Latest Changes
Oct 10, 2019
Operating System
  • Windows 10
  • Windows Edition
    Enterprise
    Version or Build no.
    1903
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Standard
    Sign-in Accounts
    Microsoft (@outlook.com)
    Sign-in Options
  • Password
  • Windows Hello PIN (recommended)
  • Windows Hello Fingerprint
  • Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    -----------------------------------------------------------------------------------------------------------------------
    - Windows 10 Enterprise custom built-in Security.
    - AppGuard Solo v6.
    -----------------------------------------------------------------------------------------------------------------------
    RTP - Custom security settings
  • Major changes for Increased security
  • RTP - Details of Custom security settings
    -------------------------------------------------------------------------------------------------------------------
    AppGuard is heavily tweaked with:
    - most LOLbins added to User-Space.
    - internet-facing/vulnerable apps added to Guarded Apps.
    - non-system partitions protected
    -------------------------------------------------------------------------------------------------------------------
    OS is heavily tweaked via various options available in Group Policy or via Regedit tricks, plus:
    - Windows Defender (Customized for high security)
    - Windows Firewall (Customized, all outbound connections blocked on all profiles, allow rules manually made on the fly)
    - SRP (on Basic User mode, All files/users/certificate enforced)
    - Applocker (Customized, all 4 categories Enforced )
    - Bitlocker (datas partitions locked)
    - ApplicationGuard/DeviceGuard/ExploitGuard/Core Isolation/Protected Folders (All enabled and customized).
    Virus and Malware Removal Tools
    ---------------------------------------------------------
    Emsisoft Emergency Kit
    Hitman Pro (registered)
    Browsers and Extensions
    ----------------------------------------------------------------------------------------------------------------------
    - Chrome/"Chrom-Edge" (Customized via various flags) using Netcraft, Malwarebytes BG.
    - MSedge under Application Guard sandboxing with Netcraft, Malwarebytes BG.
    Privacy-focused Apps and Extensions
    ----------------------------------------------------------------------
    -- Adguard For Desktop (customized)
    - Mullvad VPN (dual-hop)
    ----------------------------------------------------------------------
    Password Managers
  • Bitwarden (with 2FA)
  • Web Search
  • Google
  • System Utilities
    -----------------------------------------------------------------------------------------------
    Portable Tools:
    Cleaners:
    Ccleaner, Wisedisk Cleaner.
    Monitors: Process Hacker, Autoruns, Process Explorer.
    Privacy: O&O shutup10.
    Network: TCPview, WIfiGuard.
    Hardware: HWinfo64.
    Data Backup
    --------------------------------
    Cloud Services
    - Mega
    - Sync.com
    - OneDrive
    ----------------------------------
    Frequency of Data backups
    Always-on Sync
    System Backup
    ------------------------------------------------------------
    - Macrium Reflect (Registered)
    - Windows7 Backup & Restore.
    -------------------------------------------------------------
    Frequency of System backups
    Regularly
    Computer Activity
  • Browsing web and email
  • Download files from different sources
  • Office and work related tasks
  • Computer Specifications
    ----------------------------------------------------------------------------------------------------------
    Acer F5-571G: i5-7200U, 8gb RAM, 128gb SSD + 1TB HDD.
    Lenovo Yoga 520: i5- 8250U, 8gb RAM, 256gb SSD + 1TB HDD.
    Asus R900VB: i5-3230M; 6gb RAM; 1TB HDD.
    ------------------------------------------------------------------------------------------------------------
    Not in my recent experience on Win10ent.
    Then you must be doing something magical, because my experience is different (but then I have way less experience than you, I only did IT-security as a minor in my study). Let's agree that a PC protected by AppLocker and AppGuard and Windows Defender configured on HIGH is hard, probably impossible to be intruded by any malware what so ever.

