What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,962
    Location:
    USA
    Good question re Macrium. I was running an extremely outdated version, and wanted to try something else for a while (SyncBack). Sometimes MR seems a bit beyond my full understanding. I imagine I will return to MR at some point.
     
  2. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,162
    Blah...

    Comodo FW, ublock, backups...
     
  3. Oldie1950

    Oldie1950 Registered Member

    Joined:
    Feb 24, 2022
    Posts:
    100
    Location:
    Deutschland
    F-Secure Internet Security, uBlock Origin, Macrium Reflect
     
  4. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    725
    Location:
    Milan, Italia
    Windows 11 Pro 23H2

    Standard User Account
    Microsoft Defender - Block all unknown executables | All ASR rules
    Smart App Control
    Max Exploit Protection settings
    Firefox | µBO
    Brave | Shields
    Aomei Backupper Pro + Windows built-in
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,056
    Location:
    The Netherlands
  6. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    399
    Location:
    Finland
    @Rasheed187
    Beefed up yeah, the best i've ever used protection wise. It's their engine you won't see on Virustotal, because it's their own "engine".
    You will see those "zonealarm" crap stuff. But their so called "in-house" engine detection names are interesting. Its based on kaspersky/or sophos, but their internal ML engine is just sickenly, GOOD.
    Or ist it? Well, OSA blocks a lot "suspious process blocked", while Sophos ML still analysin(background dmg is done already). OSA is very good, reacts fast and stops the fkers.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
    W.10 Home x64 22H2
    Local Account - Standard user - Limited permissions
    UAC maximum - Always notify
    Cloudflare DNS
    Onedrive,Cortana,Advertising ID,Web Search - disabled
    Usage of location data for Cortana disabled
    Telemetry OFF
    Removed some Windows optional features.

    Microsoft Defender Firewall hardened with H_C.
    Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

    • Ransomware protection - disabled
    • No run in a sandbox
    • Core Isolation: Memory integrity - disabled
    • Some softwares hardened with maximum AE protection
    • All Windows Exploit Protection options - enabled

    MS Edge --disable-webgl --no-pings --enable-features=IsolateSandboxedIframes

    • Home page: https://start.duckduckgo.com/
    • Search engine = DDG
    • Enabled Security Mitigations - Strict
    • Detection Protection - Strict
    • Clipboard permissions - blocked
    • Next DNS DOH - OISD Full + EasyPrivacy
    • Share browsing data with other Windows features - disabled
    Policies:
    • AutomaticHttpsDefault = 2
    • DnsOverHttpsMode = secure
    • DnsOverHttpsTemplates = Next DNS
    • TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
    • HubsSidebarEnabled - false
    • CryptoWalletEnabled - false
    • SyncDisabled - true
    • AudioSandboxEnabled - true
    • NetworkServiceSandboxEnabled - true
    • Edge3PSerpTelemetryEnabled= 0
    • ExtensionManifestV2Availability= 2
    • WebWidgetAllowed - false

    Edge://flags:

    Enabled:

    • Block scripts loaded via document.write
    • TLS 1.3 Early Data
    • Block insecure private network requests.
    • Parallel downloading
    • Show block option in autoplay settings
    • Enable Back/Forward Cache
    • Experimental Tracking Prevention Features
    • Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality
    • Project Robin experiment
    • Enable Digital Signature for PDF
    • New PDF Viewer
    • Strict-Origin-Isolation
    • Back-forward cache - Enabled force caching all page
    • Third-party Storage Partitioning
    • Origin-keyed Agent Clusters by default
    • Origin-keyed Processes by default
    Disabled:
    • Allow Microsoft Search with Bing for any default search engine
    • Enable Drop's custom notification
    Extensions:

    Edge Store:

    • UBO - Hard Mode with TLD's
    • Video DownloadHelper
    Chrome Web Store:
    • SwiftDial
    • Stream Recorder - download HLS as MP4
    • Don't add custom search engines
     
    Last edited: May 6, 2024
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,056
    Location:
    The Netherlands
    Actually, it seems to be more than a beefed up version of ZoneAlarm. I wonder how you can even run Harmony Endpoint on your PC since it's meant for corporations? And yes, OSA should at least in theory be a very good tool to block more advanced malware attacks, since it's capable to block so called LOLbins.

    https://www.checkpoint.com/harmony/endpoint/
    https://github.com/LOLBAS-Project/LOLBAS
    https://lolbas-project.github.io
     
  9. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    399
    Location:
    Finland
    @Rasheed187
    You just need to find a reseller(partner), that sells Check Point Harmony Endpoint(or eset protect, deepinstinct, sophos intercept-x, trend micro etc) 1 year/1 PC subscription.
    And yes, it's another story if it "wise" to buy corporate security solution(EDR/XDR) for one PC. :)
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,056
    Location:
    The Netherlands
    Yes, but how does it perform on your PC? I mean does it work without the cloud, and the EDR won't work either no?
     
