Make sure you have latest windows update or install them after (professional and on or enterprise versions are suggested and this configuration is not intended for Windows XP and below) before applying or flash bios, turn off computer, replace hard drive, or reinstall windows (Windows 10 enterprise 1703 version used)

Go offline


With RUN WINDOW or COMMAND PROMPT write gpedit.msc and start it (pressing ctrl and r keys at same time or searching and executing RUN or COMMAND PROMPT in

start menu or cortana, can start COMMAND PROMPT via RUN too by cmd.exe. Hold ctrl / control and shift together and press enter to run as administrator)


Open gpedit.msc


Computer configuration / name resolution policy

Create rule for any with microsoft root certificate authority 2011 certificate

Just enable DNSSEC do not select any other options in DNSSEC tab

Add your local IPv4 address to DIRECTACCESS (can be found in ipconfig /all command prompt command)

Use this web proxy, select use the default web proxy

Use IPsec in communication between the DNS client and DNS server, select low 3DES

Add these DNS servers to GENERIC DNS tab

8.26.56.26

8.20.247.20

216.146.35.35

216.146.36.36

Select encoding tab, enable and select UTF-8 with mapping


Computer configuration / windows settings / security settings / user rights assignment


Deny access to this computer from the network

SYSTEM

Deny log on as batch job

SYSTEM

Deny log on as a service

SYSTEM

Deny log on locally

SYSTEM

Or import "User rights assignment.inf" which may also import some of security settings below.


Computer configuration / windows settings / security settings / account policies / account lockout policy

Set account lockout threshold to 2 invalid logon attempt and reset account lockout counter and duration above one hour


Computer configuration / windows settings / security settings / local policies / security options


Enable audit: audit the access of global system objects

Enable audit: force the use of backup and restore privilege


DCOM: Machine access restrictions in security descriptor definition language (SDDL) syntax

Deny all unknown accounts

Deny remote for system, deselect local

Deny remote for local service, deselect local

Deny remote for service, deselect local

Deny remote for network, deselect local

Deny remote for network service, deselect local

Deselect remote for all remaining


DCOM: Machine launch restrictions in security descriptor definition language (SDDL) syntax

Deny all unknown accounts

Deny remotes for system, deselect local activation, local launch

Deny remotes for local service, deselect local activation, local launch

Deny remotes for service, deselect local activation, local launch

Deny remotes for network, deselect local activation, local launch

Deny remotes for network service, deselect local activation, local launch

Deselect remotes for all remaining


Interactive logon: number of prefvious logons to cache (in case domain controller is not available)

Zero


Network access: Restrict clients allowed to make remote calls to SAM

Allow administrators

Deny SYSTEM

Deny NETWORK

Deny NETWORK SERVICE

Deny LOCAL SERVICE

Deny SERVICE


Network security: LAN manager authentication level

Send LM & NTLM - use NTLMv2 session security if negotiated


Audit all for network security: Restrict NTLM: Audit Incoming NTLM Traffic and network security: Restrict NTLM: Audit NTLM authentication in this domain


Network security: restrict NTLM: Incoming NTLM traffic

Allow all


Network security: restrict NTLM: NTLM authentication in this domain

Disable


Network security: restrict NTLM: Outgoing NTLM traffic to remote servers

Audit all


Disable system objects: require case insensitivity for non-windows subsystems


Enable system settings: Use certificate rules on windows executables for software restriction policies


User account control: behavior of the elevation prompt for administrators in Admin Approval Mode and for standard users

Prompt for credentials (not on secure desktop)


Computer configuration / windows settings / security settings / local policies / audit policy

Check if all audits are enabled on success and failure


Computer configuration / windows settings / security settings / Windows defender firewall with advanced security

Right click on Windows defender firewall with advanced security and apply, Add block to all outbound without RFC from here https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers

Inbound booting 67-68 source and destination block

Inbound GRE block

Inbound IGMP block

Inbound VRRP block

Inbound ICMPv4 block

Inbound ICMPv6 block

Inbound UDP/TCP source and destination port 0 block

Inbound UDP/TCP source and destination port 65500 block

Allow all other inbound and outbound

Add connection security rules, require inbound and clear outbound for endpoint 1 0.0.0.0-223.255.255.255 to endpoint 2 any, require inbound and clear outbound for endpoint 1 any and endpoint 2 0.0.0.0-223.255.255.255. Request inbound and outbound for all

Use 3DES diffie-hellman group 14, no sessions and 1 minute in IPsec defaults, use user and computer certificates and ESP for both in data protection.

