- Apr 5, 2021
- 621
Changed DNS servers from Cloudflare to Quad9.
wat0114 security config 2021
- Thread starter wat0114
- Start date
- Apr 5, 2021
- 621
Changed Hard_Configurator setting to High, enabled all but Adobe Reader Firewall Hardening rules, and un-installed MalwareBytes Windows Firewall Control. As a result, things get a little simpler, without sacrificing security.
- Dec 23, 2014
- 8,604
- Apr 5, 2021
- 621
Oops, sorry, I mean Configure Defender Protection level within H_C to High. I forgot CF is built into H_C.????
- Dec 23, 2014
- 8,604
Which H_C's setting profile do you use for now?
- Apr 5, 2021
- 621
Do you mean from the main interface?
EDIT
I chose Recommended Settings if that's what you mean.
EDIT 2
So Andy, you have helped me discover predefined profiles. I went to the Manual and found out about them. I just applied: Windows_10_Strict_Recommended_Settings.hdc. I had always thought the Load Profile button was to load profiles saved only by the user - not to also load predefined profiles included with the utility. I had simply hit the Recommended Settings button before.
Thanks!
Last edited:
- Apr 5, 2021
- 621
I forgot to mention, I also added many Firefox about:config settings from Yet Another Firefox Hardening Guide
Thanks again to @oldschool for your recent post on this.
Thanks again to @oldschool for your recent post on this.
- Mar 29, 2018
- 7,710
With Microsoft Defender and Hard_Configurator at your settings you could easily go without OSA. You might want to check out the impressive results in these links:
Malware Hub Report - Hard Configurator - march 2019 report
Malware Hub Report - Hard Configurator - april 2019 report
Malware Hub Report - Hard Configurator - may 2019 report
https://malwaretips.com/search/276925/
Malware Hub Report - Hard Configurator - march 2019 report
Malware Hub Report - Hard Configurator - april 2019 report
Malware Hub Report - Hard Configurator - may 2019 report
https://malwaretips.com/search/276925/
- Dec 23, 2014
- 8,604
With these settings you have to remember that:
- Many application auto-updates will be blocked. You have to update these applications manually after switching off the SRP temporarily (<Switch ON/OFF SRP> green button). The details are described in the H_C FAQ.
- In these settings "Install By Smartscreen" works with high privileges, so it should not be used on SUA. When using these settings on SUA the application installations should be done like in point 1. If not then some applications will install files on administrator account instead of the standard user account.
There is no problem when using only one account (default Administrator account).
Last edited:
- Apr 5, 2021
- 621
Those are indeed impressive results. Thanks for sharing. I'll keep OSA installed at least until my license expires in three months, then I'll decide whether to remove it.
- Apr 5, 2021
- 621
This not only works for me, but I like the restrictions better than the Recommended settings
- Dec 23, 2014
- 8,604
Oldschool is right that OSA is not necessary in those settings. Such a setup would be overkill for most home users. Anyway, If you do not encounter any problems and do not feel the setup inconvenient, then there is no reason to change it.
- Dec 23, 2014
- 8,604
... I like the restrictions better than the Recommended settings
The Recommended Settings are in fact better for most home users. Anyway, I can understand that you can feel that more restrictive settings can be 'better' for you.
- Apr 5, 2021
- 621
The Recommended Settings are in fact better for most home users. Anyway, I can understand that you can feel that more restrictive settings can be 'better' for you.
There seems to be no limit to the ingenious level of attack methods malware authors create. I guess my overkill setup is to potentially prevent a future attack that might bypass a setup that is currently adequate for home users. I could be out to lunch on this theory, but I guess I like the additional insurance policy, even though it may never be needed.
- Apr 5, 2021
- 621
Haha, I was asked this same question back in post #28 of this thread. A long discussion ensued. Basically I can't remember specifically why I enabled it, it was so long ago.
- Apr 5, 2021
- 621
No I just use Firefox with hardened about:config settings, some Privacy settings enabled, with UBO and LocalCDN extensions.
Also several Exploit protection settings enabled in Defender for Firefox.
Last edited:
- Dec 23, 2014
- 8,604
Yes, that is true. I think that in your case this setup is simply fun or kind of a hobby. It is safe and it is OK if you like it.
Be safe.
Last edited:
- Apr 5, 2021
- 621
Well, LOL, I reverted to Recommended settings due to being unable to launch OneDrive, and for a lesser reason, the %TEMP% directory is restricted by the SRP rules.
Besides, the latter is nicely under surveillance from OSA
EDIT
and yes I realize scripting is likely going to trigger first in this type of exploit, which H_C will stop.
Besides, the latter is nicely under surveillance from OSA
EDIT
and yes I realize scripting is likely going to trigger first in this type of exploit, which H_C will stop.
Last edited:
Similar threads
