Latest Changes
Oct 10, 2019
Operating System
  • Windows 10
  • Windows Edition
    Enterprise
    Version or Build no.
    1903
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Standard
    Sign-in Accounts
    Microsoft (@outlook.com)
    Sign-in Options
  • Password
  • Windows Hello PIN (recommended)
  • Windows Hello Fingerprint
  • Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    -----------------------------------------------------------------------------------------------------------------------
    - Windows 10 Enterprise custom built-in Security.
    - AppGuard Solo v6.
    -----------------------------------------------------------------------------------------------------------------------
    RTP - Custom security settings
  • Major changes for Increased security
  • RTP - Details of Custom security settings
    -------------------------------------------------------------------------------------------------------------------
    AppGuard is heavily tweaked with:
    - most LOLbins added to User-Space.
    - internet-facing/vulnerable apps added to Guarded Apps.
    - non-system partitions protected
    -------------------------------------------------------------------------------------------------------------------
    OS is heavily tweaked via various options available in Group Policy or via Regedit tricks, plus:
    - Windows Defender (Customized for high security)
    - Windows Firewall (Customized, all outbound connections blocked on all profiles, allow rules manually made on the fly)
    - SRP (on Basic User mode, All files/users/certificate enforced)
    - Applocker (Customized, all 4 categories Enforced )
    - Bitlocker (datas partitions locked)
    - ApplicationGuard/DeviceGuard/ExploitGuard/Core Isolation/Protected Folders (All enabled and customized).
    Virus and Malware Removal Tools
    ---------------------------------------------------------
    Emsisoft Emergency Kit
    Hitman Pro (registered)
    Browsers and Extensions
    ----------------------------------------------------------------------------------------------------------------------
    - Chrome/"Chrom-Edge" (Customized via various flags) using Netcraft, Malwarebytes BG.
    - MSedge under Application Guard sandboxing with Netcraft, Malwarebytes BG.
    Privacy-focused Apps and Extensions
    ----------------------------------------------------------------------
    -- Adguard For Desktop (customized)
    - Mullvad VPN (dual-hop)
    ----------------------------------------------------------------------
    Password Managers
  • Bitwarden (with 2FA)
  • Web Search
  • Google
  • System Utilities
    -----------------------------------------------------------------------------------------------
    Portable Tools:
    Cleaners:
    Ccleaner, Wisedisk Cleaner.
    Monitors: Process Hacker, Autoruns, Process Explorer.
    Privacy: O&O shutup10.
    Network: TCPview, WIfiGuard.
    Hardware: HWinfo64.
    Data Backup
    --------------------------------
    Cloud Services
    - Mega
    - Sync.com
    - OneDrive
    ----------------------------------
    Frequency of Data backups
    Always-on Sync
    System Backup
    ------------------------------------------------------------
    - Macrium Reflect (Registered)
    - Windows7 Backup & Restore.
    -------------------------------------------------------------
    Frequency of System backups
    Regularly
    Computer Activity
  • Browsing web and email
  • Download files from different sources
  • Office and work related tasks
  • Computer Specifications
    ----------------------------------------------------------------------------------------------------------
    Acer F5-571G: i5-7200U, 8gb RAM, 128gb SSD + 1TB HDD.
    Lenovo Yoga 520: i5- 8250U, 8gb RAM, 256gb SSD + 1TB HDD.
    Asus R900VB: i5-3230M; 6gb RAM; 1TB HDD.
    ------------------------------------------------------------------------------------------------------------

    Umbra

    Level 3
    Verified
    This setup is identical on all my computers, my systems are static and locked (no fancy softs turn-over, and those im using are checked to be malware-free before being used).
    i don't use any 3rd party security apps, never really needed them, wont need them, wont miss them (except for some occasional testing).
    Only soft deserving being on my systems is Appguard Enterprise or eventually AG Solo (latest version only).

    My system is heavily tweaked to fit my needs and obviously out of reach of common users.

    I also use Linux MX on another machine.
     
