[Kees1958]

Running as Admin on Windows7 x32 ultimate with no third party real time security Changes/updates in orange

Network protection
Wireless Router with WPA2, SPI with Flood/Poisoning/Spoofing protection and Norton DNS (malware). ISP service includes email scanner and spam-filter. Using Windows 7 internal FireWall both for inbound and outbound.

Low Rights Browsing and Privacy Protection
Using Chrome (in Program Files) with Chrome sandbox (AppContainer), Flash and PDF PPAPI (sandboxed) plug-ins and build in safe browsing website blacklisting and download reputation scoring. Block indirect and HTTP cookies, allow HTTPS cookies, block javascript (except from *.NL and *.COM), click to play flash, installed Referer Control extension only (allow only HTTPS) with Windows7 skin.

Threat gate protection
Running browser, mail, media player with EMET 3.5 memory protection. Added an ACL deny execute for everyone on all threat gate folders (browser download, e-mail and media player). Used Group policy hardening to deny execution from USB and never execute autoruns of USB sticks (and lot's of other GPO hardening).

AppLocker protection
Users and Admins are allowed to only execute signed executables and DLL's from safe places (Program Files and Windows). Admins are allowed to run installers from Microsoft and run scripts in Windows directory.

On demand
- Running CCleaner through scheduled task (/run /tn) to evade UAC pop-up
- HitmanPro Free (cloud) scan