What else do you recommend?

I want to make my PC as SECURE as possible. To do this I have Microsoft Defender for Endpoint with all settings at their most aggressive enabled (Think ConfigureDefender MAX settings set from the cloud), Malwarebytes Premium (With appropriate exclusions for Defender  for Endpoint enabled) Hitman Pro.Alert (Again with appropriate exclusions) Cyberlock Premium, and I have run the DoD STIG command settings settings for Defender and Firewall to fill any gaps I may have missed, I run a customized WDAC and Applocker setting as well. I also disabled any non in use USB drives/ports. What else do you recommend? For the record on why I have such security is because I'm studying malware development in an ethical hacking course and have previously made mistakes in my VM with actually broke free from said VM to damage my previous host, so my goal is to essentially immunize my host PC and keep it as literal secure as can be. I have one laptop to use for this so there's no use a secondary PC option. Yay. Thank you for your time. 

"Microsoft Defender for Endpoint"??

Is this is a work or school computer?

Might think again on those things.  It is absolutely to much.  Most of what you installed is 2nd opinion use and again is above need and will cause issues.

 

Since 1st way in is by user and usually email or browser.

 I have one laptop to use for this so there's no use a secondary PC option.

I suggest keeping system images of a clean setup on an external drive that is kept unplugged from the system. Easy and fast restore.

"Microsoft Defender for Endpoint"??

Is this is a work or school computer?

work and school actually.

 

Might think again on those things.  It is absolutely to much.  Most of what you installed is 2nd opinion use and again is above need and will cause issues.

 

Since 1st way in is by user and usually email or browser.

I'm aware of that and have compensated for those possibilities thanks

 

 

 I have one laptop to use for this so there's no use a secondary PC option.

I suggest keeping system images of a clean setup on an external drive that is kept unplugged from the system. Easy and fast restore.

 

Surprisingly I didn't have a backup, would a clone of the drive work in your opinion?

 

would a clone of the drive work in your opinion?

I guess if you keep it disconnected from the system. I always use/recommend images.

@PatL

You say that this is a work & school computer.

If this computer belongs to your employer or school, then it would be advisable to consult with their IT department about recommended and/or permissible (security) software applications and safety/security procedures.

In some organizations, end users are not permitted to modify these settings and configurations, or to install unapproved software, especially without permission, and doing so can subject the user to disciplinary action.

The same would also apply to unsafe computing practices, such as intentional downloading or "development" of malware, a practice that potentially jeopardizes the security of the entire enterprise.



Respectfully submitted

I suggest keeping system images of a clean setup on an external drive that is kept unplugged from the system. Easy and fast restore.

+1

Any security strategy should include a backup plan.

Backing up data and disk imaging (redundancy) are among the most important prevention tasks users should perform on a regular basis to protect themselves from malware infection, yet it's still one of the most neglected areas.

• The smartest way to stay unaffected by ransomware? Backup!
• Encrypted by ransomware...Prevention before the fact is the only guaranteed peace of mind on this one.
• 3-2-1 Backup Strategy
• The Backup Rule of Three

A backup strategy is not only effective against ransomware and other harmful malware but also helps with catastrophic scenarios like hard disk failure, power failure and power surges which can damage internal hardware components. In some cases, the system can be rendered unbootable and you may not have access to the computer to back up any data. A computer's hard drive will not last forever and at some point its going to fail and eventually need replacing. Hard disk failure can occur suddenly without warning or it could occur gradually due to failing areas of the disc requiring repeated read attempts before successful access or as a result of bad clusters accumulating over time to the point the drive becomes unusable. Finally, there is always the possibility of system wide issues after applying Microsoft patches and even data loss due to buggy Windows updates.
 
IMPORTANT!!! When implementing a backup strategy include testing to ensure it works before an emergency arises; routinely check to verify backups are being made and stored properly; and isolate all backups (offline) to a device that is not always connected to the network or home computer so they are unreachable. If not, you risk not only malware infection but ransomware encrypting your backups and any backups of the backups when it strikes.