  11. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    399
    Location:
    Finland
    @Rasheed187
    Performance wise, its of course varies what component(s) you want to install. If you enable full "threat hunting" analysis, it will use more horsepower.
    For example, if you run something like "redlinestealer", it even records a video and makes in-depth analysis. And of course, especially on corporate networks, you will need comprehensive analysis what/who caused that "malware" infection.
    It uses Sophos or Kaspersky SDK, something like ZoneAlarm uses Kaspersky SDK and Spyshelter uses Sophos SDK. Or course it does not use Sophos ML nor Kaspersky ML. But their in-house "av" engine is stunning. You wont that engine in VT.
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
    W.10 Home x64 22H2
    Local Account - Standard user - Limited permissions
    UAC maximum - Always notify
    Cloudflare DNS
    Onedrive,Cortana,Advertising ID,Web Search - disabled
    Usage of location data for Cortana disabled
    Telemetry OFF
    Removed some Windows optional features.

    Microsoft Defender Firewall hardened with H_C.
    Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

    • Ransomware protection - disabled
    • No run in a sandbox
    • Core Isolation: Memory integrity - disabled
    • Some softwares hardened with maximum AE protection
    • All Windows Exploit Protection options - enabled

    MS Edge --disable-webgl --no-pings --enable-features=IsolateSandboxedIframes

    • Home page: https://start.duckduckgo.com/
    • Search engine = DDG
    • Enabled Security Mitigations - Strict
    • Detection Protection - Strict
    • Clipboard permissions - blocked
    • Next DNS DOH - OISD Full + EasyPrivacy
    • Share browsing data with other Windows features - disabled
    Policies:
    • AutomaticHttpsDefault = 2
    • DnsOverHttpsMode = secure
    • DnsOverHttpsTemplates = Next DNS
    • TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c"
    • HubsSidebarEnabled - false
    • CryptoWalletEnabled - false
    • SyncDisabled - true
    • AudioSandboxEnabled - true
    • NetworkServiceSandboxEnabled - true
    • Edge3PSerpTelemetryEnabled - false
    • AllowSurfGame - false
    • ExtensionManifestV2Availability= 2
    • WebWidgetAllowed - false
    • ShowRecommendationsEnabled - false
    • ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]

    Edge://flags:

    Enabled:

    • Block scripts loaded via document.write
    • TLS 1.3 Early Data
    • Block insecure private network requests.
    • Parallel downloading
    • Show block option in autoplay settings
    • Enable Back/Forward Cache
    • Experimental Tracking Prevention Features
    • Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality
    • Project Robin experiment
    • Enable Digital Signature for PDF
    • New PDF Viewer
    • Strict-Origin-Isolation
    • Back-forward cache - Enabled force caching all page
    • Third-party Storage Partitioning
    • Origin-keyed Agent Clusters by default
    • Origin-keyed Processes by default
    Disabled:
    • Allow Microsoft Search with Bing for any default search engine
    • Enable Drop's custom notification
    Extensions:

    Edge Store:

    • UBO - Hard Mode with TLD's
    • Video DownloadHelper
    Chrome Web Store:
    • SwiftDial
    • Stream Recorder - download HLS as MP4
     
    Last edited: May 14, 2024
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,056
    Location:
    The Netherlands
    OK thanks, so you can install only certain components. I guess you have only installed the behavior blocker combined with AV? And I didn't know that SpyShelter 15 used the Sophos AV engine.
     
  14. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,237
    Location:
    Canada
    Built in Windows security augmented with Configure Defender, Firewall Hardening and Windows Hybrid Hardening Light.
     
  15. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,564
    Location:
    Flat Earth Matrix
    • Real-time security
    Binisoft WFC & NextDNS (DoH) - Blocked all TLDs except a select few
    • About custom security
    Disabled IPv6, Powershell, Telemetry, WSH, some services. Blocked ports 53/80. Microsoft Defender Disable + Windows Setup 1 + Windows Setup 2 + Windows Tweaks
    Code:
    https://github.com/TairikuOokami/Windows
    • Browser(s) and extensions
    Brave with ECH for Google/YouTube
    LibreWolf with ECH for Facebook
    Microsoft Edge with eSNI
    Bitwarden (free password manager)
    Bonjourr · Minimalist Startpage (to show the time and the day of the week)
    I don't care about cookies (get rid of cookie warnings from some websites)
    Simple Translate (select text to translate instantly in a popup)
    rem Disabled
    rem edge://flags/#allow-all-sites-to-initiate-mirroring
    rem edge://flags/#edge-compose
    rem edge://flags/#edge-drop
    rem edge://flags/#edge-omnibox-ui-hide-steady-state-url-scheme
    rem edge://flags/#edge-omnibox-ui-hide-steady-state-url-trivial-subdomains
    rem edge://flags/#edge-optin-experimentation
    rem edge://flags/#edge-rounded-containers
    rem edge://flags/#edge-screenshot
    rem edge://flags/#edge-split-screen
    rem edge://flags/#edge-visual-rejuv-rounded-tabs
    rem edge://flags/#enable-force-dark
    rem edge://flags/#enable-quic
    rem edge://flags/#enable-touch-drag-drop
    rem edge://flags/#enable-windows-gaming-input-data-fetcher
    rem edge://flags/#media-route-dial-provider
    rem edge://flags/#media-router-cast-allow-all-ips
    rem edge://flags/#tab-hover-card-images

