What is your security setup these days?

On my malware testing laptop, i'm currently testing Trend Micro Antivirus Plus with OSArmor.
I set Trend Micro to use "Hypersensitive" mode and OSA to default settings.
I've been testing this "combo" about a week against bazaar samples, not only .exes but scripts etc. Very, very effective combo.
I'm trying to infect my testing laptop for a week, but no success. This "Hypersensitive" mode is "kind of a" default-deny, but it it's not.

However, i installed trial version of SpyShelter 15 and used SS15 feature to "terminate" Trend Micro processes.
You cant terminate TM processes via Task Manager, but with SS15 you can.
I was able to terminate most of the TM processes with SS15. Only two TM cannot be killed. Those unkillable TM processes cannot "respawn" TM core processes.
But this caused SS15 40% CPU usage, maybe SS15 keeps on terminating TM core processes, while TM trying to start them...i don't know.

I like SS15, but it does not offer, fer me, anything new or innovative compared to similar products.

 

Yea im also wonder ,, there is stilll people who living like under rock and install fake/crap soft like avast avg mcafee... products..

 

They aren't fake, why do you call them that?

 

Bc they are more toxic for thier consumer than even casual malware...
And there are solid profs for that... and even if not thier quality its so damn BAD but ****** BAD, VERY BAD.....

For example Avast.. use network for find opinion about product.
https://www.infosecurity-magazine.com/news/avast-fine-selling-browser-data/

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="IsolateSandboxedIframes,EnableCsrssLockdown"

• Home page: https://start.duckduckgo.com/
• Search engine = DDG
• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - OISD Full + EasyPrivacy
• Share browsing data with other Windows features - disabled

Policies:

• AutomaticHttpsDefault = 2
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
• HubsSidebarEnabled - false
• CryptoWalletEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• RendererAppContainerEnabled - true
• SandboxExternalProtocolBlocked - true
• Edge3PSerpTelemetryEnabled= 0
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false

Edge://flags:

Enabled:

• Experimental QUIC protocol
• Block scripts loaded via document.write
• TLS 1.3 Early Data
• TLS 1.3 hybridized Kyber support
• Block insecure private network requests.
• Parallel downloading
• Show block option in autoplay settings
• Enable Back/Forward Cache
• Experimental Tracking Prevention Features
• Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality
• Project Robin experiment
• Enable Digital Signature for PDF
• New PDF Viewer
• Strict-Origin-Isolation
• Back-forward cache - Enabled force caching all page
• Third-party Storage Partitioning
• Origin-keyed Agent Clusters by default
• Origin-keyed Processes by default

Disabled:

• Allow Microsoft Search with Bing for any default search engine
• Enable Drop's custom notification

Extensions:

Edge Store:

• UBO - Hard Mode with TLD's
• Video DownloadHelper

Chrome Web Store:

• SwiftDial
• Stream Recorder - download HLS as MP4
• Don't add custom search engines

 

Where do you apply policies?

 

There have been privacy issues, but nonetheless AVAST and AVG provide excellent protection. McAfee, although not as good, is decent too and the new version released in the last month or two, is much lighter than previous versions.

 

This registry path for almost all rules:

Code:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge

Rules with the policy "TLSCipherSuiteDenyList" should be placed in a dedicated subfolder.

 

FRESH START - DESKTOP

April 3, 2024

Network

• Netgear Orbi AC2200 Tri-Band Mesh Wi-Fi System (3-pack)
• Netgear Armor (Bitdefender / Paid) - Enabled
• WiFi WPA2-PSK AES Encryption - Enabled
• SPI & NAT Firewalls Built-In
• Quad9 DNS1 / Cloudflare DNS2/ Adguard DNS3

Computers

• LOCAL ACCOUNTS - Administrator Password Protected
• DESKTOP (Custom Built Desktop) - Windows 11 Pro x64 Ver. 23H2 Built 22631.3374

Built-In Security

• USER ACCOUNT CONTROL: HIGHEST SETTING
• WINDOWS DEFENDER SECURITY CENTER: ALL ENABLED
• WINDOWS RANSOMWARE PROTECTION: ENABLED
• WINDOWS CORE ISOLATION: ENABLED
• WINDOWS SMART APP CONTROL: ENABLED
• WINDOWS FIREWALL: ENABLED

Resident

• Malwarebytes WFC v6.9.9.6 - Medium Filtering, Display Notifications: Outbound
• Keysccrabler 3.17.0.4 - Keystroke Profiling Enabled
• Adguard Premium 7.17.0.4691 RC (Paid) - Beta Update Channel, Custom Settings + Additional Filters Enabled

