on MEGA with shady business owning or something. Do you think its a good service?
     
    Yash Khan and SHvFl like this.
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #11 Umbra, Feb 14, 2017
    Last edited: Feb 15, 2017
    No, they don't do the same thing at all.

    1- ReHIPS gives me an high level sandbox without any kernel hooks, coupled to an Application Control module. However because things are strictly isolated via Windows mechanisms , it doesn't need memory protection at the moment.
    2- Appguard is a SRP apps (software policy restriction), it block by default everything not whitelisted by the user legit or not. However it has memory protection.

    I chose both those apps, because none use kernel hooks (like other apps) which make the system more vulnerable.

    so both complement each other and i have almost unbreakable protection.

    HIPSagent64.exe, HIPSgui64.exe and HIPSservice64.exe in AG Power Apps.

    Anti-phishing and sites security checking.

    Yes but i rather test by myself than listen people; at the moment it didn't failed me , and it is the only one free cloud storage that give decent security. Anyway i don't upload sensitive files and if i do , i encrypt them first.

    I won't :p

    More seriously , at the moment i will keep AG , but when ReHIPS will be stable, it will be my main protection (on this machine) because i always looked for a replacement of Geswall , and ReHIPS fit the position admirably.

    but remember , my real protection is Windwos Native security (SUA + UAC max + Smartscreen max + WD + WF) enhanced with some registry tweaks. all my machines use it. some don't even have 3rd party security softs.[/QUOTE]
     
  12. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Setup updated with categories , and put under a spolier :)
     
    Yash Khan and SHvFl like this.
  13. reboot

    reboot Level 3

    Jan 27, 2017
    143
    402
    Marketing consultant
    Australia
    Windows 10
    Default-Deny
    Are you still using Covert Pro in your 2017 config? I ask because some of the software in the spoiler seems to be different to what you are currently using.
     
  14. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    i use the USB version when i need to login from another computer.
     
    Yash Khan and SHvFl like this.
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    im sure some people will ask why i add HMPA on the top of REHIPS & Appguard because both make my system quite solid against exploits.
    Basically HMP gives me 2-3 tools i quite like : webcam notifier and keystroke encryption among other things.
     
  16. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,527
    Utopia
    what is your opinion of their dll highjack mitigation?
     
    Yash Khan and SHvFl like this.
  17. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #17 Umbra, Feb 15, 2017
    Last edited: Feb 15, 2017
    @shmu26 not very useful on this system for the moment, Hollow Processing should be blocked by AG or ReHIPS
     
  18. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,641
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Removed the second machine from the thread because it just uses Windows native security and Appguard :)
     
    Yash Khan, SHvFl and Evjl's Rain like this.
  19. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,341
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    Thanks for sharing :)
    Well, this configuration is born to be malware-free in my humble opinion! ;)
     
    Yash Khan, SHvFl and Umbra like this.
  20. aragornnnn

    aragornnnn Level 11

    Aug 18, 2016
    524
    6,236
    Warehouse Employee @ Nike ELC Belgium
    Belgium
    Windows 10
    Kaspersky
    Very good config, i feel bad for those malwares trying to break those layers :D
     
Loading...
Similar Threads Forum Date
Umbra's Lockdown Security 2016 SCW Archive Dec 23, 2013
System Specs Umbra's Lenovo Yoga 520i Showcase Hardware Dec 6, 2017
Poll Umbra's Poll Series : Anti-Exploit General Security Discussions Jul 15, 2017