    rem Enabled
    rem edge://flags/#block-insecure-private-network-requests
    rem edge://flags/#disallow-doc-written-script-loads
    rem edge://flags/#edge-autoplay-user-setting-block-option
    rem edge://flags/#edge-digsig-enabled-pdf
    rem edge://flags/#edge-post-quantum-kyber
    rem edge://flags/#enable-tls13-early-data
    rem edge://flags/#enable-tls13-kyber
    rem edge://flags/#origin-agent-cluster-default
    rem edge://flags/#origin-keyed-processes-by-default
    rem edge://flags/#strict-origin-isolation
    rem edge://flags/#test-third-party-cookie-phaseout
    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------

    rem edge://policy

    rem reg delete "HKCU\Software\Policies\Microsoft\Edge" /f
    rem reg delete "HKLM\Software\Policies\Microsoft\Edge" /f

    rem ________________________________________________________________________________________
    rem 1 - Allow users to access the games menu
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AllowGamesMenu" /t REG_DWORD /d "0" /f

    rem 1 - Allow the audio sandbox to run
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AudioSandboxEnabled" /t REG_DWORD /d "1" /f

    rem 1 - Compose is enabled for writing on the web
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ComposeInlineEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Enables CryptoWallet feature
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "CryptoWalletEnabled" /t REG_DWORD /d "0" /f

    rem 1 - AllowJavaScriptJit / 2 - BlockJavaScriptJit (Do not allow any site to run JavaScript JIT)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultJavaScriptJitSetting" /t REG_DWORD /d "0" /f

    rem 1 - Allow users to open files using the DirectInvoke protocol
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DirectInvokeEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Disable taking screenshots
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DisableScreenshots" /t REG_DWORD /d "1" /f

    rem 1 - DNS interception checks enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DNSInterceptionChecksEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Drop lets users send messages or files to themselves
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeEDropEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allows the Microsoft Edge browser to enable Follow service and apply it to users
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeFollowEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Microsoft Edge will attempt to connect to the Microsoft Edge management service to download and apply policy assigned to the Azure AD account of the user
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeManagementEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Captures the searches user does on third party search providers
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "Edge3PSerpTelemetryEnabled" /t REG_DWORD /d "0" /f

    rem 1 - If you enable this policy, users will be able to access the Microsoft Edge Workspaces feature
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeWorkspacesEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow Google Cast to connect to Cast devices on all IP addresses (Multicast), Edge trying to connect to 239.255.255.250 via UDP port 1900
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EnableMediaRouter" /t REG_DWORD /d "0" /f

    rem The Experimentation and Configuration Service is used to deploy Experimentation and Configuration payloads to the client / 0 - RestrictedMode / 1 - ConfigurationsOnlyMode / 2 - FullMode
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ExperimentationAndConfigurationServiceControl" /t REG_DWORD /d "0" /f

    rem 1 - Allows Microsoft Edge to prompt the user to switch to the appropriate profile when Microsoft Edge detects that a link is a personal or work link
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "GuidedSwitchEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Hide restore pages dialog after browser crash
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "HideRestoreDialogEnabled" /t REG_DWORD /d "1" /f

    rem 1 - Show Hubs Sidebar
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "HubsSidebarEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Enable the Designer for Image Editor feature
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ImageEditorServiceEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Enable Grammar Tools feature within Immersive Reader
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ImmersiveReaderGrammarToolsEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Enable Picture Dictionary feature within Immersive Reader
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ImmersiveReaderPictureDictionaryEnabled" /t REG_DWORD /d "0" /f

    rem 0 -InPrivate mode available / 1 - disabled / 2 - forced
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "InPrivateModeAvailability" /t REG_DWORD /d "1" /f

    rem 1 - Allow sites to be reloaded in Internet Explorer mode (IE mode)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "InternetExplorerIntegrationReloadInIEModeAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Shows content promoting the Microsoft Edge Insider channels on the About Microsoft Edge settings page
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEdgeInsiderPromotionEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Mouse Gesture Enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MouseGestureEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Microsoft Edge built-in PDF reader powered by Adobe Acrobat enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewPDFReaderEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Hide the default top sites from the new tab page
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageHideDefaultTopSites" /t REG_DWORD /d "1" /f

    rem 1 - Enable QR Code Generator
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QRCodeGeneratorEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow QUIC protocol
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QuicAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Enable Read Aloud feature in Microsoft Edge
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ReadAloudEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Configure Related Matches in Find on Page, the results are processed in a cloud service
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RelatedMatchesCloudServiceEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow remote debugging
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RemoteDebuggingAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Launches Renderer processes into an App Container for additional security benefits
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "RendererAppContainerEnabled" /t REG_DWORD /d "1" /f

    rem 0 - Enable search in sidebar / 1 - DisableSearchInSidebarForKidsMode / 2 - DisableSearchInSidebar
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchInSidebarEnabled" /t REG_DWORD /d "2" /f

    rem 1 - Search for image enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchForImageEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow screen capture
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ScreenCaptureAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Allow notifications to set Microsoft Edge as default PDF reader
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowPDFDefaultRecommendationsEnabled" /t REG_DWORD /d "0" /f

    rem 1 - The policy can be used to prevent users from opting out of the default behavior of isolating all sites
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SitePerProcess" /t REG_DWORD /d "1" /f

