What is your security setup these days?

Wow, shocking stuff.

But why not use a default-deny firewall? It's not just powershell.exe that should be blocked from connecting out, how about blocking ALL processes except for trusted apps that actually need network access in order to function? And of course, auto-update should never be used. And Sophos Home blocked it because it has behavioral monitoring against infostealers, so no cloud signature is required.

Yes, this doesn't surprise me since it will block many system processes that are often abused from being launched.

 

Main Set-up
Sphinx FireWall + AppGuard Solo + KeyScrambler Premium + DeepFreeze

Testing
Sphinx FireWall + Faronics Anti-Executable + ShadowDefender

Occasional Scan
Emsisoft EEK + Eset Online + Sophos Scan and Clean + DrWeb Cureit

 

Sphinx Firewall, Appguard Solo, OSArmor, SysHardener, Mbam, incontrol. And a VPN.

 

Sphinx Firewall
AppGuard Solo
ShadowDefender
Mullvad VPN

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Scareware Blocker enabled
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = 0x002f","0x0035","0xc013","0xc014"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ShowDownloadsInsecureWarningsEnabled = true
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Custom Protection - All cross-site cookies
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = 0x002f","0x0035","0xc013","0xc014"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• HTTP Request Blocker - http://*/
  Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Custom Protection - All cross-site cookies
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)

 

Windows 11 24H2

Backup: Macrium Reflect
Antimalware: Eset Nod32 Antivirus
Content blocker: uBlock Origin

On demand scanners: HitmanPro, Norton Power Eraser

 

Changes day to day whatever mood I'm in as far as firewalls .
VPN, Appguard, OSAmor, SysHardner are keepers.

 

On my old PC, still what's on my signature.
Just got my first macbook air (ever), and I installed Malwarebytes and NordVPN, + KeepassXC. I guess I will go for lockdown mode.

 

I solved my problem in Edge to block HTTP malware (without URL scanning).
HTTPS malware have a high blocking rate at the DNS level from my filter lists + security settings.

I show you an image of a blocked HTTP malware:

https://ibb.co/Wd0MPgj

https malware blocked by NextDNS:

https://ibb.co/VpH661fz

This precaution is not necessary with Firefox.

P.S.

In the next few days I have to check,in order to adopt it definitely,whether this MV3 extension affects the browsing speed.

 

Hi
W10 pro x64 22H2 and w11 pro 24h2

broswer -> firefox ublock origin
backup R-Drive Image 7 and Syncovery
antivirus kaspersky , in the past eset
on demand malwarebytes
Cloudflare DNS or Quad9 DNS

does somebody use brave ?


@Sampei Nihira
hi
i really liked your list
have you taken in consideration a sort of tutorial how do it?
for example like #42506 ,tools used a sort of step by step , could be really amazing for many users,in short you don't use antivirus
thanks

 

Hi.
Tutorial?
No,no.....yet my wife says I spend too much time on the PC.....
And if I continue like this galloping atherosclerosis is certain.

 

Why do not you block port 80 for browsers, hardly any webpages need that these day, but malware still loves it. I block it for all essential apps to prevent leakage.

Spoiler

Code:

netsh advfirewall firewall add rule name="Brave TCP" dir=out action=block protocol=TCP remoteport=1-442,444-5227,5229-65535 program="%LocalAppData%\BraveSoftware\Brave-Browser\Application\brave.exe"
netsh advfirewall firewall add rule name="Brave UDP" dir=out action=block protocol=UDP remoteport=1-442,444-65535 program="%LocalAppData%\BraveSoftware\Brave-Browser\Application\brave.exe"
netsh advfirewall firewall add rule name="Edge TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe"
netsh advfirewall firewall add rule name="Edge UDP" dir=out action=block protocol=UDP program="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe"
netsh advfirewall firewall add rule name="LibreWolf TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%ProgramFiles%\LibreWolf\librewolf.exe"
netsh advfirewall firewall add rule name="LibreWolf UDP" dir=out action=block protocol=UDP program="%ProgramFiles%\LibreWolf\librewolf.exe"
netsh advfirewall firewall add rule name="OneDrive TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%ProgramFiles%\Microsoft OneDrive\OneDrive.exe"
netsh advfirewall firewall add rule name="IceDrive TCP" dir=out action=block protocol=TCP remoteport=1-442,444-65535 program="%LocalAppData%\Temp\IcedrivePortable\Icedrive.exe"

 

Yes it would have been possible if I didn't have to use some link where the initial login account is always HTTP.
So the extension is more comfortable in this case.

 

Hello. To my best understanding, this line I quote, means all ports are blocked except 443 and 5228, correct?
TIA

 

You can temporarily disable the rule or preferably use a portable or a different browser for insecure browsing, with separate caches, extensions, etc.

Yes, Google account uses port 5228 for sync, it is also the only browser I allow UDP as well, since I use QUIC for youtube.

 

So how do you configure the Allow rule to make Brave actually connect?
TIA