Or import "Windows firewall.wfw"


Computer configuration / windows settings / security settings / Network list manager policies

Select private for unidentified networks, identifying networks

Connect to your network or internet restart gpedit management console - close the editor and start it again, open this same page and select the network you have connected to and select as private


Computer configuration / windows settings / security settings / public key policies

Certificate path validation settings, stores define these policy settings 

disable allow user trusted root CAs to be used to validate certificates and disable allow users to trust peer trust certificates

Select CAs must also be compliant with User principal name constraints

Trusted publishers define allow only all administrators to manage trusted publishers

Select verify that the publisher certificate is not revoked

Select verify that the timestamp certificate is not revoked

Define network retrieval and leave as is

Enable certificates services client - auto-enrollment

Select renew expired certificates, update pending certificates, and remove revoked certificates

Select update certificates that use certificate templates


Computer configuration / windows settings / security settings / software restriction policies

Right click and select new software restriction policies

Enforcement all software files, all users, enforce certificate rules

Trusted publishers allow only all administrators to manage trusted publishers

Select verify that the publisher certificate is not revoked

Select verify that the timestamp certificate is not revoked

Additional rules

Add all network zone rules disallowed

Add new path rules and set to disallowed unhide all folders and system folders. Note that for this you may have to reinstall windows or do not add ?:\system volume information while using Bitlocker

?:\users\public, ?:\users\default, ?:\users\default user, ?:\system volume information, ?:\documents and settings, ?:\$recycle.bin, ?:\swapfile.sys, ?:\hiberfil.sys, 

?:\pagefile.sys, ?:\users\?\documents, ?:\io64.sys if applicable, ?:\users\?\downloads, ?:\users\?\music, ?:\users\?\videos, ?:\users\?\cookies, ?:\users\?\onedrive, ?:\users\?\pictures.

Added user folders except desktop, if you want to launch direct application or image from user directories use desktop.

Appdata local, roaming, there, set all browser software folders also to disallowed, examples are chrome/mozilla/internet explorer or STEAM

?:\users\?\AppData\Local\Packages, ?:\Users\?\AppData\Local\Temporary Internet Files, ?:\Users\?\Cookies, 

?:\Users\?\Application Data, Appdata/roaming/microsoft/network, ?:\Inetpub, ?:\Intel, ?:\MSOCache, ?:\PerfLogs if applicable.

?:\Windows\system32\drivers

?:\windows\systemresources

?:\users\?\appdata\local\packages

?:\users\?\appdata\locallow

?:\programdata\microsoft\windows\network, ?:\programdata\microsoft\windows\wlansvc, ?:\programdata\packages, ?:\programdata\shared space

?:\program files (x86)\windows sidebar

Set drives that you use as C:/, D:/ to unrestricted and A:/, B:/, X:/, E:/, F:/, G:/, H:/ to disallowed. 

This may cause MICROSOFT OFFICE 2007 installation startup to fail

Skype windows 10 application will fail to start

Logging out may not work and using two users at once.

Disallow all network zones cause you shouldn't use internet explorer on your system


Computer configuration / windows settings / security settings / application control policies

Configure rule enforcement

Enforce all

Right click on all rule categories and create default rules


Computer configuration / windows settings / security settings / IP security policies and local computer

Right click on IP security policies and local computer and apply, block remote access, LAN and select Microsoft windows 2011 certificate for all on 3DES encryption and accept unsecured communication, but always respond with IPsec. Do not use master key perfect forward instead use 1 minute without sessions

Or import "IP security.ipsec"


Computer configuration / windows settings / security settings / advanced audit policy configuration

Enable all audits or import "Audits.csv"


Computer configuration / Administrative templates / system / display

Turn on GdiDPIScaling for applications insert * and apply

Configure per-process system DPI settings, select enabled and insert * for on option


Restart computer


Create standard user account


Go to control panel/system and security/system/advanced system settings

In remote tab allow remote assistance connections to this computer

Allow remote connections to this computer, allow connections only from computers running Remote Desktop with Network level authentication

Select users and add Authenticated Users and apply


These WINDOWS features with control Panel\Programs\Programs and Features

Enable all of .NET framework 3.5 (includes .NET 2.0 and 3.0)

Enable all of .NET framework 4.7 advanced services

Enable all device lockdown (If applicable)

Enable all legacy components

Enable all MICROSOFT message queue (MSMQ) Server

Enable Simple TCPIP services (i.e. echo, daytime etc)

Enable all for windows identity foundation 3.5

Enable all for windows process activation service

Enable windows defender application guard 


(Then after restart go into windows defender and enable ransomware protection, controlled folder access and add System volume information, NET 4.5 and NET 4.5 classic folders and go to app and browser control click application guard settings and enable all features there. If you don't see it try installing VS community disabling COMODO and using Administrative profile. In exploit / program settings these executables by name as follow. Device security, core isolation details enable memory integrity)

