What is your security setup these days?

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="IsolateSandboxedIframes,EnableCsrssLockdown,EncryptedClientHello"

• Home page: https://start.duckduckgo.com/
• Search engine = DDG
• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - OISD Full + EasyPrivacy
• Share browsing data with other Windows features - disabled

Policies:

• AutomaticHttpsDefault = 2
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
• HubsSidebarEnabled - false
• CryptoWalletEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• RendererAppContainerEnabled - true
• SandboxExternalProtocolBlocked - true
• Edge3PSerpTelemetryEnabled= 0
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• Block insecure private network requests
• Parallel downloading
• Enable experimental cookie features
• Experimental QUIC protocol
• Use DNS https alpn
• Enable Back/Forward Cache
• Back-forward cache - Enabled force caching all page
• Project Robin experiment
• Automatic HTTPS
• Disable opening mhtml in IE mode from web
• Strict-Origin-Isolation
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• Enable Digital Signature for PDF
• Microsoft Edge tracking prevention
• Third-party Storage Partitioning
• New PDF Viewer
• Origin-keyed Agent Clusters by default
• Origin-keyed Processes by default
• TLS 1.3 hybridized Kyber support
• Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality

Disabled:

• FedCmWithoutThirdPartyCookies
• Show feature and workflow recommendations
• Enable system notifications
• Combine sync consent and sign in
• Allow Microsoft Search with Bing for any default search engine
• Allow preloading of pages by other applications
• Enable First-Party Sets
• Enable Drop's custom notification

Extensions:

Edge Store:

• UBO - Hard Mode with TLD's
• Video DownloadHelper

Chrome Web Store:

• SwiftDial
• Stream Recorder - download HLS as MP4
• Don't add custom search engines

 

@Sampei Nihira
Absolutely amazed by every one of your detailed descriptions.

 

Anyone knows good HTML5 video autoplay blocker for chrome? Im currently using McAfee Web Boost for chrome. Everytime when Chrome gets updated, i have to re-install MWB. And it is not maintained by McAfee any more, recent update was something like 2 years ago.
Just want to stop those stupid autoplay videos on every website i visit. Eats bandwidth, cpu time etc...

 

Using Checkpoint's Harmony Endpoint.

 

That is available for home users?

 

Yeah, their own engine, which you do not see on virustotal, is awesome.
It uses Kaspersky or Sophos for basic detection's, but when it fails it uses it own detection engine, which is absolutely powerful. I've tried to infect my system with many, many several samples.
Well..you just can't.

 

Lithify sold one license, i bought https://lithify.co.uk/buy-checkpoint/endpoint

 

It is. I bought from a reseller in ebay that sells licenses. It's fully cloud managed.

 

Very nice. Did not realize you could do that with them.

 

OS : Windows 10 LTSC 21H2, only IPV4 (**Telemetry enabled to 0, so disabled), Edge erased and never comeback during Patch Thuesday
Real-time : Microsoft Security + NextDNS system-wide + HitmanPro.Alert
On-Demand : Norton Power Eraser
Password manager : KeepassXC (mostly 2FA)
Browser : Vivaldi (personal settings) + Ublock + KeepassXC
Vpn Provider : IVPN
Maintenance : PrivacyEraser Pro + PrivaZer Pro + Dism commands
Router ISP : Only Modem enabled (no option to run-it in bridge mode) (DMZ enabled)
Router : Asus with Merlin firmware (Only IPV4 and personal tweaks

**Only Windows Entreprise version can really disabled telemetry, all others editions NOT (or you'll have to tweaks lot's of things).

 

ZoneAlarm Extreme

 

Windows Defender
Configure Defender
Windows Hybrid Hardening
Firewall Hardening
Quad 9
Malwarebytes Browser Guard

I have a lifetime license for Malwarebytes, deciding if I want to use it in this setup or not.

