Advanced Plus Security Victor M Security Test Box Win 11 22H2

Last updated
Nov 13, 2022
How it's used?
Operating system
Windows 11
On-device encryption
Log-in security
    • Basic account password (insecure)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Enabled
Real-time security
OSArmor
Faronics Anti-executable
Sandboxie
Default Deny firewall rukes
MS Security Baseline for Win 11 22H2

AutoPlay disabled
SecureBoot
Core Isolation ON, Memory Protection ON
Removed protocol: Client for MS Networks
Removed protocol: File & Printer Sharing
Removed protocol: QoS
Removed protocol: LLDP
Removed protocol: Link Layer Topology x2
Disable NetBIOS over TCP/IP
DNS over HTTPS
Disabled pre IPv6 tunneling protocols
Disabled IGMP
Drop Source Routed packets
Disabled UPnP
Disabled SMB ( I don't share files with anybody )
Disabled Proxy AutoSearch
Disabled Media Player scripts
Set CTRL-ALT-DEL and NoDisplayLastUser login
Custom Windows Defender Exploit protection from Chrome and Firefox and built-in apps
Disabled DCOM
Hardened Windows Services ( disabling ones I never use )
Set Deny Network Logon to Everyone group
Set Deny Remote Desktop Logon to Everyone group
Set Settings > Privacy to deny everything ( I don't use most built-in Win Apps )
Set only allow TLS 1.2
Enable DEP for all programs
Disable dump file creation
Disallow Remote Assistance in and out
Enlarged space avaiiable to Restore Points
Set Admin account login to automatically disconnect from inet
Removed SYSTEM and Admin Group access from My Documents. So that a SYSTEM acc compromise does not enable access to my documents
Setup VeraCrypt for my most sensitive documents
Setup BIOS admin password
Installed a high-security door lock
Enabled BitLocker

Set up Event ID's custom views for incident response
Saved MS AutoRuns log for comparison for incident response
Saved netstat output for comparison for incident response
Saved driverquery output for comparison for incident response
Setup honey folder for incident response

Perform Nessus vulnerability scans once per month
Run PatchMyPC twice per month
Firewall security
Microsoft Defender Firewall
About custom security
only 14 outbound rules, no inbound rules active
Periodic malware scanners
Windows Defender
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
MS Edge with Sandboxie, uBlock Origin extension. LastPass extension.
Secure DNS
Quad 9 HTTPS-DNS
Desktop VPN
None
Password manager
LastPass
Maintenance tools
Macrium Reflect drive image. With image of virgin-offline-hardened state. Then another image of online-software-registered state. And then images every 2 weeks.
File and Photo backup
Macrium Reflect
System recovery
If standard account is compromised, backup documents and eliminate account. Because Secondary Logon Service is disabled, the attacker should not be able to cross over to admin account.
If admin account is compromised, eg when doing maintenance, then Partred Magic Erase Disk, and re-image from online-software-registered state.image. If compromised at software registration stage, then Parted Magic Erase Disk then re-image from virgin-offline-hardened state.
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
Computer specs
Intel i5 3210M
8GB RAM
256 GB SSD
What I'm looking for?

Looking for medium feedback.

Notes by Staff Team

  1. This setup configuration may put you and your device at risk!
    We do not recommend that other members use this setup. We cannot be held responsible for problems that may occur to your device by using this security setup.

Victor M

Victor M

Level 8
Thread author
Verified
Well-known
Oct 3, 2022
380
I am partially satisfied with this setup, but always on the look out for more improvments.

My previous setup included Voodoo Shield, the anti-executable. But I find that I don't want it's online reputation check, I only want everything foreign blocked. I am not the install-happy try-every-software type. So I switched to Faronics Anti-Executable. And besides, a hacker once showed me that that online capability can be hacked. So I blocked it's online feature for the time being. Now I have switched products and am happier.

I am also a past customer of HitManPro Alert. But it didn't protect me much, as my attacker switched to using javascript attacks. Javascript is much too powerful. The attacker managed to freeze my entire Chrome window, not allowing me to even close it. I had to use Task Manager to kill the process. Sandboxie prevents infection of the host, but does not stop this kind of Denial-of-Service attack.

I must qualify for the most hacked award..
 
Last edited:
  • Like
Reactions: Behold Eck, Kongo, Nevi and 4 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
You can add also in Periodic scanning, some 3er party scanners (not only the one from the main protection).

Do You have Malware Defender enabled or disabled? It's a bit unclear 🤔

Thanks for sharing :)
 
Last edited:
  • Like
  • Applause
Reactions: Kongo, vtqhtr413, silversurfer and 3 others
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,505
I doubt that using Faronics Anti-Exe and OSArmor is a good complementary setup. Why not using Microsoft Defender + OSArmor alone and save some money? Otherwise a good and detailed config (y)
 
  • Like
Reactions: Stopspying and harlan4096
Victor M

Victor M

Level 8
Thread author
Verified
Well-known
Oct 3, 2022
380
Faronics Anti-Executable and OSArmor do different parts of security that one needs. An anti-exe stops foreign exe's from running. It takes an inventory of exe's and dll's and 'locks' in that state. The attacker can copy over a tool, but it wouldn't run. OSArmor covers the other part, where the attacker uses Windows' own executables to do dirty things, and OSArmor stops those, like using SC to stop a service. The two are complimentary.
 
Last edited:
  • Like
Reactions: Behold Eck, Stopspying, Kongo and 2 others
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,505
Victor M said:
Faronics Anti-Executable and OSArmor do different parts of security that one needs. An anti-exe stops foreign exe's from running. It takes an inventory of exe's and dll's and 'locks' in that state. The attacker can copy over a tool, but it wouldn't run. OSArmor covers the other part, where the attacker uses Windows' own executables to do dirty things, and OSArmor stops those, like using SC to stop a service. The two are complimentary.
Click to expand...
I see. Yet there are still too many programs running in real-time for my taste. But as long as you don't experience any issues, you should of course keep on using it. I was about to say that you could check out VoodooShield, but I saw that you weren't really satisified with that product before. Anyway, if you are interested in trying new products from time to time, you might want to check out AppGuard Solo. Quite expensive too, but it looks like it's just what you are looking for.

Video demonstration:

Website: AppGuard Solo - AppGuard
 
  • Like
Reactions: Stopspying, oldschool and harlan4096

Similar threads

Victor M
    • Like
Advanced Security Victor M BitDefender EDR test box Config
Replies
4
Views
752
PC Setup Configuration Help & Showcase
Victor M
Victor M
Victor M
    • Like
Advanced Plus Security Victor M - Aging PC Security Config
Replies
5
Views
1,102
PC Setup Configuration Help & Showcase
Victor M
Victor M
ebocious
    • Like
Advanced Plus Security Ebocious's Yoga 6 Security Config
Replies
18
Views
1,214
PC Setup Configuration Help & Showcase
ebocious
ebocious

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top