Runtimebroker.exe enable all restrictions and audit win32k calls

Dwm.exe enable all restrictions and audit arbitary code, win32k calls audit, code integrity guard audit. Do not use strict CFG

Ntoskrnl.exe enable all restrictions

Smss.exe enable all restrictions and audit win32k calls, child process audit, import address filtering audit, export address filtering audit and validate access for modules

Csrss.exe enable all restrictions and audit win32k calls, import address filtering audit, export address filtering audit and validate access for modules

Svchost.exe enable all restrictions and audit import address filtering, audit export address filtering and validate access, audit win32k calls, audit child processes, audit arbitary code guard, audit code integrity

audiodg.exe enable all restrictions and audit win32k calls

explorer.exe enable all restrictions and audit child process, audit win32k calls, audit code integrity guard

regedit.exe enable all restrictions and audit win32k calls, audit code integrity guard

reg.exe  enable all restrictions and audit win32k calls, audit code integrity guard, audit arbitary code, audit child processes

taskhostw.exe enable all restrictions and audit win32k calls, audit code integrity guard, audit arbitary code

dllhost.exe enable all restrictions and audit win32k calls, audit code integrity guard, audit arbitary code, audit child processes

sihost.exe enable all restrictions and audit win32k calls, audit code integrity guard, audit arbitary code, audit child processes

rundll32.exe enable all restrictions and audit win32k calls, audit code integrity guard, audit arbitary code, audit child processes, do not use strict CFG for flow guard

applicationframehost.exe enable all restrictions and audit win32k calls, audit code integrity guard, audit arbitary code

fontdrvhost.exe enable all restrictions and audit win32k calls

services.exe ?

winlogon.exe ?

wininit.exe ?

wmiprvse.exe ?


Enable multiplexor for your network - please install OpenVPN or Softether VPN client or VMware player or use Vethernet or your real ethernet adapter in network connections to bridge the connection by selecting the adapters and right clicking and selecting bridge and go in network bridge adapter settings and set your IPv4 configuration of routers or modems you connect to if you are internet sharing the adapter with 192.168.137.1 using second address as router local Ipv4 addresses. It is recommended to bridge last adapter which has no driver options so that network bridge has no driver options.

You may have Vethernet adapter cause you enabled windows features, please bridge with it first after that search Vethernet in regedit and set to READ-ONLY including everyone to all found master keys of vethernet. The adapter will disable itself after restart (The adapter reinstalls itself and resets configuration on each restart, it is useless. If network bridge does not show bridge router icon, delete your Wi-Fi, ethernet, bridge devices in devmgmt.msc and restart computer and bridge again, do this anyway if you just installed WINDOWS. If it doesn't work do it while connected to internet your Wi-Fi or ethernet)

Extreme interrupt moderation

Jumbo packet 9014 bytes

Speed and duplex 1 Gigabyte full duplex

If your network bridge adapter device driver stops working as always showing no internet access, then the reason is that the whole planet machines of 2019 have attacked to destroy its configuration and you must reinstall it with adapters you used to connect to it as Wifi or ethernet and disable and re-enable sharing other adapters can stay. And turn off all networks at your location while rebridging.

Disable NetBIOS TCP/IP and do not register DNS


Go to recycle bin properties and enable displaying confirmation dialogue for file deletion.


Please use SSD and Bitlocker for drive you install windows on

Please do take screenshots of your computer

Please check your system for unidentified, unknown profiles and copies of them Control Panel\System and Security\System - advanced system settings and ?:\Users\?

Please enable DEP for all software Control Panel\System and Security\System - advanced system settings

Please set your computer name to your first and last name adding MICROSOFT.COM suffix at the end of it Control Panel\System and Security\System - advanced system settings

Please use your work or business domain or subdomain suffix for your connections by adding it to IPv4 configuration in network bridge

Please use wired devices, wireless can be exception

Please do not install most things to your root directory which is "?:\Here", if it's a driver - sure. For example "RIOT GAMES / League of legends", "XAMPP" - do not install.

Please do not launch applications after installation because they will most likely launch with administrative rights, launch them separately as user outside of installation.

Please keep Flush DNS and renew running as bat file

Please try attaching plastic and wool on top of your computer hardware and case to prevent electric and, or magnetic interferences from outside. You can also isolate your room. And magnets, but not near hard disk drives. You can put wool inside laptop battery. Don't forget to do that on your portable hard drive if you have one.

