What is your security setup these days?

@Mister X When you are a real security hard liner you could

Use MemProtect and Pumpernickel to limit memory and disk access of Chrome. Set a deny execute/traverse folder ACL to all folders Chrome has write access to. Come to think of it, this might be a nice play project with Christmas holiday

 

Thanks again. Yes, I'm going to think of it.

 

If I make ACL for C:\Users\Djigi\AppData, how to add Temp folder (C:\Users\Djigi\AppData\Local\Temp) to exemption?

 

You can use steps explained by Kees on Temp folder and set allow instead of deny.

 

Like this:

 

Here you go

 

Tnx

 

Hey everyone, I just got a 1 year license for Trend Micro Antivirus+ 11 (2017), and was wondering what I could (or should) add to it, thanks! .
OS: Windows 10 Enterprise x64 v.1607.

 

TrendMicro did fairly well in recent comparative tests, according to this source:

http://www.pcmag.com/article2/0,2817,2372364,00.asp

Perhaps you can consider adding a standalone anti-exploit, though HitmanPro Alert/Sophos Intercept, while probably the best, is rather expensive and there's no free version, just trial. Like you I also have Windows 1607 but didn't fare so well with third party antivirus when it first came out, so I'm using Windows Defender (meh)/firewall (good) in conjunction with an anti exploit and anti executable (Alert and VoodooShield) and several Firefox browser security extensions like uBlock Origin. As a result, the only threat I'm currently grappling with is Microsoft.

 

Windows 10 pro 64bit

1. Standard account
2. Windows Defender
3. EMET 5.5
4. Simple Software Restriction Policy
5. UAC blocks elevation of unsigned programs (thanks Windows_Security)
   
6. Norton DNS
7. Chrome in AppContainer with uBlock Origin
8. SpywareBlaster and Unchecky

I think its simple, quite and effective...

 

Windows 7

Panda Protection (Free)
SpywareBlaster
SUPERAntiSpyware (on demand)
MBAE
MBAM (on demand)
Macrium Reflect
Browser Hardening where applicable (JS Switch, uBlock Origin, Flagfox, Decentraleyes)

Ubuntu Trusty Tahr LTS

Browser Hardening (JS Switch, uBlock Origin, Flagfox, Decentraleyes)

 

Bitdefender Antivirus Plus 2017

been using it for a few weeks and have to admit, the best yet

 

• Windows 7 Ultimate
• Sandboxie
• HitmanPro.Alert
• MBAM Premium
• ESET NOD32 AV
• SpywareBlaster
• KeePass
• Macrium Reflect

 

windows 10 x64 : KPN veilig ( fsecure safe 2016 rebrand ) - Malwarebytes anti exploit free - spywareblaster - unchecky - shadowdefender ( on demand )

google chrome : webrtc control - https everywhere - popblocker pro - adguard - stealth mode - windscribe vpn

 

Small changes:
Windows 10 pro 64bit

1. Standard account
2. Windows Defender
3. EMET 5.5
4. Simple Software Restriction Policy
5. Yandex DNS
6. Chrome in AppContainer with Adguard AdBlocker
7. SpywareBlaster and Unchecky

I think its set and forget, simple, quite and effective...

 

Any special settings about that or is set default?

 

No just set it to require Admin consent (requires entering admin password in my case), that is all

 

This:

 

@Djigi There used to be a higher level for Smartscreen (see picture), but it is gone now, so you have the correct one (default)

Old option, now gone

 

Do you think this is a step down from old one (for security)?
Why did Microsoft do that?

 

Hmmm, I notice the word "administrator" is conspicuously missing...lol. I looked around for an answer as to why the one option is missing and couldn't find anything whatsoever. I even looked on the social technet forums. I have Smart Screen enabled also and yes, only those two options: yes or no.

I also noticed the "some info about files and apps you run" on their, I mean, your PC is sent to Microsoft at the bottom of the window. Nice and vague, well, hopefully the data that is harvested will contribute to Defender's improved performance in the upcoming Creators Build. Don't you all think the name "Windows Defender" should be changed to something else? Something more modern and farther removed?

 

Windows 7 Ultimate x64

Standard User Account

User Account Control at max

Windows 10 Firewall Control Plus (SphinxSoftware) free in default deny mode

VoodooShield in Smart mode

Zemana AntiLogger Pro in RT with Pandora

MalwareBytes Anti-Exploit with additional shields for some routine apps

MalwareBytes Anti-Malware in RT and Malicious Website Protection

This setup feels lite on my PC.

 

Windows 10 Home Built-in security :

Machine hardening:
- BIOS Password

System Hardening:
- SUA
- UAC Max with credentials prompts.
- Deny elevation of unsigned executables.
- Windows Defender with PUP Enabled.
- Javascript disabled.
- Windows Features removed: Internet Explorer, XPS; SMB, Legacy Features, Media Features, etc...
- several services disabled.

Network Hardening
- Windows Firewall with customized settings : all profile's connections blocked + disabled/added rules , etc...
- IPv6, homegroup, tunneling, -related features removed/disabled.
- Simple DNSCrypt

Privacy Hardening: (for the fun)
- unused Win10 setting related to privacy disabled.
- O&O Shutup 10 customized
- Softether VPN with VPNgate

3rd Party Security Softs:
- ReHIPS : Isolation + application control
- AppGuard : Corporate grade anti-executable
- HMPA: Anti-exploit (mostly used for its anti-forking and keystroke encryption)
- Adguard for Desktop: Adblocker with custom filter and "stealth" features

System Recovery
- Rollback RX
- Windows Backup

 

Windows 10 64bit

Windows Firewall with Advanced Security
Windows Defender
Smartscreen & UAC
Appguard
Voodooshield Beta 3.45

Portable Zemana
Portable Emsisoft Emergency Kit
Portable Process Explorer
Portable Autoruns
Portable TCPview

 

elevation in all user accounts will be denied

there the code , you have to create a .reg file, name it like "block unsigned elevation" and double click on it, you should have a prompt then a confirmation.

Code:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000001