It's not as good as an actual virtual machine though, because Sandbox does share some resources with your main Windows install in a way that could potentially have exploitable leaks.
9:15 Enabling memory integrity makes VirtualBox’s performance tank. I was going through my settings one day and enabled it. A month later when I wanted to use VirtualBox again, I was confused as to why its performance was so bad. Figuring it out was not easy.
The Exploit Protection at 2:26 is for using the internal Windows Defender antivirus. If that is disabled, those settings will not work. If you're using a separate antivirus, this is irrelevant, and will be controlled by the separate antivirus, and will disable Windows Defender. Same goes for Application Guard at 5:33 and Reputation Based Protection at 7:30.
Well,I personally think that disabling a few of them won't break your machine, I also disabled some of them and my laptop runs fine,also if you want you can change the startup type of many services to manual
@@alexandreman8601 No without bitlocker anyone on the network can read the data of your harddrive. Furthermore if your laptop gets stolen they can read the data of your harddrive as well by plugging it in to there pc. Bitlocker blocks those 2 things.
Important note for Core Isolation > Memory Integrity, If your PC isn't powerful enough, better balance your needs as it could slow your computer down. To be fair, I'm running my Windows on VM so it is so noticeable.
Hyper-V does not have to be enabled to use Windows Sandbox. However, virtualization does need to be enabled. Virtualization is usually disabled by default in the bios settings of most motherboard manufacturers. You can check if virtualization is enabled on your computer by opening the Task Manager, clicking on the Performance tab, and clicking on CPU. On the bottom right, it should say “Virtualization: “ and “Enabled” or “Disabled.”
There absolutely is a thing as too much security ... when it becomes so cumbersome that you actively avoid it or cannot function in a reasonable manner then that is too much security.
Also, if it's so much security that it compromises your privacy. I chose Windows Defender as the security software on my new PC because of privacy, actually, because it's less likely MS is gathering much info from their AV when they already gather info from other places on the OS.
@@jakobfel2 Defender sends to M$ the name of every domain you visit in any browser, and the hash and filename of every binary you launch. With Defender off, OS itself does not do that.
@@BarafuAlbino If you have automatic sample submission on, yes. MS is already getting that info through other means in the OS. I'd rather not give my data to other corpos more than I have to.
I would suggest encrypting your desktop with Bitlocker. It's no more intrusive than doing the same on your laptop. And, yes someone could break in your home to steal your desktop. Less likely, but possible. However, what's being missed here is the day you have to replace your hard drive or you sell your desktop. With full disk encryption enabled, the data is not retrievable if the disk is removed and opened on another computer or if you clear the TPM (security chip) on the desktop. Simply formatting the disk is not enough to secure the data on an unencrypted disk. But with full disk encryption, all you have to do is throw away the key and the data is no more meaningful than random junk data. That's the easiest, fastest, and most secure way to decommission old hardware (aside large shredders and acid baths).
If your motherboard dies, you're also potentially screwed, if you lose your Bitlocker key. The problem with Bitlocker, is you're at risk of being locked out of your own data due to hardware failure. Unless you have sensitive data you're taking out of your home to a public setting, there's not reason to use it. As for disposing of drive, there are many utilities, including some that are free, which will do military grade erasures. You could also take a power drill and drive holes in the drive before you dispose of it.
@@disgustedluigi So you're saying you're encrypting your working drive, but not your, presumably external, backup drives? Then what's the point of encrypting anything?
@@wildbill4496 what are you talking about, you can encrypt your backups too you know. And not just with Bitlocker. A lot of DAS or NAS devices (both retail or open source DIY) have their own robust encryption and data security methods. Plus if you keep them in, say, a locked networking closet in an enclosed rack you get the added physical security as well.
@@disgustedluigi Yeah let's tell every computer owner to go out and put a safe in their house to lock up their backup drives. LOL. The problem is the same with backup drives. If you lose your encryption key and your hardware fails you are still screwed with Bitlocker. The vast majority of home consumers do not need to encrypt their drives, if they secure their home network, and encrypting their drives actually adds another potential point for data loss. Now if you have a laptop you are frequently traveling with, then yes it would be a good idea to encrypt those drives if they contain sensitive data, but you are beyond paranoid (or probably doing something illegal or living in a bad neighborhood with lots of breakins), if you feel the need to encrypt drives that stay in your home and/or don't take into public settings. Simply put for most home consumers, the risks outweigh the benefits, when it comes to encrypting drives.
Security is a teeter totter with ease of use. If you are completely secure, it's unusable and vice versa. It comes down to a balance of secure enough for everyday usability.
Thank you Theo. Only thing you missed was to turn on System Restore which is not on by default. Be handy if an update breaks an unsupported machine yes.