Use standard user account and use it by default

Please make two routers be connected together to create real computer hardware network bridge (TP-Link archer C9 recommended)

Using programmed wired cellular data for MICROSOFT WINDOWS operating system is depracicated and completely dangerous today 2019

Use airplane mode to completely disable Windows 10 1903+ version wireless and always before update and restarts. Unplug LAN cable when computer is off. Your system could be flooded while WINDOWS loads if it is not UEFI and BIOS is not protected.

Do not repair hard drive errors

Do not use common system restore it will break everything, WINDOWS still cannot do it. Use system image or reset PC

Defragment your disk from time to time.

Please be careful with file replacing. Use File History

Create full restoration media on separate portable hard drive (1 TB recommended)


Go online


Location:

San Jose, USA


Free DNS:

Server: 184.105.86.232


Free proxy:

Server: 184.105.86.232

Port: 443


Free SOFTETHER VPN:

Server: IGEMXROZBVPN.SOFTETHER.NET

Ports: 995

Virtual hub name: ENTIERALL

Authentication type: Anonymous authentication

User: IGEMXROZB

Bridge / router mode allowed.


Free OpenVPN:

Server: 184.105.86.232

Port: 465

L2 Site to site bridge allowed

<ca>

-----BEGIN CERTIFICATE-----

MIIFTDCCAzSgAwIBAgIBADANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBppZ2Vt

eHJvemJ2cG4uc29mdGV0aGVyLm5ldDAeFw0xOTA4MjcyMjMyNTlaFw00NzAxMTEy

MjMyNTlaMCUxIzAhBgNVBAMMGmlnZW14cm96YnZwbi5zb2Z0ZXRoZXIubmV0MIIC

IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0e2R7hxSm0GRZGvfpH9mSYuW

hqjOgSKUjvLdNffa9ENW7gAJXSXhlqrWCekzkECBrqYmxMuwGLhd8YwGWuS1xPBa

OaPs8xP4HtCg4WiahqBtBz+3J3kOV558s8i6v35mnjLQ1rwWSJZNZ8l8tv9hQvNx

4cAF8eVCHKmjjWwOx1PyU/dsrtxw7x3JaG3OcihF2QHoUWCvQJkNNp3SaviHvL2/

Gaqy1UY+/98dI6vCAa18R6qFzYo8YDFX1BZkjgZRUyt6ikmHGj6/WZ9MwgBzEnPK

FP16YKkQGOubYt+JhrWx5qv/sNQNIP9h8Q8sjARajWQSBDYViHXca6nqmzGkZszH

rnBa+XjHXDsJVjHT3vr1rX8G9haFsv5KLE4BC2bg6fcVQq2niWg7jmMstqY9qmu6

41O9zKktusg4AWBODaPOOWbBAS/H3qRDJ0ZlCv3tSNYh32RiL0bGogWWmedZb7PS

SDXPpp665tGtdsDQWVeiCGnSK4mOy4qhXWlUA2kNOZbXOW5iePru21ZbQ3FWVCHp

ghgAJkQs6043Gq0x7+MLc2OAcyY23UYxm+8C6Jd0EfS0YuXFcvZHBzyjuzIQeWjr

ofOd1cANmxL59J55GXIxFUFcPislJ6l3qzLGFsVNuacvkCqHe6K6IZ3Bi4shPybI

2tgEOUqhm1DH9+jGeAkCAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud

DwQEAwIB9jBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMD

BggrBgEFBQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUH

AwgGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4ICAQAqtHWWpAP5+zOaymPgGs0e

