What is your security setup these days?

Wow, shocking stuff.

But why not use a default-deny firewall? It's not just powershell.exe that should be blocked from connecting out, how about blocking ALL processes except for trusted apps that actually need network access in order to function? And of course, auto-update should never be used. And Sophos Home blocked it because it has behavioral monitoring against infostealers, so no cloud signature is required.

Yes, this doesn't surprise me since it will block many system processes that are often abused from being launched.

 

Main Set-up
Sphinx FireWall + AppGuard Solo + KeyScrambler Premium + DeepFreeze

Testing
Sphinx FireWall + Faronics Anti-Executable + ShadowDefender

Occasional Scan
Emsisoft EEK + Eset Online + Sophos Scan and Clean + DrWeb Cureit

 

Sphinx Firewall, Appguard Solo, OSArmor, SysHardener, Mbam, incontrol. And a VPN.

 

Sphinx Firewall
AppGuard Solo
ShadowDefender
Mullvad VPN

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Scareware Blocker enabled
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = 0x002f","0x0035","0xc013","0xc014"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ShowDownloadsInsecureWarningsEnabled = true
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Custom Protection - All cross-site cookies
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features="NetworkServiceSandbox,EnableCsrssLockdown,WinSboxDisableExtensionPoint"

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Enabled Security Mitigations - Balanced
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - HaGeZi - Multi ULTIMATE + OISD big
• Share browsing data with other Windows features - disabled
• Blocked cookies (also third parties):

Code:

abrahamjuliot.github.io
ntp.msn.com
c.msn.com
assets.msn.com
msn.com
microsoftedge.microsoft.com
fpt2.microsoft.com
browserleaks.com

Policies:

• BrowserSignin = 0
• HideFirstRunExperience - true
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = 0x002f","0x0035","0xc013","0xc014"
• HubsSidebarEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled - false
• AllowSurfGame - false
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false
• ShowRecommendationsEnabled - false
• ManagedSearchEngines = [{"allow_search_engine_discovery":false},{"is_default":true,"name":"DuckDuckGo","keyword":"duckduckgo.com","search_url":"https://duckduckgo.com/?q={searchTerms}","suggest_url":"https://www.duckduckgo.com/qbox?query={searchTerms}","image_search_url":"https://www.duckduckgo.com/images/detail/search?iss=sbiupload"}]
• ReadAloudEnabled - false

Edge://flags:

Enabled:

• Block scripts loaded via document.write
• TLS 1.3 Early Data
• Block insecure private network requests.
• Parallel downloading
• Automatic HTTPS
• Show block option in autoplay settings
• Experimental Tracking Prevention Features
• New PDF Viewer
• Strict-Origin-Isolation
• Bind cookies to their setting origin's port
• Bind cookies to their setting origin's scheme
• Origin-keyed Processes by default

Extensions:

• uBlock Origin - Hard Mode with TLD's
• Osprey - Enable notifications - disabled / Hide continue buttons - enabled / Protection options enabled = (Emsisoft Web Protection + Bitdefender TrafficLight + G DATA WebProtection)
• Stream Recorder - (off by default)
• Video DownloadHelper - (off by default)
• AdGuard AdBlocker v.5.x - Hard Mode with TLD's - (off by default)

Firefox

• Home page: https://start.duckduckgo.com/
• Search engine = only DDG
• Next DNS DOH - HaGeZi Multi PRO++ + OISD big
• Tracking protection: Custom Protection - All cross-site cookies
• DNS over HTTPS : Max Protection
• HTTPS-only-mode enabled
• Pocket disabled
• Clearing browsing data on exit
• Firefox telemetry disabled
• Protection against fraudulent content and dangerous software enabled - all enabled
• Some FastFox.js settings
• Some Arkenfox.js settings

Policies

• OverridePostUpdatePage set to ""
• DontCheckDefaultBrowser = true
• OverrideFirstRunPage set to ""

Extensions

• uBlock Origin - Hard Mode with TLD's
• Video DownloadHelper - (off by default)
• HLS Downloader - (off by default)