 

@PatL

You say that this is a work & school computer.

If this computer belongs to your employer or school, then it would be advisable to consult with their IT department about recommended and/or permissible (security) software applications and safety/security procedures.

In some organizations, end users are not permitted to modify these settings and configurations, or to install unapproved software, especially without permission, and doing so can subject the user to disciplinary action.

The same would also apply to unsafe computing practices, such as intentional downloading or "development" of malware, a practice that potentially jeopardizes the security of the entire enterprise.



Respectfully submitted

 

I apologize I believe you're misunderstanding. It is my personal schooling/work computer I pay for and endpoint license for this and other devices I intend to acquire in the future. Does that make more sense now?

 

I suggest keeping system images of a clean setup on an external drive that is kept unplugged from the system. Easy and fast restore.

+1

Any security strategy should include a backup plan.

Backing up data and disk imaging (redundancy) are among the most important prevention tasks users should perform on a regular basis to protect themselves from malware infection, yet it's still one of the most neglected areas.

• The smartest way to stay unaffected by ransomware? Backup!
• Encrypted by ransomware...Prevention before the fact is the only guaranteed peace of mind on this one.
• 3-2-1 Backup Strategy
• The Backup Rule of Three

A backup strategy is not only effective against ransomware and other harmful malware but also helps with catastrophic scenarios like hard disk failure, power failure and power surges which can damage internal hardware components. In some cases, the system can be rendered unbootable and you may not have access to the computer to back up any data. A computer's hard drive will not last forever and at some point its going to fail and eventually need replacing. Hard disk failure can occur suddenly without warning or it could occur gradually due to failing areas of the disc requiring repeated read attempts before successful access or as a result of bad clusters accumulating over time to the point the drive becomes unusable. Finally, there is always the possibility of system wide issues after applying Microsoft patches and even data loss due to buggy Windows updates.
 
IMPORTANT!!! When implementing a backup strategy include testing to ensure it works before an emergency arises; routinely check to verify backups are being made and stored properly; and isolate all backups (offline) to a device that is not always connected to the network or home computer so they are unreachable. If not, you risk not only malware infection but ransomware encrypting your backups and any backups of the backups when it strikes.

 

I use EaseUS Todo Backup Free and Macrium Reflect Free for doing my imaging tasks.

 

Many home users just buy an external hard drive, copy their critical data to it, disconnect the device and store it in a safe/secure location rather than try to monitor and maintain a complex backup system. Program like SoftByte Labs Comparator make doing these types of backups quick and easy for the average user or in between creating system images.

 

 

I have now backed everything important up to 3 external drives

 

"Endpoint" software is typically available to & used on Enterprise devices, not home computers.

As such, I apologize for the confusion.

Cheers

"Endpoint" software is typically available to & used on Enterprise devices, not home computers.

As such, I apologize for the confusion.

Cheers

 

Right I found a way to purchase a valid Endpoint license for a trial and error for my studies and work needs, it's pretty solid. Just have to add exceptions for MWB and HMPA and everything works perfectly. No breaches so far and all e-mail is checked in a double VM/Sandbox on encrypted VPN without any links or attachments being opened. so would you say with having backed everything up now that it's as good as I can get it?

I have one question though

Why are you computing in this manner?

I have been computing since 1993 and have been virus free with very minimal security settings. I could have a very rigorous security policy here at home but it's overkill and adds more things to troubleshoot during a computer issue.

Just remember, the user is the first and last line of defense and security is a constant effort to stay one step ahead of the bad guys. The end user needs to stay informed, constantly educate themselves about the latest malware threats as well as those recommendations by security experts on how to protect themselves.
 
Security is all about layers and not depending on any one solution, technology or approach to protect yourself from cyber-criminals. The most important layer is you. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed. It has been proven time and again that the end user is a more substantial factor (weakest link in the security chain) than the architecture of the operating system or installed protection software.