What is your security setup these days?

Win11 ReviOS 24.12
NO AV (Windows Defender Disabled)
ControlD DNS (yokoffing Basic build)
BlackFog
HitmanPro.Alert
Macrium Reflect 8
SysHardener
2nd opinion scanner (HitmanPro, NPE, Malwarebytes)
Windows-On-Reins (tweaked)
OOSU10 (Recommended)
PrivaZer
Firefox Betterfox v137.0 yokoffing (DarkReader, uBlockOrigin)
Brave (DarkReader, Rabby)
Process Lasso
QuickCPU
KeePass
sync.com
SSDFresh
HWMonitor
iCUE
Samsung Magician
Crucial Storage Executive
SteelSeries GG
TaskbarPlus
Pegasun System Utilities
PatchMyPC
Wise Game Booster
Wise Auto Shutdown
Sniffnet
Intel(R) Extreme Tuning Utility

 

Windows Defender | Platform & Engine Beta channel updates
Cloud Protection Level | Block
ASR rules
Smart App Control
Exploit Protection - all defaults enabled + custom program settings
Firewall Hardening Tool
RunBySmartscreen

Aomei Backupper Pro

Chrome
Privacy Badger
UBOL enabled "On click"

Edge
UBOL enabled "On click"

 

Now testing Vipre Advanced Security
Vipre is pretty good, uses Bitdefender SDK, like Emsisoft, GData etc...
But interesting is that Vipre does seems to use BD Cloud, because while testing it against several bazaar samples, i get "xxx.cloud.1.xxx@xxx" detections sometimes. When i run the same malware samples with Emsisoft or G Data, not detected by them.
Vipre BB is far better than Emsisoft according my testing, it's very good. It's very light on resources compared to other BD based AV solutions. One Remcos/GuLoader variant slipped thru, but blocked by Netlimiter "Blocker".
So:
+BD Cloud detections
+Very strong BB
+Very light on system resources

-Can't re-roll(disinfect) like G Data Deepray/Beast does
-IDS rules are outdated
-Vipre Firewall uses windows own firewall driver, cannot resolve IPs
-Protection service starts 30 sec after boot<--very bad

 

Very intersting

 

@moredhelfinland

In your opinion? Need some details,please!

I heard GData - re-roll(disinfect) is very slow is this true?
Also, is GData,heavy on the PC?

And which GData software would suggest to purchase? Your
opinion!
And where would you purchase GData, your thoughts?

Kind regards, Really appreciate your details and
information. On various security software!

 

@TairikuOkami

I have the results.
HTTP Request Blocker is faster and safer than the firewall rule.

Some http links ( not all) with malware executable,at least in Edge,have the ability to bypass the firewall rule.
I have not analyzed why,I don't want to risk it.
You can see in the images below:

HTTP Request Blocker:



Firewall rule:



With Firefox there is no such problem for the best block Always HTTPS":



If you want to try a test ime3.exe is online:

https://urlhaus.abuse.ch/browse.php?search=exe


P.S.

It is also interesting to note that HTTP Request Blocker blocks malicious HTTP links even before any blocking rule present in a filter list subscribed to in uBlock Origin.

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = 0x002f","0x0035","0xc013","0xc014"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• Osprey Browser Protection - Only GData + Bitdefender enabled
• Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi ULTIMATE + OISD big
• Tracking protection: Custom Protection - All cross-site cookies
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies:

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)

 

So sad that it takes all that energy.

 

Thanks very much for this comprehensive list! Where might I find the HTTP Request Blocker extension?

 

Here:

https://chromewebstore.google.com/detail/http-request-blocker/eckpjmeijpoipmldfbckahppeonkoeko

You have to enter the rule and save.
And consider that such an extension may not be necessary in other Chromium-based browsers that have better "always HTTPS" compared to Edge.

 

That is actually port 5002, not 80, http can be used for any port. I block all ports for browsers except 443.