    rem 1 - Allow Speech Recognition
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SpeechRecognitionEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Users can drag a link, or text on a webpage
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SuperDragDropEnabled" /t REG_DWORD /d "0" /f

    rem 1 - URL reporting in Edge diagnostic data enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "UrlDiagnosticDataEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Edge User Data Profile Location
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "UserDataDir" /t REG_SZ /d "Z:\Edge\User Data" /f

    rem 1 - Allow video capture
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "VideoCaptureAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Wallet Donation Enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "WalletDonationEnabled" /t REG_DWORD /d "0" /f

    rem 1 - DNS-based WPAD optimization (Web Proxy Auto-Discovery)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "WPADQuickCheckEnabled" /t REG_DWORD /d "0" /f

    rem 0 - Prevent Desktop Shortcut creation upon install default
    reg add "HKLM\Software\Policies\Microsoft\EdgeUpdate" /v "CreateDesktopShortcutDefault" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\EdgeUpdate" /v "CreateDesktopShortcut{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\EdgeUpdate" /v "RemoveDesktopShortcutDefault" /t REG_DWORD /d "1" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ..................................... Appearances ......................................

    rem 0 - Show share button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ConfigureShare" /t REG_DWORD /d "1" /f

    rem 1 - Show Collections button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeCollectionsEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Show favorites bar
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "FavoritesBarEnabled" /t REG_DWORD /d "1" /f

    rem 1 - Show Math Solver button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MathSolverEnabled" /t REG_DWORD /d "0" /f

    rem 1 - The performance detector detects tab performance issues and recommends actions to fix the performance issues
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PerformanceDetectorEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Pin browser essentials toolbar button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PinBrowserEssentialsToolbarButton" /t REG_DWORD /d "0" /f

    rem 1 - Show mini menu when selecting text
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QuickSearchShowMiniMenu" /t REG_DWORD /d "0" /f

    rem 1 - Always show the Downloads button on the toolbar
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowDownloadsToolbarButton" /t REG_DWORD /d "1" /f

    rem 1 - Show home button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowHomeButton" /t REG_DWORD /d "0" /f

    rem 1 - Show feedback button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "UserFeedbackAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Show tab actions menu (Show vertical tabs)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "VerticalTabsAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Show web capture button
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "WebCaptureEnabled" /t REG_DWORD /d "0" /f

    rem ________________________________________________________________________________________
    rem 1 - Enables background updates to the list of available templates for Collections and other features that use templates
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BackgroundTemplateListUpdatesEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Enable the Search bar
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchbarAllowed" /t REG_DWORD /d "0" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem .............................. Cookies and site permissions ............................

    rem PDF Documents
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AlwaysOpenPdfExternally" /t REG_DWORD /d "1" /f

    rem Ads setting for sites with intrusive ads / 1 - Allow ads on all sites / 2 - Block ads on sites with intrusive ads. (Default value)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AdsSettingForIntrusiveAdsSites" /t REG_DWORD /d "1" /f

    rem Clipboard / 2 - BlockClipboard / 3 - AskClipboard
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultClipboardSetting" /t REG_DWORD /d "2" /f

    rem File Editing / 2 - BlockFileSystemRead / 3 - AskFileSystemRead
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultFileSystemReadGuardSetting" /t REG_DWORD /d "2" /f

    rem File Editing / 2 - BlockFileSystemWrite / 3 - AskFileSystemWrite
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultFileSystemWriteGuardSetting" /t REG_DWORD /d "2" /f

    rem Location / 1 - AllowGeolocation / 2 - BlockGeolocation / 3 - AskGeolocation
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultGeolocationSetting" /t REG_DWORD /d "2" /f

    rem Insecure Content / 2 - BlockInsecureContent / 3 - AllowExceptionsInsecureContent
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultInsecureContentSetting" /t REG_DWORD /d "2" /f

    rem Notifications / 1 - AllowNotifications / 2 - BlockNotifications / 3 - AskNotifications
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultNotificationsSetting" /t REG_DWORD /d "2" /f

    rem Motion or light sensors / 1 - AllowSensors / 2 - BlockSensors
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultSensorsSetting" /t REG_DWORD /d "2" /f

    rem Serial ports / 2 - BlockSerial / 3 - AskSerial
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultSerialGuardSetting" /t REG_DWORD /d "2" /f

    rem USB Devices / 2 - BlockWebUsb / 3 - AskWebUsb
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultWebUsbGuardSetting" /t REG_DWORD /d "2" /f

    rem ________________________________________________________________________________________
    rem 1 - Allow audio capture
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AudioCaptureAllowed" /t REG_DWORD /d "0" /f

    rem Bluetooth / 2 - BlockWebBluetooth / 3 - AskWebBluetooth
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultWebBluetoothGuardSetting" /t REG_DWORD /d "2" /f

    rem Access to HID devices via the WebHID API / 2 - BlockWebHid / 3 - AskWebHid
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DefaultWebHidGuardSetting" /t REG_DWORD /d "2" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ...................................... Downloads .......................................

    rem Set download directory
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DownloadDirectory" /t REG_SZ /d "Z:\Desktop" /f

    rem 1 - Ask me what to do with each download (Ignored when download directory is set)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PromptForDownloadLocation" /t REG_DWORD /d "1" /f

    rem 1 - Open Office files in the browser
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "QuickViewOfficeFilesEnabled" /t REG_DWORD /d "0" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ..................................... Extensions .......................................