X6W0VkdLi7JEfeFQ/ICT1AJIekzUsZ8wyM/xXRINWGGl5aj3FE+sy57YUYkpUvrf

dl2k/pda01SkkXcyCtRv4G/jI3W6y/N3fvz8+5X7jEhKlG/1oGKphbpR6+0SYYBp

/lMZ/UvzLkowVsW4+Ep2p+/WOuRbYdcS4X6o7Nc8GBE/+1zaK9VoHhsYt5JVaF9/

AdGgs5OpSvqftt4+w0NBKzC93ZPVE8gvK2Uq/ipJtGyXT8V76UfjSIp7gL/Q1wKn

Xa6rIyjMss0JdXwfQFJTSca7kAQEZjFN63iT0OgEUl9E5QXxPzAyhGNlEsPkGvfi

YQSNkp/IHmZiDzjy/05/49dXKXbWTwf7JRW920vRTIDIz73XoUqShtgzOzxsGGkn

1EqIbZNJNK/5sp9hq9gOQ4LqPeCX1hMNCjEjDdvcmJztCSkfMag2Pf4WKRkGPsht

LrsamPS4b+KgxCkLBGrA5fbg+X9R24kS+sr40SR4sT5uHNU+MRZCpI+Q/+5zKHSa

FcXJC8haYcfxqu0V4SM78LfG1Fr8vWL514hZWf7HOaKIyTWG5EbQiUmBSwbziYQY

McZOhu5POr56l+/M2YwRcFQOMQ8elON9TPBRq8GBBiw8ARpM60pA6lCndjEL0O/1

+cSKE1JwrNM0RYIZbgGcZQ==

-----END CERTIFICATE-----

</ca>

<cert>

-----BEGIN CERTIFICATE-----

MIIF1jCCA76gAwIBAgIBADANBgkqhkiG9w0BAQsFADBqMR0wGwYDVQQDDBQxNzc5

OTY2ODU2NTkyMjIxMjkwOTEdMBsGA1UECgwUMTc3OTk2Njg1NjU5MjIyMTI5MDkx

HTAbBgNVBAsMFDE3Nzk5NjY4NTY1OTIyMjEyOTA5MQswCQYDVQQGEwJVUzAeFw0x

OTA4MjgwMDI4MDNaFw0zNzEyMzEwMDI4MDNaMGoxHTAbBgNVBAMMFDE3Nzk5NjY4

NTY1OTIyMjEyOTA5MR0wGwYDVQQKDBQxNzc5OTY2ODU2NTkyMjIxMjkwOTEdMBsG

A1UECwwUMTc3OTk2Njg1NjU5MjIyMTI5MDkxCzAJBgNVBAYTAlVTMIICIjANBgkq

hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1LkGFiqnL6qZUFcVKKwTOgBtI7VvFsi9

cQyr1cGcwG0n4YI2gT7VzbA9/RhX11ANSfR8Zw2AIwU7EIwqKZUB44tnaDJWXmt8

IMZ77PEPXxmmbLWdqCfAV2qLiRPaoc1kHj+/DnU1k8CI/+/4qcNwWmIX/FB61PuN

lpp9ejdcPR73FPWKZJ9yzCMHJdYW5+Ad1D5tOWppgevqASkKqxWr4Q4lTV9rnZCM

h1cBKuU/41JabGHl+f9lywE06anyYC99luGv04RBje75Wvq4QeJcEigueieb3hoC

wX5oJedgZ8HJmsIe7l/zLdHbKpUOYmKjwBrDfl0xDVtWgWzJm0Dq78yZdLWE5JNm

ARVIF3P1EeACUnCherppTInICu5/OscqT1atr5okcgelPeR5ilm8wq0/bImsKJLK

8J0/idU3QRTI39bmfARCiBg4zVuKVNuGFs3JjonelgD1JHGicZ3PGEgTNGuBAxMl

sViceEUZA09bLgJ40sLIxZbEnhcGu2HqkUQ9tho+GffpQyWpLwUxuC7M3TECmWsB

I0p2QDLKRJXK0F+2YkfP2LCa/4pN1Ria2ieEm+IqHkYk2NENmtvXBzSJVh4QIUr/

lwLg3X1fqNSqDqx1d49L7hH8/Kgiaqb2en+5SSDSACT6mw9tUZTsVN2i2zi+ssX3

luCETr/+5T8CAwEAAaOBhjCBgzAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB

9jBjBgNVHSUEXDBaBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEF

BQcDBAYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEFBQcDBwYIKwYBBQUHAwgGCCsG