 

In Edge, I prefer the extension that blocks the HTTP protocol regardless of the ports used.

The pattern is:

Code:

HTTP://domain:port number/malware name

It is confirmed,I did a test now blocking all ports but not 443.
It does not block some HTTP malwares that use that port.



If you want to test (I changed links because the one posted yesterday is offline today):

https://urlhaus.abuse.ch/url/3530267/

Instead, the extension blocks HTTP malware that uses port 443:

 

Thanks very much. Appreciate it.

 

Doing my annual check up with everyone here at Wilders. Just want to see if my security setup is good or if there is something either redundant or missing.

Windows 11 PRO
Hitmanpro Alert
Proton VPN
Malwarebytes Premium
Cyberlock
Zen Browser and Brave Browser

I thinking of getting OSarmor but didn't know if that would be necessary. As always, I'm pretty low knowledge on these things and would love to have any opinions or suggestions.

Thanks in advance

 

Pick one of the four, either cyberlock, OSA, HMP.A, or Malwarebytes. It's very redundant having any more than one of those four. Add a good imaging program, just in case, and you're done.

 

Thanks. Appreciate the help, as always.

 

Edge has a weak “Always HTTPS” functionality.
I decided to equip all extensions:

• uBlock Origin
• uBlock Origin Lite
• AdGuard Adblocker v.5

Of 3 rules to block http websites.
I originally wrote only one rule for uBlock Origin Lite.

Then I decided to extend the rules that to the other 2 extensions.

The rules,which coincide for uBlock Origin and AG:

Code:

http://*^$document

, have the advantage of also blocking downloads of http malwares that use port 443.
Another advantage is blocking downloads that are manually initiated in a new tab by selecting the http malware link.

HTTP malware using port 443:



uBlock Origin Lite:



AG:



uBlock Origin:



to use a legitimate HTTP website you can either place any exception or disable the extension in that website.

 

Now you have peeked my interest. Malware using IP bypassing DNS and using port 443 to bypass HTTP restriction. Maybe extensions are not that useless after all.

 

Yes,there will not be many using port 443:

https://urlhaus.abuse.ch/browse.php?search=:443

and they will almost certainly be blocked by Osprey (but not those using github.com):

https://urlhaus.abuse.ch/browse.php?search=github

but still I prefer a more radical solution.

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big + Peter Lowe
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = 0x002f","0x0035","0xc013","0xc014"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Parallel downloading
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• Osprey Browser Protection - GData + Norton + Quad9
• Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)
• uBlock Origin Lite - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi ULTIMATE + OISD big + Peter Lowe
• Tracking protection: Custom Protection - All cross-site cookies
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies:

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Osprey Browser Protection GData + Norton + Quad9
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)

 

I'm back with another novice question. I read on here about DefenderUI and wanted to try it out. My question is a two parter.

One, if I go with DefenderUI, do I need Malwarebytes?

Second, what are the settings I should use on DefenderUI to get the best protection.

Right now, here is my setup.

Hitmanpro Alert
OSArmor
Zen or Brave Browser
Windows 11 Pro
DefenderUI
Macirum Reflect
Proton VPN

Anything I should add or subtract from that setup?

 

No, no you don't. Just image semi-regularly and you're good.

I usually go with Max, minus age restrictions.

You don't need HMP.A with OSArmor. Pick one or the other, but I don't think you need either one with DefenderUI + Reflect

 

Thanks. What do you think of Norton 360 anti virus software? I can get a free license from a friend and was wondering if it's really that good. I know a long time ago, it seemed Norton was something of a laughing stock.

 

You can always add whatever you want to, but it's not needed. I personally won't add it, or HMP.A or Malwarebytes, or anything else. With OSA and Reflect plus DefenderUI you're good.

 

Trellix Endpoint, the best i've used, but the worst to configure.
Took me 3 days to fully configure to it on my system and it was worth it.
Epecially DAC(sandbox) of it, kills zero day malware rats connecting outside instantly.