    I'm not sure what you are referring to, but like I said, AppLocker policies are SRP policies in Windows. Even Microsoft says it in their official documentation.
    It is a quote from the official Microsoft documentation I added in my response. A picture tells more than a thousand words (as we say in Dutch), so . . .(picture taken from from the same official Microsoft documentation link: Use Software Restriction Policies and AppLocker policies (Windows 10))

    1570694941372.png
     
    Last edited:
    9

    93803123

    Then you must be doing something magical, because my experience is different (but then I have way less experience, I only did IT-security as a minor in my study)



    It is a quote from the official Microsoft documentation I added in my response. A picture tells more than a thousand words (as we say in Dutch), so . . .(picture taken from from the same official Microsoft documentation link: Use Software Restriction Policies and AppLocker policies (Windows 10))

    View attachment 227206
    I see what you mean, but in that very same document Microsoft says that AppLocker is SRP. It looks to me like the wording in that sentence was done poorly. They probably meant that AppLocker supersedes Group Policy.
     
    I see what you mean, but in that very same document Microsoft says that AppLocker is SRP. It looks to me like the wording in that sentence was done poorly. They probably meant that AppLocker supersedes Group Policy.
    Well English is not my first language, so I always have to read twice to understand any Microsoft Documentation (y);)
     

    Umbra

    Level 3
    Verified
    I can definitely prove that SRP policies are still active even with Applocker's ones active.

    About my config, finished customizing Exploit Guard by adding what i consider my vulnerable apps (browsers, media readers/players, MS office, torrent client, etc...).

    Now time to play with ACL :D
     

    motox781

    Level 8
    Verified
    I am thinking Mullvad Wireguard servers using the Wireguard client is pretty awesome. So much less hassle than the Mullvad client.

    I think Mullvad and IVPN are both equal PITAs when it comes to support.
    I may try Wireguard with Mullvad on Windows, but currently the app for Mullvad is working pretty well. I wonder if Wireguard is even worth trying?
     
    • Like
    Reactions: harlan4096

    motox781

    Level 8
    Verified
    Didn't mean to go off subject, but since Mullvad is still a little fresh on this thread...I find this confusing. I set up a Mullvad connection via Wireguard. Downloaded through the link on Mullvad's site. Setup everything per the guide on Mullvad. Rebooted computer, started Wireguard and recieved this blocked message via Kaspersky.
     

    Attachments

    Umbra

    Level 3
    Verified
    Then you must be doing something magical, because my experience is different (but then I have way less experience than you, I only did IT-security as a minor in my study).
    I don't think i did something special, just enabled everything.

    Let's agree that a PC protected by AppLocker and AppGuard and Windows Defender configured on HIGH is hard, probably impossible to be intruded by any malware what so ever.
    i hope so :D

    It is a quote from the official Microsoft documentation I added in my response. A picture tells more than a thousand words (as we say in Dutch), so . . .(picture taken from from the same official Microsoft documentation link: Use Software Restriction Policies and AppLocker policies (Windows 10))

    View attachment 227206
    They probably meant that Applocker policies comes first then SRP ones.
    for example, Applocker has WD whitelisted but SRP blocks it to even show up in Security Center until i manually whitelist WD's folders in SRP.


    Replaced:

    Chrome/Chrom-Edge extensions:
    Emsisoft Browser Security by Malwarebytes Browser Guard
     
    Last edited:

    DJ Panda

    Level 29
    Verified
    Glad to see you back Umbra! I'd assume if I wanted to be cheap I could use UBlock over Adguard. (Even if it doesn't block stuff other than browsers?)
     
    • Thanks
    Reactions: Umbra

    ebocious

    Level 4
    This setup is identical on all my computers, my systems are static and locked (no fancy softs turn-over, and those im using are checked to be malware-free before being used).
    i don't use any 3rd party security apps, never really needed them, wont need them, wont miss them (except for some occasional testing).
    Only soft deserving being on my systems is Appguard Enterprise or eventually AG Solo (latest version only).

    My system is heavily tweaked to fit my needs and obviously out of reach of common users.

    I also use Linux MX on another machine.
    I knew before I clicked the link for Umbra's Lockdown Security that I was in for a treat. Magnificent!
     

    Umbra

    Level 3
    Verified
    Netcraft and Emsisoft Browser Security and Malwarebytes Browser Guard, any conflict?
    i removed Emsisoft extension.
    Glad to see you back Umbra! I'd assume if I wanted to be cheap I could use UBlock over Adguard. (Even if it doesn't block stuff other than browsers?)
    ublock is good, just i have lifetime licenses for Adguard For Windows so i use it instead. however, I still use Ublock on Linux.