    rem 1 - Allow extensions from other stores
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ControlDefaultStateOfAllowExtensionFromOtherStoresSettingEnabled" /t REG_DWORD /d "0" /f

    rem 1 - DeveloperToolsAllowed / 2 - DeveloperToolsDisallowed (Don't allow using the developer tools)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DeveloperToolsAvailability" /t REG_DWORD /d "2" /f

    rem ________________________________________________________________________________________
    rem 1 - Blocks external extensions from being installed
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BlockExternalExtensions" /t REG_DWORD /d "1" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ...................................... Languages .......................................

    rem 1 - Enable spellcheck
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SpellcheckEnabled" /t REG_DWORD /d "1" /f

    rem 1 - Offer to translate pages that aren't in a language I read
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TranslateEnabled" /t REG_DWORD /d "0" /f

    rem ________________________________________________________________________________________
    rem 1 - The Microsoft Editor service provides enhanced spell and grammar checking for editable text fields on web pages
    rem https://www.bleepingcomputer.com/ne...et-your-passwords-via-web-browsers-spellcheck
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEditorProofingEnabled" /t REG_DWORD /d "0" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MicrosoftEditorSynonymsEnabled" /t REG_DWORD /d "0" /f

    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ..................................... New tab page .....................................

    rem Page Layout / 1 - DisableImageOfTheDay / 2 - DisableCustomImage / 3 - DisableAll
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageAllowedBackgroundTypes" /t REG_DWORD /d "1" /f

    rem 1 - Allow Microsoft News content on the new tab page
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageContentEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Preload the new tab page for a faster experience
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPagePrerenderEnabled" /t REG_DWORD /d "0" /f

    rem ________________________________________________________________________________________
    rem 1 - Hide the default top sites from the new tab page
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageHideDefaultTopSites" /t REG_DWORD /d "1" /f

    rem 1 - Allow quick links on the new tab page
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageQuickLinksEnabled" /t REG_DWORD /d "0" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ....................................... Personal .......................................

    rem 1 - Add profile
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BrowserAddProfileEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Browse as guest
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BrowserGuestModeEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow users to configure Family safety and Kids Mode
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "FamilySafetySettingsEnabled" /t REG_DWORD /d "0" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ............................ Privacy, search, and services .............................

    rem 1 - Suggest similar sites when a website can't be found
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AlternateErrorPagesEnabled" /t REG_DWORD /d "0" /f

    rem Automatically switch to more secure connections with Automatic HTTPS / 0 - Disabled / 1 - Switch to supported domains / 2 - Always
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutomaticHttpsDefault" /t REG_DWORD /d "2" /f

    rem 1 - Clear browsing data when Microsoft Edge closes
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ClearBrowsingDataOnExit" /t REG_DWORD /d "1" /f

    rem 1 - Clear cached images and files when Microsoft Edge closes
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ClearCachedImagesAndFilesOnExit" /t REG_DWORD /d "1" /f

    rem edge://settings/siteData
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "0" /t REG_SZ /d "[*.]ntp.msn.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "1" /t REG_SZ /d "[*.]account.samsung.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "2" /t REG_SZ /d "[*.]alza.sk" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "3" /t REG_SZ /d "[*.]adnxs.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "4" /t REG_SZ /d "[*.]deviantart.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "5" /t REG_SZ /d "[*.]discord.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "6" /t REG_SZ /d "[*.]duckduckgo.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "7" /t REG_SZ /d "[*.]elevenforum.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "8" /t REG_SZ /d "[*.]tesco.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "9" /t REG_SZ /d "[*.]fio.sk" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "10" /t REG_SZ /d "[*.]forums.mydigitallife.net" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "11" /t REG_SZ /d "[*.]github.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "12" /t REG_SZ /d "[*.]heureka.sk" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "13" /t REG_SZ /d "[*.]hoyolab.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "14" /t REG_SZ /d "[*.]hoyoverse.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "15" /t REG_SZ /d "[*.]imdb.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "16" /t REG_SZ /d "[*.]isthereanydeal.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "17" /t REG_SZ /d "[*.]itesco.sk" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "18" /t REG_SZ /d "[*.]malwaretips.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "19" /t REG_SZ /d "[*.]mlpforums.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "20" /t REG_SZ /d "[*.]myanimelist.net" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "21" /t REG_SZ /d "[*.]nextdns.io" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "22" /t REG_SZ /d "[*.]mbank.sk" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "23" /t REG_SZ /d "[*.]pcforum.sk" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "24" /t REG_SZ /d "[*.]poniverse.net" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "25" /t REG_SZ /d "[*.]primevtc.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "26" /t REG_SZ /d "[*.]roextended.ro" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "27" /t REG_SZ /d "[*.]softpedia.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "28" /t REG_SZ /d "[*.]steamcommunity.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "29" /t REG_SZ /d "[*.]steampowered.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "30" /t REG_SZ /d "[*.]tenforums.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "31" /t REG_SZ /d "[*.]truckersmp.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "32" /t REG_SZ /d "[*.]twitch.tv" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "33" /t REG_SZ /d "[*.]vk.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "34" /t REG_SZ /d "[*.]wilderssecurity.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "35" /t REG_SZ /d "[*.]goodreads.com" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SaveCookiesOnExit" /v "36" /t REG_SZ /d "[*.]ce-tescoassets.com" /f