AQUFBwMJMA0GCSqGSIb3DQEBCwUAA4ICAQCq81wZH5QtNZnZTpcKL+EtS8eL20ll

SRrodFJ3e75vHiIP+Eb/ATheYC6QT/F7RpTJp19cdo9duf6M1CjJakqY5znZiInj

NPdk7xxaJ+eLa3sfwzJBZHeaIMigYSWo73wqmGC73r/X6T8+PCUtx6CuLZiGcgjS

zA2LW8vHE4eBY46oJWwv+OzF/CarIS2dFSfFVWxYjJBC0Wget7LT/qt3N1ZzxYaL

6yvu70648UEY6QnDCpzsuI9rM+FM5kjAjhR59fo+BzQOSvH2EwkUX+QYhsuocrZO

HufhXRYNdlu3vqu+L1+y8PBaoiUXFBsqhhxYuUZhePGRoooiHV9PnOrI7EgLmh/M

34AEkjg7Up1k5BPVFLcR11MzlKFWl1RKgor3lxZvqCzbcKpvVwFmLSO4R6jckjiH

znrqD++Bxj6PcP2MTYQeTuz8lYOnrd8jYqL+k5xIK+RYgcI4y1Nn87ycvfHSx9aN

aF8cFhAXdKJHIEguPUn/NYzOICRUlhp5CUoKk4bLUaXtPOSBffPFbj7Xw9zXqze4

NBDOP+OjxbeFpxqr0qjQ1Z+fI5pWlSoIBuiEIVPD0IjcAGMd+ktib8+UAOReNdzZ

1P5Fi8G3BOTK5ddi2NdZRwuE4bn4AxYD/hAAVtyi4ehdUgwb05DoKl4GWCWZXbcc

5H8TaB0ubuCXNQ==

-----END CERTIFICATE-----

</cert>

<key>

-----BEGIN PRIVATE KEY-----

MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDUuQYWKqcvqplQ

VxUorBM6AG0jtW8WyL1xDKvVwZzAbSfhgjaBPtXNsD39GFfXUA1J9HxnDYAjBTsQ

jCoplQHji2doMlZea3wgxnvs8Q9fGaZstZ2oJ8BXaouJE9qhzWQeP78OdTWTwIj/

7/ipw3BaYhf8UHrU+42Wmn16N1w9HvcU9Ypkn3LMIwcl1hbn4B3UPm05ammB6+oB

KQqrFavhDiVNX2udkIyHVwEq5T/jUlpsYeX5/2XLATTpqfJgL32W4a/ThEGN7vla

+rhB4lwSKC56J5veGgLBfmgl52Bnwcmawh7uX/Mt0dsqlQ5iYqPAGsN+XTENW1aB

bMmbQOrvzJl0tYTkk2YBFUgXc/UR4AJScKF6umlMicgK7n86xypPVq2vmiRyB6U9

5HmKWbzCrT9siawoksrwnT+J1TdBFMjf1uZ8BEKIGDjNW4pU24YWzcmOid6WAPUk

caJxnc8YSBM0a4EDEyWxWJx4RRkDT1suAnjSwsjFlsSeFwa7YeqRRD22Gj4Z9+lD

JakvBTG4LszdMQKZawEjSnZAMspElcrQX7ZiR8/YsJr/ik3VGJraJ4Sb4ioeRiTY

0Q2a29cHNIlWHhAhSv+XAuDdfV+o1KoOrHV3j0vuEfz8qCJqpvZ6f7lJINIAJPqb

D21RlOxU3aLbOL6yxfeW4IROv/7lPwIDAQABAoICABfjr4tNvvjbb9xV60pmCMK6

yYb5GUC1ypCnm6Sl2bTCjXgF55kcNWakJFIIKdVEaDml+1KXcYx9SeTR2OpSkaO8

RCCvhoOUDpyfrcsuR0um1cnfm5UG4dLvZDxAvoztRBEhl5NIFnxBYyFbEdH+4N9F

pOvxHdpNZdlEAFN5ZCJ5F8aCzMgAICRMysC1Cl2ADdmIKTwJd0/f7qeytEACbwsX

S5kk3jETyrRoUPlARayB0yXY2Lr6s7PYrtiO/WlP7ArFzbkzYSlPbTGKdqbvhOeF

G7McP6Txxt10FL4s/eapHLsEkfSzUdwTdUmS88qYyUsJtmq6jIezekOOtBV7dObE

5J4VXWvRbXOkyAc+qLdFnxPjocwz0aWitER9mFImJTyDR5B0efuYPD1AMb7NXiMS

HkhIiSsMrbKD1Igz+p9+xS5XuA9TZim/fWZu/+FJk1u1H1RvQkaN0cApv0pB8Js1

orgLmMUewNk06Z8WJH1BtQOnzDi0cbbcNJohrFPZp5S1dxy8Vm0d0iqihlpjXvIs

XeOiojs4e+kAntOHWtJg+a3bWQxBNLKx7aTiXCKsPV+AQaBXi6YWwFfM+Z3L1nMK

8uGtFqu+E09rUs7TgT0wCbdI93St4XE/k0HOiBM73cmGILhrBJnIPPEvvXHbpujs

rFl+2aNdzu3Ytl8UFPgBAoIBAQDvkndI2F4cAVf6ngR04adrTWcCRy4VNVYLCjW/

Bavo0ARE8VCaZJmWZs1O5KD87z5SVsyPLKVizXI4CTz7wyctqgx6I97DIZi3K431

