What is your security setup these days?

Yes it's a bit boring and I think also a bit cryptic to most people. I believe that most want to see what type of security tools people are using. Instead you're posting about how you have hardened Windows, over and over again.

 

Then perhaps I will give it a try, because you seem to be using even more tools, thanks for the feedback.

 

@Windows_Security if you've finished with security on Windows, maybe you could explore privacy part also. I moved my focus to that part and it's also interesting

 

@Minimalist, a new project

 

These are the Safe Admin registry tweaks (last post )

Disable access to shell and scripts

Disable 16-bits (32 bits)

http://smallvoid.com/article/winnt-ntvdm-subsystem.html

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat]

Create a reg dword (DWORD): VDMDisallowed = 0


Disable command prompt and scipts

http://www.computerstepbystep.com/command_promt_windows_7.html

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

Create a reg dword (DWORD): DisableCMD = 1 (Default = 0)


Disable powershell script execution

https://www.cogmotive.com/blog/powershell/allowing-powershell-scripts-to-execute

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]

Create a string value (REG_SZ): ExecutionPolicy = Restricted

[HKEY_LOCAL_MACHINE \Software\Policies\Microsoft\Windows\System]

Create a reg dword (DWORD): EnableScripts = 0 (Off)


Disable windows script host

http://www.thewindowsclub.com/windows-script-host-access-is-disabled-on-this-machine

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]

Create a reg dword (DWORD): Enabled = 0 (Off)



Mitigate threats

Block unsigned drivers (system 32)

https://support.microsoft.com/en-us/kb/298503

[HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft\Driver Signing]

Create a reg binary (Binary Value): Policy=2


Block elevation of unsigned executables

https://msdn.microsoft.com/en-us/library/cc232764.aspx

[HKEY_LOCAL_MACHINE \ SOFTWARE \Microsoft\Windows \Policies\System]

Create a reg dword (DWORD): ValidateAdminCodeSignatures=1 (Disabled = 0, Enabled = 1)


Protect system DLL's

http://smallvoid.com/article/winnt-secure-system-dll.html

[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Session Manager]

Create a reg dword (DWORD): ProtectionMode=1 (Disabled = 0, Enabled = 1)

[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Session Manager]

Create a reg dword (DWORD): SafeProcessSearchMode = 1 (Default = 0)


Memory Mitigations

https://www.wilderssecurity.com/thre...xperience-toolkit.344631/page-50#post-2542857

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel]

Create a reg qword 64 bits (QWORD): MitigationOptions =5000000000055

 

I haven't been able to get an anti-exploit to run correctly on my 7 x64 machine, but still try the latest version of HMP.A every few months. I like NVT-EXE Radar Pro with Sandboxie, it's fast and problem-free.

 

MBAE Premium worked just fine combined with ERP and Sandboxie on Win 8.1 64 bit, but I suspect ERP is causing shutdown problems when combined with certain security tools, even after putting it in "learning mode". ERP + SpyShelter gave the same problem, it's a bit frustrating.

 

Both MBAE and HMP.A gave me problems with just Sandboxie running. But I am considering what Windows_Security just posted about the Chrome sandbox, and thinking about other combinations including his methods (which for the most part are over my head).

 

MBAE and HMPA didn't give you problems, stacking multiple security tools gave you problems.

 

MBAE and HMP.A weren't installed at the same time.


I'm going back to pairing AppGuard with Sandboxie, and will probably stay with that for a good while.

 

Reverted to a year old snapshot where Online Armor was installed. As usually it promptly updated its bases and some components. Emsisoft still maintains it (till March 31, 2016). So here's my farewell to OA setup:

UAC max
SUA

Online Armor free
WinPatrol free
MalwareBytes AntiExploit

WP is a nice addition to OA free as the latter doesn't protect the registry (if my memory doesn't let me down).

 

10 Pro X64 TH2

UAC max
SUA
Defender off
HitmanPro Alert 3.1
Macrium Reflect 6 Free

 

Giving KeyScrambler a try.

 

Good Evening! Renewed WSA Security Plus...50% Off Black Friday Sale...ZAM Pro...Heimdal Pro...in baseball parlance...a Triple Play! Sincerely...Securon

 

@Securon
do you really need zam along with wsa +? i thought wsa had it all covered.

 

Works great but uninstalled, I'm thinking that the only time anyone would need to encrypt their keyboard is if they have a keylogger unknowingly installed on their computer. I think with my protection, especially EAM's behaviour blocker, that this will never happen.

 

I added Sandboxie to my setup. Small workout for MBAE to work with SBIE. So far so good.

 

Works for me... his approach is exactly what I'm looking for since migrating over to Win7 Ult. x86. It was always my approach with XP and is always my mainline defense with an OS. I do still supplement my hardening with 3'rd party software, but only after reducing attacking surface as much as possible first and using integrated means to do as much as I can.

I can't thank him enough...

 

I've found it works much better together with v1.06 of MBAE. After updating it I had all sorts of problems getting SBIE startup processes to autostart at Windows boot, along with other startup processes as well. Another reminded of why when I find a solid version of a product I stick with it.

MBAE 1.06 & SBIE 3.76 work great together (on XP anyway).

 

Sandboxie, HitmanPro.Alert, MBAM Premium and some other stuff, on a couple of 7x64 machines.

 

Ditto

 

• MBAM Home Premium, IOBit Advanced SystemCare 8.1 Pro, Avast Premier (Probably going to switch this soon).
• Browser is Chrome with uBlock Origin, Disconnect.me, and HTTPS Everywhere.
• Misc tools include VeraCrypt and CCleaner.

I frequently feel like I'm not using the right software to get maximum protection.. but it's really hard to tell which **** is the best.

 

Has anyone ran MBAE alongside HMP.Alert?

 

Just don't, you'll only create compatibility issues.
It's up to you to decide whether you want to run MBAE or HMPA.

 

I did try the free versions (HMP.A free doesn't have exploit mitigation) and they seemed to work OK.