 

Windows 11

• Windows Firewall - Default settings
  
• Standard User Account - Default settings
• User Account Control - Default settings - Always Notify

Security Solutions

• Malwarebytes Premium - Real-time, Browser Guard not installed
  
• Sophos ScanAndClean - On-Demand
• SyncBackFree - On-Demand back-up
• Bitwarden - Free tier, credential/password repository
• Mozilla Firefox
  • Yokoffing Betterfox - FastFox and SecureFox sections of user.js
    
  • uBlock Origin - Yokoffing uBlock Origin base filters

Network Security

• AX + WPA3 (added separate AP for WPA2 older devices such as PlayStation 4, monitored)
  
• Pi-hole
  • Modules - cloudflared for DNS-over-HTTPS - Quad9 DOH
  • Filters - HaGeZi Multi Pro, Threat Intelligence Feeds, Most Abused TLDs

 

Windows 11 23H2
MS Defender | Block all unknown executables | ASR rules
Smart Application Control | On
Exploit Protection | All system settings On | Custom settings for apps
Firefox | µBO | Malwarebytes Browser Guard | https://search.disroot.org/

 

Win11 ReviOS 23.12
Windows Defender Disabled
NextDNS (HaGeZi - Multi NORMAL) or ExpressVPN
BlackFog
HitmanPro.Alert
SysHardener (Home User)
OOSU10 (Recommended)
Macrium Reflect 8
NetLimiter Firewall
Firefox Betterfox (DarkReader, uBlockOrigin)
Brave (DarkReader, Rabby)
KeePass 2.56
Process Lasso
2nd opinion scanner NPE
privaZer
sync.com

 

AtlasOS (debloated/customized windows 10)
Hard_Configurator (Recommended settings)

• ConfigureDefender (Max setting)
• FirewallHardening ( Recommended & LOLBins blacklist enabled)

Google Chrome (UBlock Orgin)
SandboxIE Classic (used to isolate multiple Chrome instances for different tasks)
SecureFolders (All drives except system drive LOCKED)

• Only Trusted Applications can access locked drives
• For convenience I use voidtools' Everything (set to trusted) to access files from within my locked drives.
  
• Locked Google Chrome directory
• Downloads Folder (no-execution)

Macrium Reflect FREE

 

Windows Defender | Block unknown executables | ASR Rules | Beta channel platform and engine updates
Brave | Brave Adblock | Malwarebytes Browser Guard Beta | Brave Search
Firefox | µBO | Malwarebytes Browser Guard | Brave Search

 

Microsoft Defender hardened with Configure Defender
WindowHybridHardeningLight
Firewall Hardening

 

AtlasOS (debloated/customized windows 10)
WindowsHybridHardening (SWH Only)
DEFENDERUI (Aggressive Profile, disabled Controlled Folder Access)
Google Chrome (UBlock Orgin)
SandboxIE Classic (used to isolate multiple Chrome instances for different tasks)
SecureFolders (All drives except system drive LOCKED)

• Only Trusted Applications can access locked drives
• For convenience I use voidtools' Everything (set to trusted) to access files from within my locked drives.
  
• Locked Google Chrome directory
• Downloads Folder (no-execution)

Macrium Reflect FREE

 

Firewall & Anti-Virus
Router NAT/SPI (Password Protected)
Windows Firewall (Malwarebytes Windows Firewall Control 6.9.9.4)
Malwarebytes Anti‑Malware Premium 5.0.17.99

Blocking/Hardening
AppGuard 6.7.107.1
HitmanPro.Alert 3.8.26 Build 979
Quad9 DNS (or Surfshark VPN Browser Extension)
User Account Control (Always Notify)

 

Tryin' to keep it simple....AVG IS and Comodo FW.

 

does this work?

 

If AVG IS and Comodo FW? Working without conflicts!
* Which one did you install first?
* Also, Comodo FW link, from where?
* And is a beta version of Comodo FW?

Why not Sandboxie Plus?
Just thinking.......

 

AME10 (Windows 10 Ameliorated)
WindowsHybridHardening
Google Chrome (UBlock Orgin)
SandboxIE Classic (used to isolate multiple Chrome instances for different tasks)
Macrium Reflect FREE