    Last edited:

    notabot

    Level 11
    This setup is identical on all my computers, my systems are static and locked (no fancy softs turn-over, and those im using are checked to be malware-free before being used).
    i don't use any 3rd party security apps, never really needed them, wont need them, wont miss them (except for some occasional testing).
    Only soft deserving being on my systems is Appguard Enterprise or eventually AG Solo (latest version only).

    My system is heavily tweaked to fit my needs and obviously out of reach of common users.

    I also use Linux MX on another machine.
    How do you deploy it to all your computers? do you pay for intune or you go through the process for each of your computers?
     
    Why use AppGuard when you have AppLocker?

    With allow rules on folder with specific user(group) and deny rules on same folders with exception on certain trusted vendor signatures you can make AppLocker as easy and granular as you wish.

    As far as I know (and experienced) AppLocker rules always prevail over SRP.. Would you be so kind to post the rules? The gaming desktop I gave to my brother has Windows 10 enterprise and I am curious how you managed to use them both.
     
    • Like
    Reactions: Nevi and Dave Russo
    9

    93803123

    As far as I know (and experienced) AppLocker rules always prevail over SRP.
    AppLocker is the application control portion of Microsoft's Windows software restriction policy. In short, Applocker is SRP. And it does not prevail over SRP because it is SRP.

    • AppGuard is easier to implement than AppLocker.
    • AppGuard is self-contained; it does not have a dependency upon other modules.
    • Without the rest of the enterprise Windows security stack, AppLocker provides an incomplete protection.
    • Just using Windows 10 Enterprise alone does not provide complete enterprise-grade protection.
     

    Umbra

    Level 3
    Verified
    Why use AppGuard when you have AppLocker?
    testing the latest version, Solo isn't my favorite, the Enterprise version is, but i cant setup a server right now.

    With allow rules on folder with specific user(group) and deny rules on same folders with exception on certain trusted vendor signatures you can make AppLocker as easy and granular as you wish.
    Also some explanation about AppGuard need to be done since i read here lot of wrong statement about it:
    1- AG function with the simple principle of "User-Space" (Users profiles, etc...) and "System Space" (program Files folders, Windows Folders), everything not in System-Space is blocked whatever it is. Also the user can add System-Space item to user-Space.
    Basically AG it is more user-friendly than Applocker.
    2- AG set files/folders access restrictions and introduce memory containment called "Guarded Apps", so one Guarded process (guarded means restricted) cant read/modify the memory space of another process. Unique feature which Applocker lacks, the only one similar would be the newly introduced Bit Defender's memory sandbox thingy.
    3- in v6 , Lsass.exe memory space is totally protected and prevent kernel exploits like Eternal Blue/Doublepulsar to abuse it.

    Would you be so kind to post the rules?
    sorry i wont share the details of my settings, not my style to show where i put the hidden CCTVs of my home :p
    But to give you the big lines, my installed or portable programs are whitelisted with certificates or path rules, the rest and everything on non-system partitions are blocked.
     
    AppLocker is the application control portion of Microsoft's Windows software restriction policy. In short, Applocker is SRP. And it does not prevail over SRP

    When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
     
    Last edited:
    9

    93803123

    When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
    I'm not sure what you are referring to, but like I said, AppLocker policies are SRP policies in Windows. Even Microsoft says it in their official documentation.
     

    ticklemefeet

    Level 22
    Verified
    Here is how I have Appguard setup version 4.

    All these are set in userspace = yes.
    c:\Windows\*\bitsadmin.exe
    c:\Windows\*\powershell.exe
    c:\Windows\*\powershell_ise.exe
    c:\Windows\*\wscript.exe
    c:\Windows\*\cscript.exe
    c:\Windows\*\mshta.exe
    c:\Windows\*\hh.exe
    c:\Windows\*\wmic.exe
    c:\Windows\*\scrcons.exe

    Then I have powershell unticked in guarded apps.
     
    9

    93803123

    Mullvad is top notch VPN, the only one that I consider superior is IVPN but twice the price, so I will wait Black Friday lol.
    I am thinking Mullvad Wireguard servers using the Wireguard client is pretty awesome. So much less hassle than the Mullvad client.

    I think Mullvad and IVPN are both equal PITAs when it comes to support.
     
    • Like
    Reactions: Nevi