Advanced Plus Security Vasudev's Security Config for 2018

[Vasudev]

Updated MEFW using some guides and remove the lock permanently. Dell delayed the update, so I took a long route to fix it.
Here's the guide if anyone's willing to try it. Be sure to check if your system supports the MEI FW update. I tested only on Skylake/Kabylake PCH-H series chips only.
New BIOS for 15R2/17R3 v1.4.4
Reverted back to older BIOS as per Intel's and Dell's guidance.

 

[Vasudev]

Updated to Build 909. Updated WD engine from 4.10 to 4.12 via WU.
Removed:
NVT OSA because it doesn't support secure boot.

 

[Mahesh Sudula]

Updated to build 850 and finally moved to uGet as default download manager on Windows & Linux.
Added:
Dr. Web LiveCD
Changed title to reflect security settings for the year 2018.
@Jack Well, we might need to re-create security config for 2018 and above considering the fact 2017 had lot of exploits and vendors didn't provide fixes like BIOS updates, microcode patches. I think we must include an fields such as BIOS updated or not? MEI FW is updated and secured, Spectre/Meltdown patches etc..

Consider adding Avira / Kaspersky in place of Dr web as Live Cd..it is a bit high on Fp's ..
Use Norton Dns instead of Avira Browser Safety
to go

 

[Vasudev]

Consider adding Avira / Kaspersky in place of Dr web as Live Cd..it is a bit high on Fp's ..
Use Norton Dns instead of Avira Browser Safety
to go

Kaspersky doesn't work on Secure boot based system even with legacy mode turned ON, so it worked like ##### w/o detecting NVMe drive and other things because I ran it on cmd line since GUI was failing to run on EFI based systems. I have ESET, Dr. web and WD LiveCDs which worked like a charm on secure boot.
Dr. web acc. to me had worked great. In terms of scan time ESET was faster.

 

[harlan4096]

There is a new KRD2018 in beta testing now...

 

[Evjl's Rain]

Use Norton Dns instead of Avira Browser Safety

I use both of them
in his case of WD, he doesn't have a proper web filter beside google safebrowsing
more is better. I don't see any problem using both. Almost no speed difference

 

[Vasudev]

I use both of them
in his case of WD, he doesn't have a proper web filter beside google safebrowsing
more is better. I don't see any problem using both. Almost no speed difference

Oh I use Google DNS so Norton DNS isn't needed at all. BTW, Norton DNS was very slower than Google/OpenDNS.

 

[Evjl's Rain]

you can enable windows defender's web filter (google for the guide)
googleDNS doesn't provide any malware blocking ability

or you can try these following malware blocking DNSes, if Norton is slow for you, find an acceptable one. Obviously, they are slower than Google DNS. OpenDNS may give you the best speed compared to the others in this list but it's the poorest at malware blocking

• OpenDNS Home- 208.67.222.222, 208.67.220.220
• IBM Quad 9 - 9.9.9.9
• SafeDNS - 195.46.39.39, 195.46.39.40
• Adguard DNS - 176.103.130.130, 176.103.130.131

 

[Vasudev]

you can enable windows defender's web filter (google for the guide)
googleDNS doesn't provide any malware blocking ability

or you can try these following malware blocking DNSes, if Norton is slow for you, find an acceptable one. Obviously, they are slower than Google DNS. OpenDNS may give you the best speed compared to the others in this list but it's the poorest at malware blocking

• OpenDNS Home- 208.67.222.222, 208.67.220.220
• IBM Quad 9 - 9.9.9.9
• SafeDNS - 195.46.39.39, 195.46.39.40
• Adguard DNS - 176.103.130.130, 176.103.130.131

Thanks.
Did you know WD NIS update file has known Zero day protections and also some form of protection against unknown 0 day malware. You can find the log in this location C:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support

 

[Vasudev]

Added:
Installed New BIOS to patch Spectre issues.

 

[Vasudev]

Updated to build 966 and I'm trying Insider 17115 slow release as well in a VM.

 

[Vasudev]

Updated to RS4.
Trying out CloudFare DNS and Quad9 DNS.

 

[bribon77]

Thanks for sharing

 

[Vasudev]

@Umbra Do we get a option for offline win 10 updating?

 

[Deleted member 178]

@Umbra Do we get a option for offline win 10 updating?

Get the Windows 10 Spring Creators Update early - gHacks Tech News

 

[Vasudev]

Get the Windows 10 Spring Creators Update early - gHacks Tech News

Sorry for very late response.
I meant an option that says "Windows 10 updates only through full offline MSU packages"
I always do that instead of running WU. Its faster and install only recommended patches just for the OS.

 

[Deleted member 178]

I believe you have it somewhere, but i don't remember the adress.

 

[Vasudev]

I believe you have it somewhere, but i don't remember the adress.

No, I meant add that option while creating security config thread will be really helpful.

 

[Vasudev]

Updated to 17134.48

 

[Vasudev]

Refreshed FF profiles on all PCs and I was shocked to find the new lighter UI and immense speedup since I was using same profile from FF 48-->FF60.