eqrUZT0wndNhA3Vr4mA9xTwknkEHsRfkljyN+9nkBY5+RU//XUUsY/RWxRP7Fdlk

BbXHrpaKP/2peD3fTezyztXqYYzOv5AnMrEiHzPXLy2x/0/XQWOYiS6+TEyOYz4k

/pmyayeCRyUyFq++bscHCnTs3OKtVulhs+wIbCFX6W6Va4D14YhJ91FT38Ap6vVq

Md1jSYmuLTYH8KxXSxfWI2REVU2rIdh8OCSO41saCU4MZ+JvAoIBAQDjTzv22QF/

aymVP+qxuH8a4se4LB0lRxy+Zabt6op4QJnMlddYbgjIWGfN00bjlmf2sA3uwroU

apmcnoH6vxxb08utyikZbLiksuKVs9P+nnCxYNMjnSazZKUxqDM0XFlCrm+B4Uon

dc7oP2ZyHHyOzL/DuHf/r9KD6PuTnTZeSfMJuBQliFBC7Whmkzh8/ir7UcDG01I1

KAFhMlYvCp4StW5F0sfFlcbk/RVuLapphhtaoIDxVBIQZE+oA+L2EHFHjCRjlTj9

maskNfeXQXz5QZeLKaPSBuwzmcWCmsk7Ss4tks2uIbeH4vD5Vh1qcQaEIRMK4txs

+1dV6pe2O1IxAoIBACQtwTfN/QBLr6aYQGIKRcctjDXK3Am14UWPiChNyfVBnLNw

odR/Braw1aZpXmp0ErxKgV/JxTwTfIE72+rFQOBjgrjbO+PJ6g8XU7vTh4LFuyTh

YK+Q3yWorRIG/BsnjviDZPFPQtvKQdBuimNFQlx1EGIwwhBseKT9WrQBLL93/SHp

ofv6vZVAZl0QoTtg+eurADD7NcbKYYDIjiUIQl1mcYzygo2YZiNGl3bsv/cyuWey

KMrUpDuk7QeCK8AtZ0n4CwyHKEjpU2u8Q8fq0THQmk1ZPP3ml1V9NwyPdThuPY2B

JFy0msIgA/yBob20CCOk29V+gP7XFMXsy82Rzp8CggEBAJOQT3w7ekZumgsi+Egx

XopkqIT+Vllp5dYQhaKz/Pp97ZoruCXXIOp2wcSToNSEQq+ZsSHL1iME5P4QxI60

XEOcpgAHWlEADIoW+xN2L2x/DOeJ1Oes0H/rGXa4G62lOekY9piZWZtuVkjdR7NS

nOXTM7ZqXbRmPsKVkCRPDgl99kHb93A6Iuif2IOmlShHlD2c4AnzC84oT2T62Yom

WWIJ2DGJ2ViCmCD1z2C8UoG4pq9ZvPttuWBczn1jMIbPO8rXxpPDPsEbbkfOpRHT

WL8zfp7ABHKHPfVtoRPdSj+sm1ZolA+0IcIcaJVk+ymrgDBsjEEn7zLso9DJv310

2zECggEBAMwjPUkvUeJ/VSrUVagGYYo/kGEF+KxWmPC/zWOieyBkeqfvBAHXQpsx

xorXXrvznA7lNU+qQwV0UBAegHgGkyG+0hgsjYI5SIEosYyGykpkimy5te1qjnqa

FDxk7fNd2kH0NeBPSNS8djCNPLim5ChV+8RB6inNVvoExSapCkiGK676bUaky7on

tlplKLHRNRaHGjhIM1Q/OW2g8DEyW0m9xEFpifp/PfUXjsOhrTj4Pe8HR7C4VJ+o

vNg7DE9XLaRvqnvyR39XVmTyU2XuKpI93obNV7ZbwXU4Q7VkEppXqfvWonNz3AvD

4kTonFwL4S+rwXT1S6a1iUqT2jjs6QE=

-----END PRIVATE KEY-----

</key>



Suggested third party software:

WINDOWS Update assistant (To keep WINDOWS up to date)

WINDOWS Media creation tool (To prevent piracy)

DIRECTX 11 Full setup (To start most games)

WINDOWS 8.1 Asssesment and deployment kit (To cure errors)

ONEDRIVE (Cloud storage)

FREEOFFICE 2018 (Perfect MICROSOFT OFFICE alternative)

GLDIRECT (To increase performance and keep quality every way)

VMWARE Workstation player, VBOX or THINCAST (For virtual machine) (Bcdedit /set {default} hypervisorlaunchtype Off)

DR.WEB CUREIT (Can prevent applications from using low-level direct hard drive access and clean most viruses)

SPYBOY search and destroy (Immunize your system)