For the few of you, who are interested in maxing out Windows's Security, check this guide out. It's very hardcore, but high security has a price....unless you run linux of coursr
Thanks for the very nice recommendations! I myself activated additionally to the ones I had the app protection in the windows features and the for the edge the guard one.
2:13 ThioJoe, great rundwon on Windows Sandbox! For those wonderng, while it’s perfect for checking out files you’re unsre about, just a heads up, it’s not ideal for everything. Like, don’t expec to run high-end games or tackle sophistcated viruses in it. But for that extra piece of mind with everyday downloads, it’s pretty neat. ThioJoe’s insights are always on point, and it’s cool to see featurs like this geting highlighted.
I actually have enabled all of these except for Controlled Folder Access as it has so many false positives. Windows 11 in Insiders Builds also has Smart App Control (although it requires a clean install or a reset to work :( ) Edge also can disable JIT for more security (but with worse performance) if you run it normally or in Application Guard by going into Edge Settings (it was formerly known as Super Duper Secure Mode while it was in beta (I am not even kidding that was the name). Finally there are Attack Surface Reduction (ASR) rules which also requires Windows Pro edition that can increase security quite a bit
The warnings you get from Controlled Folder Access are not false positives. That is its literal job, to not allow untrusted apps to access folders. You can just go and whatever you're running to exclusions.
@@heyporange sadly with a lot of updated to even trusted programs it blocks em because of the temp files created. So you would still have to turn it off, update and then reenable
@@heyporange i did and have but it always game me an error as it tried to make a temp file in an “invisible” location (not in a hidden file mind you) and it never allowed it to update. I have a long list of excluded programs and it still caused the issue. So it remains off
@@heyporange I mean I get that but it just constantly blocks apps over and over. Worst part is that some apps just give an error when they are not able to save with no chance to retry. Some installers that save shortcut to Desktop also give errors during install (so I don’t know if the program completely installed just without the shortcut or it is an incomplete install)
Before enabling bitlocker, please be aware that if you are dual booting your machine then it's not a good idea. It might potentially corrupt the whole boot partition and you'd most likely have to reinstall windows.
Also you need to enable Virtualization in BIOS for Hyper Visor and Sandbox to be selectable in the first place. This is kina awkward since on Ryzen having Virtualization enabled seems to interfere with using Ryzen Master for some odd reason and only let you run it. But if you're not overclocking then who cares? Also keep in mind Win10 calls it "Hyper-V," and "Hyper Visor" in Win11 in the list of Windows Features, but they are exactly the same thing. You can enable Hyper Visor with Virtualization disabled, but you're just installed a client-side app that lets you connect to a hypervisor VM being ran on another PC or server on your network.
Personally, as a dev, i would recommend to disable SmartScreen instead. Most of the time, it is redundant as you can already guess if an app is common or not. It also makes it harder and scarier for users to install smaller apps, and not everyone can afford to pay a very expensive license monthly or yearly. This is just a measure that hurts smaller devs a little while it is pretty much useless against malwares anyways. If you're developing in compiled languages, it can also be very annoying to allow your own compiled app to run each time.
@ThioJoe, is it me or does the Airline Pilot Kelsey from "74 Gear" youtube channel have very similar mannerism to yours. I couldnt put my finger on it but i always had a feeling that he was reminding me of someone, and recently i realised it was Thio. Anyone else thinks so?
For Windows Sandbox you haven't to activate the Hypervisor Platform, but "Hyper-V" (virtualization service), and to activate Hyper-V you gotta go in BIOS and make sure the virtualization is supported by CPU and motherboard and activated ;-D
The ONLY security I absolutely NEED: Preventing Microshaft's system destroyer updates! All my software wiped, all software certifications gone, and none of my sites recognized me. Took me 4 days to resume working! That was on a latest model Asus Zenbook. that perfectly until the update.
Great features! I have not know about all of them! BTW - Windows PIN instead of simple password should be mentioned here. Bitlocker for all Windows devices (not laptops only) is definitely a right thing to make use of.
Most people don't have Pro. I'm still using Windows 10, due to the plethora of negative remarks I've seen, pertaining to Windows 11. I'd like to make a friendly and helpful suggestion that you pitch this for Windows Home users and be a little more Windows 10 savvy. It doesn't inspire confidence when you are continually saying that you're "not sure: about features in Windows 10. You're a TH-cam presenter. If you're not sure, research it first. I hope you take on board these suggestions as constructive criticism, not admonishment. We all appreciate the efforts you've gone to but things must be relevant to "The great unwashed".