On-Demand

• Macrium Reflect Free Edition 8.0.7783 - Backup Template: Full \ Differential
• Adguard VPN 2.2.4 (Paid) - On Demand
• VMware Workstation 17 Pro 17.5.1 build-23298084 (Paid) - Software Testing
• Emergency Toolkit 2023.10.0.12134 - Beta Update Channel

Browsers, Immunization, Tweaks

• Microsoft Edge v123.0.2420.65 (Official build) (64-bit) - Lastpass & Emsisoft Browser Security
• Homepage and Search Providers set to Startpage
• ConfigureDefender 4.0.0.0 - High Settings
• Spyware Blaster 6.0 - All Protection Enabled + Custom Block List
• Microsoft PC Manager 3.3.17.0 - Manual Cleanup
• Windows & Documents - Separate NVMe SSD Drives

 

Gen Digital alias Norton LifeLock with Avast, AVG, Bullguard, Piriform and some more, are still collecting a lot of user behavior, free and paid software. but they are pretty aware not to sell personal information. and i am sure they will sell or share to their partners.
ofc any of those, and some more incl microsoft is gathering some kind of "telemetry". but i think this is less worse than using an intercepting PAID software which is collecting same. In special Kaspersky is still collecting any kind of non-sensible data with the same id for all their clients, kaspersky told themselves. avast denied and was sued for it because of evidence.
the less of this security crap i install the less i weaken my system and less i do contribute personal data to the world.

 

+1
Windows 10 firewall control, and OSA.

 

Windows 11

• Windows Firewall - Default settings
  
• Standard User Account - Default settings
• User Account Control - Default settings - Always Notify

Security Solutions

• Malwarebytes Premium - Real-time, Browser Guard not installed
  
• WindowsHybridHardening Light - SWH On, SmartScreen Block and WDAC Off
• Sophos ScanAndClean - On-Demand
• SyncBackFree - On-Demand back-up
• Bitwarden - Free tier, credential/password repository
• Librewolf or Thorium browsers

Network Security

• AX + WPA3
  
• Pi-hole
  • cloudflared module for DNS-over-HTTPS - utilizing Quad9 DOH
  • HaGeZi Multi Pro, Threat Intelligence Feeds, Most Abused TLDs, Privacy Filters

 

OS: Windows 11 Pro 23H2 22631.3296

Backup: Macrium Reflect Home 8.1.7909
Antimalware: Eset Nod32 Antivirus 7.1.9.0
Content blocker: uBlock Origin 1.57.0

 

Nice setup @Minimalist using exactly the same setup, simple, efficient and…minimalist

 

Windows 11 Pro 23H2

Standard User Account
Microsoft Defender - Block all unknown executables | All ASR rules
Smart App Control
Max Exploit Protection settings
Edge | µBO
Brave | Shields
Aomei Backupper Pro + Windows built-in

 

Yes I also like it a lot. For me less is more

 

The problem with SS15 is that it's not really an improvement when compared to SpyShelter 12. Perhaps you can also check out the new Comodo Internet Security 2024 to see if their behavior blocking is any better.

 

@Rasheed187
I think, i'll stay with Harmony Endpoint + OSA.

 

Finally put Windows 7 out to pasture. Now running W11. A dead Seagate hard drive forced my hand. I'm glad to make the change.

 

Hi Page! I think Windows 11 is okay, I can't see any difference with Windows 10, but it is very stable, reliable and secure. Windows Security is really very effective especially considering that there is no malware

 

I find 11 more stable and reliable than 10, and I'm happy too to have switched off Windows 7.

 

Sounds like a solid setup. I'm currently using OSA and SysHardener as additional layers of security.

 

Something similar i do like to see, is what old Forticlient did. Any connections to domains registered within two weeks are blocked until approved by Fortinet or other vendors. This might give you one more protection layer for outbound connections.

 

Thank you for your input, Osaban.
I said goodbye to Sandboxie, Macrium Reflect and some others.
Keeping ESET NOD32 Antivirus, AdGuard 7.17.1, Mailwasher Pro, KeePass. Added SyncBack.
I am stunned by the speed difference between my old W7 machines and these two W11 boxes.

 

Page, out of curiosity why did you get rid of Macrium? did you replace it with a similar software? I agree with you Win 11 is really fast on suitable hardware.