TCPOPTIMIZER (Use windows default settings. You can refresh your winsocks and TCP/IP. With network bridge configuration and TCPOPTIMIZER network speed can go up to 100mbps plus for download and upload for slow, infested, bugged networks as 10-20mbps after using TWEAKBIT PCREPAIRKIT internet optimizer and all windows updates. Use this against TWEAKBIT PCREPAIRKIT to disable changing TCP window size automatically)

TEAMVIEWER (To replace remote desktop protocols, remote managements, remote logons, please disable teamviewer service and set logon to Guest every way after installation)

PROCESS LASSO (Set ProcessorGovernor.exe to real time and TClient.exe to high which is THINCAST workstation client and system executables as windows exploit protection has to lowest with throttling for defense or import "PROCESSLASSO.INI" and create or use power saver plan everytime you go away from computer. If used as defense digital mechanism, may degradate performance)

NETLIMITER (You can manage your network. Can create block rules which are not advised for usage. Critical 100 % / 100 % adaptive, high 100 %, normal 100 % priorities are suggested and critical priority on top objects Computer/Network/Internet/Local Network)

ASTRILL VPN (Not only a company, but a corporation. Best VPN provider. Within web astrill.com generate OpenVPN certificate and download all files or use Astrill VPN software. Please pay for subscription of astrill and share OpenVPN software adapter connection with network bridge and enter your routers or and modems local IPv4 as second address besides 192.168.137.1 in network bridge (192.168.1.221 is recommended). You can use empty adapter without IPv4 or IPv6 enabled for sharing with network bridge. Set one and only preffered DNS - your local address or any address, but leave name resolution policy with same DNS. This will secure your adapter. It is recommended to disable IPV6 and location services because most places they do not wear every way and incapable of setting security. Set network bridge metric to 1)

OPENVPN Community (Free OPENVPN software. Please use our OVPN format files)

SOFTETHER VPN (SOFTETHER VPN Software. Do not disable NAT / do not use pure TCP. Do not disable UDP acceleration. Use 32 connections. Set each TCP timeout to 1 second)

INTEL EXTREME TUNING UTILITY (If you are using Intel hardware. May only slow down some intel systems)

VISUAL STUDIO COMMUNITY (Install all run-times, intel performance, debuggers, communications)

HWINFO (To monitor system temperature and perhaps you can even lower it by adjusting fan speed, install its driver as persistent)

7-ZIP (Archive software)

CCproxy (If you can open your own ports and have dedicated internet protocol address. Suggested is going behind your own public address proxy on any of 443, 8443, 995, 993, 465, 587, 25 port. You can also not port forward and connect to your local address which looks like this 192.168.1.1-253, but then you won't be able to connect from VPN server to web if you connect to VPN. If you host web on your machine, this can completely protect from DDoS attacks. Or use VPN local address on host and as your proxy which can be found by ipconfig /all command prompt command says IPv4 address without opening ports. Ports would still appear open if they are. Sadly you cannot select which local addresses to bypass in internet options. Enter local address for proxy at internet options and add * to "do not use proxy for addresses beginning with" if you do not want or can't use proxy. You can't use hosted DNS on host machine.)

TWEAKBIT PCREPAIRKIT (A pretty software to fix unlogical errors caused by unsensitive bugs)

COMODO Internet security (Most powerful and flexible security software available to public)


Dangerous third party software:

COMODO Internet security (Disable direct disk, direct keyboard, memory, DNS/RPC, monitor access to all applications adding ?:\* to HIPS. Enable disk access or keyboard for certain applications separately in file groups management for example explorer.exe needs monitor access. Set the weak password for COMODO application. Set untrusted sandbox and isolated HIPS on WIN32K, RPC, ADV dll files in system32 directory. Add dllhost.exe, rundll32.exe, "Operating system" PID 0, audiodg.exe, ctfmon.exe if applicable, services.exe, dwm.exe, svchost.exe, runtimebroker.exe, dashost.exe, taskhostw.exe, conhost.exe, applicationframehost.exe, shellexperiencehost.exe, searchindexer.exe, wmiprvse.exe, tcpsvcs.exe as restricted and untrusted in containment. Ntoskrnl.exe - virtualize and also restricted as untrusted the ntoskrnl.exe not virtualized with smss.exe, csrss.exe. Or import "COMODO ENTIREALL.cfgx".)

BITDEFENDER

AVAST

BEETHINK Ddos protection (and all other ddos protection software)

10KHITS exchanger (and all other traffic exchange software)

Many registry and junk file cleaning softwares and speed boost softwares for example as "IOLO SYSTEM MECHANICS" or specifically hard drive optimization softwares that prevent fragments

Many games, but you're well protected


Don't wonder if your computer performance increases by 50-400 percent

That's all. Current amount of denied authentication requests 313014323622/313014323622