Excellent work and video! Too bad these features aren't on by default. Thanks for sharing
2 ปีที่แล้ว +1
Hey Joe. can you talk about the products of Hak5? They make normal looking USB or lightning cables that have a built in keylogger, can exectue scripts on a device, have a built in wireless access point to controll the cable from the far and many more features. A cable costs between 40 and 160 USD, which is dirt cheap for such a tool. Would you please show such a product and teach the people about how increadibly dangerous it can be, to put in a random usb cable into a device. Most people probably don't think that a USB cable they found somewhere can be extremely dangerous.
Bitlocker is the bane of a repair technician. Customers never remember their microsoft logins. :( Still the only windows security measure that actually protects your data. Passwords don't mean a thing.
These features are probably good for security, but they also affect performance, especially perceived latency when opening files and programs. I don't care about security on my gaming computer and i want it to feel fast, so I disable Microsoft Defender altogether.
for those are using AMD custom resolution before enabling the "Windows-Sandbox" just in case because for some reason when i had the custom AMD Resolution on after i enabled the windows sandbox my display was messed up for example the display was offscreen somewhat but after i deleted my display and re-created it it was working completely fine now it just needed a refresh. 1. disable your custom resolution first from the "AMD Radeon Software (The Red One)" "Gaming > Display (Custom Resolutions)" 2. then enable "Windows-Sandbox" then restart your computer 3. then once done and logged in go into "AMD Radeon Software(The Red One)" and in the menu "Gaming > Display then under the custom color there should be a (Custom Resolutions)" then re-enable it
I suggested a Windows sandbox. Not sure if I was the only one but I suggested it at least. I was a member of the insider. Not now tho after Windows 11.
Just an FYI to anyone who uses cracked software. Dont turn on the majority of these settings because Windows will erase the activator/cracking software. An easy way to enable security AND have those tools on your machine is to convert your folder into a winrar or winzip archive and add it to MS security exclusions list. I cant tell you how many times I've had to re-download something because windows saw it as a threat. By the way Brave is the best browser in the world!
9:20 If the Core Isolation option is not available in Windows settings despite the hardware being supported, the Virtual Machine in the BIOS is most likely disabled. To enable it, go to the motherboard BIOS and look for "SVM Mode" for AMD and "Intel (VMX) Virtualization Technology" for INTEL Systems.
12:05 controlled folder access is an abandoned feature... windows doesnt even automatically whitelist games from xbox game pass that save files in documents
Although this is a good video, The audience definitely needs to know which version of windows is being spoken about. is it windows 11 student edition or is it ultimate? stuff like that.
Controlled Folder Access coulda been real useful if it allowed modifications of the protected directories Not a good security practice I know, but for people lacking in their backups they could dedicate a library location as their "backup" for important files and let CFA protect it
Hi, thanks for a great video. I tried activating HVCI setting but it reported a list of incompatible driver instead. I searched internet for a solution and found a complete solution. For a driver with a publisher name, run "pnputil -f -d " without angled brackets, in administrator console. For a driver without a publisher name, run autoruns (included in Sysinternals Suite, can be downloaded from Windows Store) in administrator mode, and navigate to driver tab. There you can disable loading certain drivers. Find the incompatible drivers by name in the list from the Security UI. Now that the all incompatible drivers are either removed or inactive, you can try restarting Windows and see if it works.
Also, I have recently upgraded from Windows 11 from Windows 10, and Security UI was not opening. If that's the case, run "Windows PowerShell" in Administrator mode, not the "Powershell" (pscore) or "Windows Terminal". Then, run following line: Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} for some reason running this with gsudo does not work, so you'll have to launch the powershell window in a admin mode.
Pro Tip: use system image software like Acronis True Image and set it up to update a master image of your complete system "on event " I choose startup Get infected NP remove or turn off internet access 1st reboot and install fresh copy of windows 2nd install Acronis ..I was prompted with a message that the software had found an image restore point ( on local disc hopefully you did not wipe to install new copy of windows ...this would be bad ..for redundancy I copy weekly versions of my system image to external thumb nail drive or memory card and set up Acronis to write the back up in 699MB blocks so if I ever felt the need I could make CDRW disc copy's of the system ) and asked if i would like to load from it ? YES I WOULD ... depending on the size of the back up image ( encryption options vary this size) the last time I had to use it 45min later everything was as I had left it ..100% exactly the same every setting in windows every doc, shortcut ....everything and the best part is this is before the infection so no worries of quarantined files ect. I would reset passwords as a extra step just for safe measure Another damming and time saving (before a remote control attack of your system can be used ) option is to shut off ( disable or remove windows features) remote access to your PC through windows features .. those pestkey scammers will have no idea what the hell is going on and why they can not connect remotely to your PC ..this will hopefully make you realize something shady is about to go down and you can terminate the connection ..My favorite method of this is to disable any network adapters not in use by my connection ... So if you are pugged in via ethernet ( hopefully :) -) disable the WIFY at the hardware level through windows .. and if ya think something is weird or you are locked out of your keyboard and mouse I just pull the plug litterly unplug the network ethernet cable and Wi-Fi will not auto connect and hard power down the PC .. I feel this is good for me ( my opinion) and a better trade for system resources with my particular PC builds and usage thus far .. Also I had a psychical HDD fail replaced the hardware and went through the steps for mentioned back up and running in less then 1 hour.. hope this info helps someone protect their data and when used with windows features you should have no problems ... Be safe and stop looking at porn ...that is where ya get PC VD ....
