Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
What's your average annual cost for Windows protection?
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1011797"><p>For the last three years, I am running a free all Microsoft security setup, which is based on white listing and frankly I don't see how this setup could be bypassed <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>[SPOILER="10layers to pass <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" />"]</p><p>1. Early Launch Anti malware allowing GOOD only</p><p>2. Running Basic user with Standard Rights, with UAC set to deny elevation of unsigned</p><p>3. Microsoft Defender hardened with GPO identical to ConfigureDefender settings on MAXimum protection level</p><p>4. Windows Defender Application control for user folders allowing only Microsoft signed + Macrium Reflect free (image backup) + Syncback free (data backup) to update.</p><p>5. Software Restriction Policies for Basic user blocking risky file extensions identical to SimpleWindowsHardening plus Microsoft recommended block rules (<a href="https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules" target="_blank">link</a>)</p><p>6. Selection of recommended hardening of Microsoft Security Baseline (2019) which did not interfere with daily usage plus CMD + Wscript disabled</p><p>7. Defender Core Isolation enabled and Defender Exploit Protection code integrity enabled for Explorer, Svchost, Powershell, Microsoft Office and Edge</p><p>8. Smartscreen ON (in Explorer and Edge) and MD Controlled Folders ON (with all data folders and partitions added)</p><p>9. Edge hardened by tweaking the registry (so I can change them as basic user), like enabling AppContainer and disabling most site permissions with build-in Anti-Tracking on STRICT</p><p>10. Router with TrendMicro badware filters, NextDNS DoH with Google safe browsing and privacy filters of NextDNS, AdguardDNS and OISD enabled (allowing affilate tracking links)</p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1011797"] For the last three years, I am running a free all Microsoft security setup, which is based on white listing and frankly I don't see how this setup could be bypassed :) [SPOILER="10layers to pass :)"] 1. Early Launch Anti malware allowing GOOD only 2. Running Basic user with Standard Rights, with UAC set to deny elevation of unsigned 3. Microsoft Defender hardened with GPO identical to ConfigureDefender settings on MAXimum protection level 4. Windows Defender Application control for user folders allowing only Microsoft signed + Macrium Reflect free (image backup) + Syncback free (data backup) to update. 5. Software Restriction Policies for Basic user blocking risky file extensions identical to SimpleWindowsHardening plus Microsoft recommended block rules ([URL='https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules']link[/URL]) 6. Selection of recommended hardening of Microsoft Security Baseline (2019) which did not interfere with daily usage plus CMD + Wscript disabled 7. Defender Core Isolation enabled and Defender Exploit Protection code integrity enabled for Explorer, Svchost, Powershell, Microsoft Office and Edge 8. Smartscreen ON (in Explorer and Edge) and MD Controlled Folders ON (with all data folders and partitions added) 9. Edge hardened by tweaking the registry (so I can change them as basic user), like enabling AppContainer and disabling most site permissions with build-in Anti-Tracking on STRICT 10. Router with TrendMicro badware filters, NextDNS DoH with Google safe browsing and privacy filters of NextDNS, AdguardDNS and OISD enabled (allowing affilate tracking links) [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top