Advanced Plus Security Windows Security updated setup

[Daniel Keller]

Thanks for this setup. I like it very much. It is sig free, lightweight (even on older hardware) and I always had the opinion that the best malware protection is to prevent malware from getting started at all .

How do you configure windows firewall? Imho you should add something like Tinywall or WFC...

 

[Windows_Security]

@Daniel Keller, I manually have configured it to be two-way (blocking in and outbound by default). I like the concept and simplicity of TinyWall very much. I would use TinyWall when for some reason I wpld not be able to find the right (allow) rule manually.

 

[Daniel Keller]

@Daniel Keller, I manually have configured it to be two-way (blocking in and outbound by default). I like the concept and simplicity of TinyWall very much. I would use TinyWall when for some reason I wpld not be able to find the right (allow) rule manually.

To find the right rules to set I usually click on "Show connections", and then uncheck "show active connections", then check "show blocked apps (in last 2 minutes)".
Then you could right click on the recently blocked app or process and easily whitelist it...

 

[RoboMan]

come play with me.
Already diamond 3 EUNE haha but now dv(main sup)

I'm playing in NA Unranked main sup as well hehe, you can't beat my Thresh

 

[Sunshine-boy]

I guess can since I was top 100 Janna world(lol skill) 1 month ago lol and in due with rank 1 jinx world as my premade

 

[Deleted member 178]

@Windows_Security Congratz for you setup , you earned the "Pro Config" tag

 

[Windows_Security]

THX!

 

[Windows_Security]

Replaced manual ACL's with Secure Folders, see picture (with SyncBackFree as only Trusted Application). So now I have anti-execution (Secure Folders), anti-ransomware (KART), anti-exploit (MemProtect), backup (SyncBackFree), backup protection (Secure Folders) and whiitelisting (Applocker). Should be sufficient IMO.

Note: My Pictures folder is a one day delay backup from a backup (NAS) of my wife's laptop pictures folder (it is her hobby).

 

[Deleted member 178]

Replaced manual ACL's with Secure Folders, see picture (with SyncBackFree as only Trusted Application). So now I have anti-execution (Secure Folders), anti-ransomware (KART), anti-exploit (MemProtect), backup (SyncBackFree), backup protection (Secure Folders) and whiitelisting (Applocker). Should be sufficient IMO.

yes should be enough for everybody , and even more than enough if you have safe habits.

 

[Glashouse]

Replaced manual ACL's with Secure Folders

I saw in another thread that you also played with Pumpernickel, how do you like it or better, why do you prefer Secure Folders?

Thanks

 

[Windows_Security]

PumperNickel free lisence is only valid for one year and it has no GUI. Easy File Locker (link) has the same granularity as Pumpernickel and it comes with a GUI. SecureFolders is abondonare and has less granularity (exception apply to all folders in stead per folder) but has a deny execute option. SO when you look for a free alternative to Pumpernickel with a GUI: Easy File Locker is the best 1-to-1 alternative.

 

[Sunshine-boy]

Easy File Locker

Thnx for this

 

[Daljeet]

This config puzzle me

 

[Trooper]

Nice setup man!

 

[BugCode]

Very nice W_S !!!

There has been "some" backround-work and must have "little" bit knowledge to doing this and for sure has to be interest this kind of things and will to learn all day new "Ultimate Security Config". What can i say, you are SECURE! noooo, you are freaking PRO!

:clap: :clap: :bow: :bow:

 

[Windows_Security]

I've been looking at memprotect for months, but haven't taken the leap yet. excubits website says >>MemProtect can be installed within a few seconds. In addition, our solution works fully transparent in the background, there is no interaction required.<< but it doesn't really "work" right out of the box, right? You have to tweak it's settings as you show above and probably more involved than that. I both do (& do not) want to take the time to learn it deeply, yet I know if I did, I'd be more informed and better protected. maybe this weekend... ...