    rem Diagnostic Data / 0 - Off / 1 - RequiredData / 2 - OptionalData
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DiagnosticData" /t REG_DWORD /d "0" /f

    rem Enhance the security state in Microsoft Edge / 0 - Standard mode / 1 - Balanced mode / 2 - Strict mode
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EnhanceSecurityMode" /t REG_DWORD /d "2" /f

    rem Search on new tabs uses search box or address bar / redirect - address bar / bing - search box
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NewTabPageSearchBox" /t REG_SZ /d "redirect" /f

    rem 1 - Use a web service to help resolve navigation errors
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ResolveNavigationErrorsUseWebService" /t REG_DWORD /d "0" /f

    rem 1 - Show me search and site suggestions using my typed characters
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SearchSuggestEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Turn on site safety services to get more info about the sites you visit
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SiteSafetyServicesEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Suggest group names when creating a new tab group
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TabServicesEnabled" /t REG_DWORD /d "0" /f

    rem Tracking prevention / 0 - Off / 1 - Basic / 2 - Balanced / 3 - Strict
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TrackingPrevention" /t REG_DWORD /d "0" /f

    rem 1 - Typosquatting Checker (just sending what you type to MS)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "TyposquattingCheckerEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Visual search (sending what you are looking at to MS)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "VisualSearchEnabled" /t REG_DWORD /d "0" /f

    rem ________________________________________________________________________________________
    rem Enable Microsoft Search in Bing suggestions in the address bar
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AddressBarMicrosoftSearchInBingProviderEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow users to bypass Enhanced Security Mode
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EnhanceSecurityModeAllowUserBypass" /t REG_DWORD /d "0" /f

    rem Force the default Search engine and Prevent adding custom search engines
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ManagedSearchEngines" /t REG_SZ /d "[{\"allow_search_engine_discovery\":false},{\"is_default\":true,\"name\":\"DuckDuckGo\",\"keyword\":\"duckduckgo.com\",\"search_url\":\"https://duckduckgo.com/?q={searchTerms}\",\"suggest_url\":\"https://www.duckduckgo.com/qbox?query={searchTerms}\",\"image_search_url\":\"https://www.duckduckgo.com/images/detail/search?iss=sbiupload\"}]" /f

    rem Allow personalization of ads, Microsoft Edge, search, news and other Microsoft services by sending browsing history, favorites and collections, usage and other browsing data to Microsoft
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PersonalizationReportingEnabled" /t REG_DWORD /d "0" /f

    rem Enable full-tab promotional content
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PromotionalTabsEnabled" /t REG_DWORD /d "0" /f

    rem Allow recommendations and promotional notifications from Microsoft Edge
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowRecommendationsEnabled" /t REG_DWORD /d "0" /f

    rem Choose whether users can receive customized background images and text, suggestions, notifications, and tips for Microsoft services)
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SpotlightExperiencesAndRecommendationsEnabled" /t REG_DWORD /d "0" /f

    rem Use secure DNS (DoH)
    rem reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BuiltInDnsClientEnabled" /t REG_DWORD /d "1" /f
    rem reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DnsOverHttpsMode" /t REG_SZ /d "secure" /f
    rem reg add "HKLM\Software\Policies\Microsoft\Edge" /v "DnsOverHttpsTemplates" /t REG_SZ /d "https://security.cloudflare-dns.com/dns-query?" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ...................................... Profiles ........................................

    rem 1 - Save and fill personal info
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutofillAddressEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Save and fill payment info
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AutofillCreditCardEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Let users compare the prices of a product they are looking at, get coupons or rebates from the website they're on
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EdgeShoppingAssistantEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Forces data synchronization in Microsoft Edge. This policy also prevents the user from turning sync off.
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ForceSync" /t REG_DWORD /d "1" /f

    rem If you enable this policy all the specified data types will be included for synchronization
    reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "1" /t REG_SZ /d "extensions" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "2" /t REG_SZ /d "favorites" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\ForceSyncTypes" /v "3" /t REG_SZ /d "settings" /f

    rem If you enable this policy all the specified data types will be excluded from synchronization
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "1" /t REG_SZ /d "addressesAndMore" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "2" /t REG_SZ /d "apps" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "3" /t REG_SZ /d "collections" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "4" /t REG_SZ /d "edgeWallet" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "5" /t REG_SZ /d "history" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "6" /t REG_SZ /d "openTabs" /f
    reg add "HKLM\Software\Policies\Microsoft\Edge\SyncTypesListDisabled" /v "7" /t REG_SZ /d "passwords" /f

    rem 1 - Disable Share Microsoft Edge Browsing Data with other Windows Features
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "LocalBrowserDataShareEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Suggest strong passwords
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordGeneratorEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Offer to save passwords
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordManagerEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Show alerts when passwords are found in an online leak
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordMonitorAllowed" /t REG_DWORD /d "0" /f

    rem 1 - Show the "Reveal password" button in password fields
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PasswordRevealEnabled" /t REG_DWORD /d "0" /f

