Latest Changes
Oct 10, 2019
Operating System
  • Windows 10
  • Windows Edition
    Enterprise
    Version or Build no.
    1903
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Standard
    Sign-in Accounts
    Microsoft (@outlook.com)
    Sign-in Options
  • Password
  • Windows Hello PIN (recommended)
  • Windows Hello Fingerprint
  • Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    -----------------------------------------------------------------------------------------------------------------------
    - All Pcs: Windows 10 Enterprise custom built-in Security.
    - PC1: AppGuard Solo v6.
    - PC2: ReHIPS
    -----------------------------------------------------------------------------------------------------------------------
    RTP - Custom security settings
  • Major changes for Increased security
  • RTP - Details of Custom security settings
    -------------------------------------------------------------------------------------------------------------------
    AppGuard is heavily tweaked with:
    - most LOLbins added to User-Space.
    - internet-facing/vulnerable apps added to Guarded Apps.
    - non-system partitions protected
    -------------------------------------------------------------------------------------------------------------------
    ReHIPS is heavily tweaked:
    - Expert Mode + Lockdown Mode
    - Most LOLbins are blocked.
    - Internet-facing/vulnerable apps run sandboxed.
    ------------------------------------------------------------------------------------------------------------------
    OS is heavily tweaked via various options available in Group Policy or via Regedit tricks, plus:
    - Windows Defender (Customized for high security)
    - Windows Firewall (Customized, all outbound connections blocked on all profiles, allow rules manually made on the fly)
    - SRP (on Disallow mode, All files/users/certificate enforced)
    - Applocker (Customized, all 4 categories Enforced )
    - Bitlocker (datas partitions locked)
    - ApplicationGuard/DeviceGuard/ExploitGuard/Core Isolation/Protected Folders (All enabled and customized).
    Virus and Malware Removal Tools
    ---------------------------------------------------------
    Emsisoft Emergency Kit
    Hitman Pro (registered)
    Browsers and Extensions
    ----------------------------------------------------------------------------------------------------------------------
    - Chrome/"Chrom-Edge" (Customized via various flags) using Netcraft, Malwarebytes BG.
    - MSedge under Application Guard sandboxing with Netcraft, Malwarebytes BG.
    Privacy-focused Apps and Extensions
    ----------------------------------------------------------------------
    -- Adguard For Desktop (customized)
    - Mullvad VPN (dual-hop)
    ----------------------------------------------------------------------
    Password Managers
  • Bitwarden (with 2FA)
  • Web Search
  • Google
  • System Utilities
    -----------------------------------------------------------------------------------------------
    Portable Tools:
    Cleaners:
    Ccleaner, Wisedisk Cleaner.
    Monitors: Process Hacker, Autoruns, Process Explorer.
    Privacy: O&O shutup10.
    Network: TCPview, WIfiGuard.
    Hardware: HWinfo64.
    Data Backup
    --------------------------------
    Cloud Services
    - Mega
    - Sync.com
    - OneDrive
    ----------------------------------
    Frequency of Data backups
    Always-on Sync
    System Backup
    ------------------------------------------------------------
    - Macrium Reflect (Registered)
    - Windows7 Backup & Restore.
    -------------------------------------------------------------
    Frequency of System backups
    Regularly
    Computer Activity
  • Browsing web and email
  • Download files from different sources
  • Office and work related tasks
  • Computer Specifications
    ----------------------------------------------------------------------------------------------------------
    Acer F5-571G: i5-7200U, 8gb RAM, 128gb SSD + 1TB HDD.
    Lenovo Yoga 520: i5- 8250U, 8gb RAM, 256gb SSD + 1TB HDD.
    Asus R900VB: i5-3230M; 6gb RAM; 1TB HDD.
    ------------------------------------------------------------------------------------------------------------
    Not in my recent experience on Win10ent.
    Then you must be doing something magical, because my experience is different (but then I have way less experience than you, I only did IT-security as a minor in my study). Let's agree that a PC protected by AppLocker and AppGuard and Windows Defender configured on HIGH is hard, probably impossible to be intruded by any malware what so ever.

    I'm not sure what you are referring to, but like I said, AppLocker policies are SRP policies in Windows. Even Microsoft says it in their official documentation.
    It is a quote from the official Microsoft documentation I added in my response. A picture tells more than a thousand words (as we say in Dutch), so . . .(picture taken from from the same official Microsoft documentation link: Use Software Restriction Policies and AppLocker policies (Windows 10))

    1570694941372.png
     
    Last edited:
    9

    93803123

    Then you must be doing something magical, because my experience is different (but then I have way less experience, I only did IT-security as a minor in my study)



    It is a quote from the official Microsoft documentation I added in my response. A picture tells more than a thousand words (as we say in Dutch), so . . .(picture taken from from the same official Microsoft documentation link: Use Software Restriction Policies and AppLocker policies (Windows 10))

    View attachment 227206
    I see what you mean, but in that very same document Microsoft says that AppLocker is SRP. It looks to me like the wording in that sentence was done poorly. They probably meant that AppLocker supersedes Group Policy.
     
    I see what you mean, but in that very same document Microsoft says that AppLocker is SRP. It looks to me like the wording in that sentence was done poorly. They probably meant that AppLocker supersedes Group Policy.
    Well English is not my first language, so I always have to read twice to understand any Microsoft Documentation (y);)
     
    9

    93803123

    Well English is not my first language, so I always have to read twice to understand any Microsoft Documentation (y);)
    Believe me it isn't you nor I. When dealing with Microsoft documentation you never know what you're gonna get.
     
