Advanced Plus Security WhiteMouse's Security Config 2020

[WhiteMouse]

New Year, Old Configs.
My rules when create security configs:

• Keep it as simple as possible.
• If i ain't broke, don't fix it.

 

[harlan4096]

You may add some second opinion scanners, even having Cs' settings in some cases may be not bullet proof: HMP, MalwareBytes Free.

Thanks for sharing

 

[WhiteMouse]

I made some changes to my configuration, I'll update this post later.

Realtime Protection:
- Replace Comodo Internet Security with Sophos Home. (I like it's web filtering)

2nd opinion scanner:
- Added Sophos Clean (Hitman Pro).

Windows Defender Application Control:
- Use Microsoft Default profile with Recommend Block Rules.
- Using Event Viewer to manually whitelist programs and DLLs blocked by Windows Defender Application Control.

Windows Firewall:
- Custom rules.

User Access Control:
- Only elevate executable files that are signed and validated.
- Automatically deny elevation requests from Standard User Account.

Powershell:
- Only allow Powershell to run signed scripts.

Windows Update:
- Delay quality updates for 7 days.
- Delay feature updates for 1 year.

 

[WhiteMouse]

Replace Lastpass with Bitwarden. (I should have done this a long time ago)

 

[oldschool]

Are you using Sophos free version?

 

[WhiteMouse]

Are you using Sophos free version?

Yes, I'm using free version.

-Added: Brave Browser.

First issue, it broke Sophos Web Filtering.

 

[oldschool]

First issue, it broke Sophos Web Filtering.

How so? Does Sophos even support Brave?