Well when you take the Dev's words literately it is true what Florian says. MemProtect can be installed with a right click of a mouse (within a second). The program has no graphical user interface, so it requires no interaction

From a user perspective you are right, it does not work out of the box. Be careful make a backup/restore point first because it uses Windows build in mechanisms to prevent process memory manipulation (called 'protected processes' feature). Even High Integrity Level processes (like Admin and System) are blocked by this protected processes feature.

There is no smarter and safer anti-exploit protection available on the market IMO. It is smarter than any other because it uses Windows mechanisms, so no incompatibility issues with other (security) software It is safer because it is a hardening mechanism (taking away the option to manupulating other processes memory, injecting DLL's or using their credentials with process hollowing).

 

[Sunshine-boy]

Hey if I only copy paste these rules? Will it work?
[LETHAL]
[#LOGGING]
[WHITELIST]
[DEFAULTALLOW]
!*\Chromium\*>*\Chromium\*
!*\Windows Media Player\*>*\Windows Media Player\*
!*\Microsoft Office\*>*\Microsoft Office\*

!C:\Program Files\*>*SumatraPDF.exe
!C:\Program Files\*>*splwow64.exe
!C:\Program Files\*>*chrome.exe

*>*
[BLACKLIST]
*\Chromium\*>*
*\Windows Media Player\*>*
*\Microsoft Office\*>*
*SumatraPDF.exe>*

C:\Users\*>*explorer.exe
C:\Users\*>*dllhost.exe
C:\Users\*>*rundll32.exe
C:\Users\*>*taskhost.exe
C:\Users\*>*dwm.exe
[EOF]

 

[Windows_Security]

No, sorry depends on the installation directories and user data folders of the programs.

 

[AlanOstaszewski]

Hey if I only copy paste these rules? Will it work?
[LETHAL]
[#LOGGING]
[WHITELIST]
[DEFAULTALLOW]
!*\Chromium\*>*\Chromium\*
!*\Windows Media Player\*>*\Windows Media Player\*
!*\Microsoft Office\*>*\Microsoft Office\*

!C:\Program Files\*>*SumatraPDF.exe
!C:\Program Files\*>*splwow64.exe
!C:\Program Files\*>*chrome.exe

*>*
[BLACKLIST]
*\Chromium\*>*
*\Windows Media Player\*>*
*\Microsoft Office\*>*
*SumatraPDF.exe>*

C:\Users\*>*explorer.exe
C:\Users\*>*dllhost.exe
C:\Users\*>*rundll32.exe
C:\Users\*>*taskhost.exe
C:\Users\*>*dwm.exe
[EOF]

Don't copy this settings. Make your own! It will not work good.
You can copy only this:
C:\Users\*>*explorer.exe
C:\Users\*>*dllhost.exe
C:\Users\*>*rundll32.exe
C:\Users\*>*taskhost.exe
C:\Users\*>*dwm.exe

 

[simmerskool]

Well when you take the Dev's words literately it is true what Florian says. MemProtect can be installed with a right click of a mouse (within a second). The program has no graphical user interface, so it requires no interaction

From a user perspective you are right, it does not work out of the box. Be careful make a backup/restore point first because it uses Windows build in mechanisms to prevent process memory manipulation (called 'protected processes' feature). Even High Integrity Level processes (like Admin and System) are blocked by this protected processes feature.

There is no smarter and safer anti-exploit protection available on the market IMO. It is smarter than any other because it uses Windows mechanisms, so no incompatibility issues with other (security) software It is safer because it is a hardening mechanism (taking away the option to manupulating other processes memory, injecting DLL's or using their credentials with process hollowing).

great reply, thanks. without knowing more, I'm assuming then app like malwarebytes anti-exploit will not work, and would be unnecessary once memprotect is setup correctly. ? by concept excubits apps remove need for other security apps, I'm trying to come up with best layers of security, and in terms of excubits apps, I think I'm not seeing a clear or complete understanding of how best to proceed. Eg, if I do this, then I remove that... and then next step. Maybe I'm making it overly complicated in my head?