Basic Security overdivine's Security Config

[overdivine]

srp default deny still kicking ass

 

[Deleted Member 3a5v73x]

Mind sharing some details on how did you set up policies and your AppLocker? Thanks in advance.

 

[overdivine]

I used to run applocker but not anymore too much to fiddle with. SRP is easier to set up. Now i only a few rules. I used to have a bigger list but i've reinstalled windows and forgot to save them. Until paranoia strikes again (i hope not ) i will use only these rules.
security level is Disallowed (Software will not run, regardless of the access rights of the user.)
I've removed LNK extension from designated file types proprieties so i can run shortcuts. I know i can add extensions but i'm lazy atm.


I have enabled User Account Control: Only elevate executable files that are signed and validated. If you don't work with unsigned software, developing, etc, this is AWESOME.



I have windows enterprise and i have device guard on. Windows defender is off.

If i were to use realtime stuff it would be shadow defender, comodo firewall with cs settings and kaspesky av( paid) or windows defender .
I hope paranoia is a thing of the past.

 

[bribon77]

Good configuration nothing to add on my part .. Thanks for sharing.

 

[Thales]

I really like it! Thanks for sharing mate.

 

[LDogg]

Sweet setup. Disabling WD comes down to personal preference, how come you had it turned off? (outta curiosity). Liking the settings you have in this SRP for the enterprise version, looks amazing.

~LDogg

 

[overdivine]

it adds a delay after downloading an exe file (even on ssd) and i feel like i don't need it. i turn it on from time to time to update the signatures.