What is your security setup these days?

Good question re Macrium. I was running an extremely outdated version, and wanted to try something else for a while (SyncBack). Sometimes MR seems a bit beyond my full understanding. I imagine I will return to MR at some point.

 

Blah...

Comodo FW, ublock, backups...

 

F-Secure Internet Security, uBlock Origin, Macrium Reflect

 

Windows 11 Pro 23H2

Standard User Account
Microsoft Defender - Block all unknown executables | All ASR rules
Smart App Control
Max Exploit Protection settings
Firefox | µBO
Brave | Shields
Aomei Backupper Pro + Windows built-in

 

Yes I understand, but I meant as a test you could try Comodo. And I suppose Harmony Endpoint is a beefed up version of ZoneAlarm AV, right?

https://www.zonealarm.com/software/free-antivirus

 

@Rasheed187
Beefed up yeah, the best i've ever used protection wise. It's their engine you won't see on Virustotal, because it's their own "engine".
You will see those "zonealarm" crap stuff. But their so called "in-house" engine detection names are interesting. Its based on kaspersky/or sophos, but their internal ML engine is just sickenly, GOOD.
Or ist it? Well, OSA blocks a lot "suspious process blocked", while Sophos ML still analysin(background dmg is done already). OSA is very good, reacts fast and stops the fkers.

 

W.10 Home x64 22H2
Local Account - Standard user - Limited permissions
UAC maximum - Always notify
Cloudflare DNS
Onedrive,Cortana,Advertising ID,Web Search - disabled
Usage of location data for Cortana disabled
Telemetry OFF
Removed some Windows optional features.

Microsoft Defender Firewall hardened with H_C.
Microsoft Defender hardened with Configure Defender (Customized level) - Cloud Block Level

• Ransomware protection - disabled
• No run in a sandbox
• Core Isolation: Memory integrity - disabled
• Some softwares hardened with maximum AE protection
• All Windows Exploit Protection options - enabled

MS Edge --disable-webgl --no-pings --enable-features=IsolateSandboxedIframes

• Home page: https://start.duckduckgo.com/
• Search engine = DDG
• Enabled Security Mitigations - Strict
• Detection Protection - Strict
• Clipboard permissions - blocked
• Next DNS DOH - OISD Full + EasyPrivacy
• Share browsing data with other Windows features - disabled

Policies:

• AutomaticHttpsDefault = 2
• DnsOverHttpsMode = secure
• DnsOverHttpsTemplates = Next DNS
• TLSCipherSuiteDenyList = "0x002f","0x0035","0xc013","0x009c","0xc014","0x009d"
• HubsSidebarEnabled - false
• CryptoWalletEnabled - false
• SyncDisabled - true
• AudioSandboxEnabled - true
• NetworkServiceSandboxEnabled - true
• Edge3PSerpTelemetryEnabled= 0
• ExtensionManifestV2Availability= 2
• WebWidgetAllowed - false

Edge://flags:

Enabled:

• Experimental QUIC protocol
• Block scripts loaded via document.write
• TLS 1.3 Early Data
• TLS 1.3 hybridized Kyber support
• Block insecure private network requests.
• Parallel downloading
• Show block option in autoplay settings
• Enable Back/Forward Cache
• Experimental Tracking Prevention Features
• Enable Kyber768 + NIST-P384 TLS Kyber Confidentiality
• Project Robin experiment
• Enable Digital Signature for PDF
• New PDF Viewer
• Strict-Origin-Isolation
• Back-forward cache - Enabled force caching all page
• Third-party Storage Partitioning
• Origin-keyed Agent Clusters by default
• Origin-keyed Processes by default

Disabled:

• Allow Microsoft Search with Bing for any default search engine
• Enable Drop's custom notification

Extensions:

Edge Store:

• UBO - Hard Mode with TLD's
• Video DownloadHelper

Chrome Web Store:

• SwiftDial
• Stream Recorder - download HLS as MP4
• Don't add custom search engines