[Kees1958]

Running as Admin on Windows7 x32 ultimate with no third party real time security

Threatgate protection
Wireless Router with WPA2, SPI with Flood/Poisoning/Spoofing protection and Norton DNS (malware). Use Windows FW both for inbound and outbound. Added a deny execute on all threat gate folders (browser download, e-mail and media player using Access Control Lists deny execute/traverse folder for Everyone). Used Group policy hardening to deny execution from USB and never execute autoruns of USB sticks.

Internet facing programs protection
ISP service includes email scanner and spam-filter. Running browser, mail, media player "As Invoker" (using Windows file and registry virtualisation) with EMET 3.0 memory overflow protection. Using Chromium (unsigned application) with Chrome sandbox and build in safe browsing website blacklisting and download reputation scoring. Running Chrome PDF and Flash plug-in with Mandatory Low Rights (AppContainer).

User land protection
Users are allowed to only execute signed executables and DLL's (AppLocker) on C:\Drive (moved user data folders to data partition D:\). SRP set to default level of basic user (allowing Users to run other executable formats from the default safe places only). With run as admin still possible to install programs. Chromium and 7-Zip as unsigned programs are allowed to run by (AppLocker) hash (both exe and dll).

Admin space protection
UAC set to high and deny elevation of UNsigned executables. Administrators are allowed to execute all from safe places (Windows and Program Files directories) and signed stuff from other directories on C:\Drive (AppLocker).

On demand
- Grand parent (USB drives), Parent (NAS, 2nd HD), Child (HD) backup scheme with Win7 Image and Synctoy Data backup
- Running CCleaner through scheduled task (/run /tn) to evade UAC pop-up
- HitmanPro Free (cloud) scan