    rem Sign in: / 0 - Automatically / 1 - With device password
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "PrimaryPasswordSetting" /t REG_DWORD /d "0" /f

    rem 1 - Show Microsoft Rewards experience and notifications
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "ShowMicrosoftRewards" /t REG_DWORD /d "0" /f

    rem ________________________________________________________________________________________
    rem 1 - Single sign-on for work or school sites using this profile enabled
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "AADWebSiteSSOUsingThisProfileEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Allow single sign-on for Microsoft personal sites using this profile
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "MSAWebSiteSSOUsingThisProfileAllowed" /t REG_DWORD /d "0" /f

    rem Configure the list of domains where Microsoft Edge should disable the password manager
    rem reg add "HKLM\Software\Policies\Microsoft\Edge\PasswordManagerBlocklist" /v "1" /t REG_SZ /d "https://steamcommunity.com" /f
    rem reg add "HKLM\Software\Policies\Microsoft\Edge\PasswordManagerBlocklist" /v "2" /t REG_SZ /d "https://store.steampowered.com" /f


    rem =================================== Windows Policies ===================================
    rem ------------------------------------ Microsoft Edge ------------------------------------
    rem ................................ System and performance ................................

    rem 1 - Continue running background apps when Microsoft Edge is closed
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "BackgroundModeEnabled" /t REG_DWORD /d "0" /f

    rem Efficiency Mode / 1 - Enables efficiency mode
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EfficiencyModeEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Use hardware acceleration when available
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Save resources with sleeping tabs
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "SleepingTabsEnabled" /t REG_DWORD /d "0" /f

    rem 1 - Startup boost
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "StartupBoostEnabled" /t REG_DWORD /d "0" /f

    rem ________________________________________________________________________________________
    rem 1 - If ECH is enabled, Microsoft Edge might or might not use ECH depending on server support, the availability of the HTTPS DNS record
    rem Enable: DOH + #use-dns-https-svcb-alpn + the paramater: --enable-features="EncryptedClientHello" - https://www.cloudflare.com/ssl/encrypted-sni
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "EncryptedClientHelloEnabled" /t REG_DWORD /d "1" /f

    rem 1 - Enable Gamer Mode
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "GamerModeEnabled" /t REG_DWORD /d "0" /f

    rem NetworkPrediction / 0 - Always / 1 - WifiOnly / 2 - Never
    reg add "HKLM\Software\Policies\Microsoft\Edge" /v "NetworkPredictionOptions" /t REG_DWORD /d "2" /f
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --enable-features="EnableCsrssLockdown,EncryptedClientHello,IsolatePrerenders,IsolateSandboxedIframes,RendererAppContainer,WinSboxDisableExtensionPoint" --disable-webgl --no-pings
    • Password manager
    Bitwarden - Free Password Manager
    Online 2FA on Android - Microsoft Authenticator
    Offline 2FA on Windows - 2fast – Two Factor Authenticator
    • System recovery
    Hasleo Backup Suite (PreOS)
     
    Last edited: Jun 8, 2024
  16. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,182
    back to AVG Internet Security
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
    @TairikuOkami

    1.jpg

    Hi.:)
    Can you tell me if your Bonjourr extension is already at MV3.
    You can verify it from the extensions page.
    Those to MV3 have the “check views” to service workers process the other MV2 ones are to background.
    Thank you.
    :thumb:
     
  18. Oldie1950

    Oldie1950 Registered Member

    Joined:
    Feb 24, 2022
    Posts:
    100
    Location:
    Deutschland
    Windows Defender, DefenderUI, Cyberlock, uBlock Origin
     
  19. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,170
    Location:
    Member state of European Union
    I still have separate Firefox profiles for logging to YouTube and Facebook, but I am thinking about merging them. Both Alphabet and Meta have some shady deals between them about ad data sharing, so I don't think it is worth the hassle anymore.
    General surfing is different beast so I still want it to be separate.
     
  20. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,564
    Location:
    Flat Earth Matrix
    capture_06082024_175322.jpg
     
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
    :thumb:
    Yes it is MV3.
    In contrast, IDCAC and Bitwarden are always MV2.
    Thank you very much.
    ;):)
     
  22. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,564
    Location:
    Flat Earth Matrix
    I wonder, why does it say inactive? Is it something to be worried about? :doubt:
     
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
  24. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
    W.10 Home x64 22H2
    Local Account - Standard user - Limited permissions
    UAC maximum - Always notify
    Cloudflare DNS
    Onedrive,Cortana,Advertising ID,Web Search - disabled
    Usage of location data for Cortana disabled
    Telemetry OFF
    Removed some Windows optional features.

