Advanced Plus Security WhiteMouse's Security Config 2023

Last updated
Jan 1, 2023
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
  • Security Baseline for Windows 11 22H2, Microsoft Edge and Microsoft Office.
  • Custom WDAC policy: Default Windows + Microsoft recommended block rules + Whitelist all files in Program Files by digital signature or hash + HVCI strict mode.
  • Microsoft Edge: Super Duper Secure mode on for all sites.
Periodic malware scanners
None
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge: Adblock Plus, Bitwarden
Desktop VPN
Mullvad VPN
Password manager
Bitwarden
Maintenance tools
Storage Sense
File and Photo backup
Onedrive
System recovery
Macrium Reflect
Risk factors
    • Browsing the Internet without an ad-blocker
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Notable changes
2023/1/1: Replace IVPN with Mullvad VPN
2022/12/31: Added Bitwarden extension
2022/12/21: Added Adbock Plus extension
What I'm looking for?

Not looking for any feedback.

kylprq

Level 4
Verified
Jul 26, 2018
146
I got my signed WDAC policies up and running without issue. Feel free to ask anything.
is there a way to install specific program (ie. k-lite codecs it's dropping some files to sys32 directory) without deploying Allow* policy temporarily (disabling WDAC). Modifying supp policy not works because it's somehow blocks random temp/? system32/? directory access and lots of I don't even aware🤔😉
 
Last edited:
  • Like
Reactions: Jack

WhiteMouse

Level 5
Thread author
Verified
Well-known
Apr 19, 2017
228
is there a way to install specific program (ie. k-lite codecs it's dropping some files to sys32 directory) without deploying Allow* policy temporarily (disabling WDAC). Modifying supp policy not works because it's somehow blocks random temp/? system32/? directory access and lots of I don't even aware🤔😉
This is one thing that I still haven't had an answer for it yet. Many applications updater love to drop an Unsigned file to temp folder, there's not much thing I can do about it. I think the most secure way to install those programs is to deploy base policy with ISG (rule 14) - and hope that it doesn't block any files during install, install the program then revert back to the old base policy.
 
  • +Reputation
Reactions: kylprq

kylprq

Level 4
Verified
Jul 26, 2018
146
This is one thing that I still haven't had an answer for it yet. Many applications updater love to drop an Unsigned file to temp folder, there's not much thing I can do about it. I think the most secure way to install those programs is to deploy base policy with ISG (rule 14) - and hope that it doesn't block any files during install, install the program then revert back to the old base policy.
in the future I'm planning to add temp/ ProgramFiles*/ ProgramData and system32/ as FilePath rules to unsigned supp policy for test purposes(I'm aware it's posseses risk but CS-CFW will handle the rest 👩🏼‍🦲🤷🏽‍♀️)
 
  • Like
Reactions: Nevi and Jack

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top