    • Like
    Reactions: Umbra

    motox781

    Level 9
    Verified
    I am thinking Mullvad Wireguard servers using the Wireguard client is pretty awesome. So much less hassle than the Mullvad client.

    I think Mullvad and IVPN are both equal PITAs when it comes to support.
    I may try Wireguard with Mullvad on Windows, but currently the app for Mullvad is working pretty well. I wonder if Wireguard is even worth trying?
     
    • Like
    Reactions: harlan4096

    motox781

    Level 9
    Verified
    Didn't mean to go off subject, but since Mullvad is still a little fresh on this thread...I find this confusing. I set up a Mullvad connection via Wireguard. Downloaded through the link on Mullvad's site. Setup everything per the guide on Mullvad. Rebooted computer, started Wireguard and recieved this blocked message via Kaspersky.
     

    Attachments

    Umbra

    Level 11
    Verified
    Then you must be doing something magical, because my experience is different (but then I have way less experience than you, I only did IT-security as a minor in my study).
    I don't think i did something special, just enabled everything.

    Let's agree that a PC protected by AppLocker and AppGuard and Windows Defender configured on HIGH is hard, probably impossible to be intruded by any malware what so ever.
    i hope so :D

    It is a quote from the official Microsoft documentation I added in my response. A picture tells more than a thousand words (as we say in Dutch), so . . .(picture taken from from the same official Microsoft documentation link: Use Software Restriction Policies and AppLocker policies (Windows 10))

    View attachment 227206
    They probably meant that Applocker policies comes first then SRP ones.
    for example, Applocker has WD whitelisted but SRP blocks it to even show up in Security Center until i manually whitelist WD's folders in SRP.


    Replaced:

    Chrome/Chrom-Edge extensions:
    Emsisoft Browser Security by Malwarebytes Browser Guard
     
    Last edited:

    DJ Panda

    Level 29
    Verified
    Glad to see you back Umbra! I'd assume if I wanted to be cheap I could use UBlock over Adguard. (Even if it doesn't block stuff other than browsers?)
     
    • Thanks
    Reactions: Umbra

    ebocious

    Level 4
    This setup is identical on all my computers, my systems are static and locked (no fancy softs turn-over, and those im using are checked to be malware-free before being used).
    i don't use any 3rd party security apps, never really needed them, wont need them, wont miss them (except for some occasional testing).
    Only soft deserving being on my systems is Appguard Enterprise or eventually AG Solo (latest version only).

    My system is heavily tweaked to fit my needs and obviously out of reach of common users.

    I also use Linux MX on another machine.
    I knew before I clicked the link for Umbra's Lockdown Security that I was in for a treat. Magnificent!
     

    Umbra

    Level 11
    Verified
    Netcraft and Emsisoft Browser Security and Malwarebytes Browser Guard, any conflict?
    i removed Emsisoft extension.
    Glad to see you back Umbra! I'd assume if I wanted to be cheap I could use UBlock over Adguard. (Even if it doesn't block stuff other than browsers?)
    ublock is good, just i have lifetime licenses for Adguard For Windows so i use it instead. however, I still use Ublock on Linux.
     

    Andy Ful

    Level 49
    Verified
    Trusted
    Content Creator
    AppLocker advances the app control features and functionality of SRP.
    SRP and AppLocker policies function differently, they should not be implemented in the same GPO, except when used with caution.
    Both SRP and Applocker use the same Safer APIs, but both are seen as different security solutions by Windows OS.
    SRP and Applocker actions are logged under different Event Ids.
    SRP can be configured without Group Policy Object, but not Applocker.
    SRP has some features not available in Applocker, and vice versa.

    Applocker settings do not overwrite SRP settings.
    Applocker policies can supersede the policies generated by SRP in the GPO.
     
    Last edited:

    Umbra

    Level 11
    Verified
    So both PCs are under Windows 10 Enterprise built-in security (GPO, SRP, Applocker, etc...)
    PC1 (Lenovo) is under Appguard Solo v6.
    PC2 (Acer) is protected by ReHIPS.

    Using those 2 software is more about toying and testing than a real need. As i used to say "tester once, tester forever"
     

    Andy Ful

    Level 49
    Verified
    Trusted
    Content Creator
    So both PCs are under Windows 10 Enterprise built-in security (GPO, SRP, Applocker, etc...)
    PC1 (Lenovo) is under Appguard Solo v6.
    ...
    I am not sure if AppGuard SRP is based on Windows built-in SRP. AppGuard uses probably a kernel driver to apply its own SRP. I think that @Lockdown will know the details for sure.
    I miss @Lockdown :cool: here.
     

    Umbra

    Level 11
    Verified
    I am not sure if AppGuard SRP is based on Windows built-in SRP. AppGuard uses probably a kernel driver to apply its own SRP. I think that @Lockdown will know the details for sure.
    I miss @Lockdown :cool: here.
    Own drivers. It doesn't use Windows SRP so it can complement it, if so the user must be logical enough not to make contradictory policies in both of them.

    One thing AG Solo (but AG Enterprise does ) can't do is blocking via certificates.
     
    Last edited:

    crezz

    Level 6
    Verified
    I see that AppGuard and ReHips are quite expensive to purchase each year. Are there any cheaper alternatives that might do a similar job ? I have Kaspersky in Trusted Application Mode and also Voodooshield. I doubt if these products provide an equivalent level of protection, but do they have broady similar purposes ?

    My other question is that for very sensitive online transactions (such as banking) would I mitigate a lot of the risks by using an Ipad instead of a Windows PC ? To my knowledge, all the applications on iOS are sandboxed by default- therefore performing a similar job as AppGuard or ReHips. Would I be correct about this ?