    Microsoft Defender Firewall hardened with H_C.
    Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

    • Ransomware protection - disabled
    • No run in a sandbox
    • Core Isolation: Memory integrity - disabled
    • Some softwares hardened with maximum AE protection
    • All Windows Exploit Protection options - enabled

    MS Edge --disable-webgl --no-pings --enable-features=IsolateSandboxedIframes

    • Home page: https://start.duckduckgo.com/
    • Search engine = only DDG
    • Enabled Security Mitigations - Strict
    • Detection Protection - Strict
    • Clipboard permissions - blocked
    • Next DNS DOH - OISD Full + EasyPrivacy
    • Share browsing data with other Windows features - disabled
    Policies:
    • AutomaticHttpsDefault = 2
    • DnsOverHttpsMode = secure
    • DnsOverHttpsTemplates = Next DNS
    • TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c"
    • HubsSidebarEnabled - false
    • CryptoWalletEnabled - false
    • SyncDisabled - true
    • AudioSandboxEnabled - true
    • NetworkServiceSandboxEnabled - true
    • Edge3PSerpTelemetryEnabled - false
    • AllowSurfGame - false
    • ExtensionManifestV2Availability= 2
    • WebWidgetAllowed - false
    • ShowRecommendationsEnabled - false
    • ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]

    Edge://flags:

    Enabled:

    • Experimental QUIC protocol
    • Block scripts loaded via document.write
    • TLS 1.3 Early Data
    • TLS 1.3 hybridized Kyber support
    • Block insecure private network requests.
    • Parallel downloading
    • Show block option in autoplay settings
    • Experimental Tracking Prevention Features
    • Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality
    • Project Robin experiment
    • Enable Digital Signature for PDF
    • New PDF Viewer
    • Strict-Origin-Isolation
    • Back-forward cache - Enabled force caching all page
    • Third-party Storage Partitioning
    • Origin-keyed Agent Clusters by default
    • Origin-keyed Processes by default
    Disabled:
    • Privacy Sandbox Ads Notice
    Extensions:

    Edge Store:

    • Video DownloadHelper
    Chrome Web Store:
    • UBO - Hard Mode with TLD's
    • SwiftDial
    • Stream Recorder
    P.S.
    Note the one disabled flag.
    The other previously disabled flags have been removed.

    P.S. 1

    I would like to advise Wilders members to check a persistent BING cookie that is probably due to the removal of a flag I was using.
    Because it bothers me,I have blocked BING cookies:

    2.jpg

    3.jpg

     
    Last edited: Jun 14, 2024
  25. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,698
    Location:
    Italy
    W.10 Home x64 22H2
    Local Account - Standard user - Limited permissions
    UAC maximum - Always notify
    Cloudflare DNS
    Onedrive,Cortana,Advertising ID,Web Search - disabled
    Usage of location data for Cortana disabled
    Telemetry OFF
    Removed some Windows optional features.

    Microsoft Defender Firewall hardened with H_C.
    Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

    • Ransomware protection - disabled
    • No run in a sandbox
    • Core Isolation: Memory integrity - disabled
    • Some softwares hardened with maximum AE protection
    • All Windows Exploit Protection options - enabled

    MS Edge --disable-webgl --no-pings --enable-features=IsolateSandboxedIframes

    • Home page: https://start.duckduckgo.com/
    • Search engine = only DDG
    • Enabled Security Mitigations - Strict
    • Detection Protection - Strict
    • Clipboard permissions - blocked
    • Next DNS DOH - OISD Full + NextDNS block list for ads and trackers
    • Share browsing data with other Windows features - disabled
    Policies:
    • AutomaticHttpsDefault = 2
    • HideFirstRunExperience - true
    • DnsOverHttpsMode = secure
    • DnsOverHttpsTemplates = Next DNS
    • TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
    • HubsSidebarEnabled - false
    • CryptoWalletEnabled - false
    • SyncDisabled - true
    • AudioSandboxEnabled - true
    • NetworkServiceSandboxEnabled - true
    • Edge3PSerpTelemetryEnabled - false
    • AllowSurfGame - false
    • ExtensionManifestV2Availability= 2
    • WebWidgetAllowed - false
    • ShowRecommendationsEnabled - false
    • ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]

    Edge://flags:

    Enabled:

    • Experimental QUIC protocol
    • Block scripts loaded via document.write
    • TLS 1.3 Early Data
    • TLS 1.3 hybridized Kyber support
    • Block insecure private network requests.
    • Parallel downloading
    • Show block option in autoplay settings
    • Experimental Tracking Prevention Features
    • Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality
    • Project Robin experiment
    • Enable Digital Signature for PDF
    • New PDF Viewer
    • Strict-Origin-Isolation
    • Back-forward cache - Enabled force caching all page
    • Third-party Storage Partitioning
    • Origin-keyed Agent Clusters by default
    • Origin-keyed Processes by default
    Disabled:
    • Privacy Sandbox Ads Notice
    Extensions:
    • uBlock Origin Lite
    • SwiftDial
    • Stream Recorder - off by default
    • Video DownloadHelper - off by default

    Firefox

    • Home page: https://start.duckduckgo.com/
    • Search engine = DDG
    • Next DNS DOH - OISD Full + NextDNS block list for ads and trackers
    • Tracking protection: Strict
    • DNS over HTTPS : Max Protection
    • HTTPS-only-mode enabled
    • Pocket disabled
    • Clearing browsing data on exit
    • Firefox telemetry disabled
    • Protection against fraudulent content and dangerous software enabled - all enabled
    • Some FastFox.js settings
    • Some Arkenfox.js settings
    Policies
    • OverridePostUpdatePage set to ""
    Extensions
    • uBlock Origin - Hard Mode with TLD's
    • Video DownloadHelper - off by default
    • HLS Downloader - off by default
     
    Last edited: Jun 30, 2024
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.