Antimalware Service Executable is the bane of my existence on Windows OS, especially at work where I have less control over it. I get its purpose; however, especially when offline, I just want it to stop interfering in processes, especially when running personally made code. Sometimes, it acts like malware when it take priorty over anything, which both makes sense and infuriating.
6:42 broo plz. Delete egde and defender and app guard. Enable vbs boot ot secure launch with eset internet security its works with secure launch . Windows defender slow pc soo hard :/
Careful with exploit protection! Chances are, if a toggle is disabled by default there's a reason for it. Be weary of issues and worse stability if you don't know much about what each toggle does or what its risks are
Note that you don’t want to install windows sandbox if you’re using other virtual machines. It has compatibility issues with Vmware workstations and probably also with other virtual machines. And what’s the point of having two virtual machines?
1:30 Hi please answer! Would you copy the shortcut of the installed file? Or would you copy the installer file and install & run it in the sandbox? Or did you mean something else completely?
![[#2024MAMA] BIGBANG (빅뱅) - 뱅뱅뱅 (BANG BANG BANG) + FANTASTIC BABY | Mnet 241123 방송](http://i.ytimg.com/vi/EQsYfiPR9uM/mqdefault.jpg)
The windows sandbox is actually really useful! On my machine it actually had Edge installed.
It also was installed into my PC!
It's installed there by default.
@@lucky_lol and what is that? 1:27
It's not as good as an actual virtual machine though, because Sandbox does share some resources with your main Windows install in a way that could potentially have exploitable leaks.
Mine also has Edge installed
9:15 Enabling memory integrity makes VirtualBox’s performance tank. I was going through my settings one day and enabled it. A month later when I wanted to use VirtualBox again, I was confused as to why its performance was so bad. Figuring it out was not easy.
For me VirtualBox just crashes when it's on and you try to start a machine
That could explain why Java uses too much CPU in my machine
Switch to vmware
@@Ivedotwav I'm fairly sure that VMware had similar issues unless they recently updated in in v 16
@@twinssword VMware does perform worse when Hyper-V hypervisor is active, but it is usable.
The Exploit Protection at 2:26 is for using the internal Windows Defender antivirus. If that is disabled, those settings will not work. If you're using a separate antivirus, this is irrelevant, and will be controlled by the separate antivirus, and will disable Windows Defender. Same goes for Application Guard at 5:33 and Reputation Based Protection at 7:30.
What types of services should we stop in the service tab in Windows 10? because many services consume a lot of RAM and CPU.
Idk it's risky to go about disabling services you don't understand
You can disable the Print Spooler if you don't have a printer. I haven't had any repercussions with doing that.
Chris Titus Tech
Well,I personally think that disabling a few of them won't break your machine, I also disabled some of them and my laptop runs fine,also if you want you can change the startup type of many services to manual
@@koosschutter1675 TBH his script doesn't make much difference, I tried it, it's okay but not that great
I'm in favor of dedicated and detailed videos about those features.
Bitlocker is on laptops enabled by default (In the EU), because Microsoft is by EU law required to do everything they can to protect peoples data.
Damn, EU seems to be the only place that actually cares about peoples privacy
bitlocker is so useless
@@alexandreman8601 No without bitlocker anyone on the network can read the data of your harddrive. Furthermore if your laptop gets stolen they can read the data of your harddrive as well by plugging it in to there pc. Bitlocker blocks those 2 things.
@@alexandreman8601 do you know how it works? It's very useful
Microsoft protecting ppl data 😂
Important note for Core Isolation > Memory Integrity, If your PC isn't powerful enough, better balance your needs as it could slow your computer down. To be fair, I'm running my Windows on VM so it is so noticeable.
Hyper-V does not have to be enabled to use Windows Sandbox. However, virtualization does need to be enabled. Virtualization is usually disabled by default in the bios settings of most motherboard manufacturers. You can check if virtualization is enabled on your computer by opening the Task Manager, clicking on the Performance tab, and clicking on CPU. On the bottom right, it should say “Virtualization: “ and “Enabled” or “Disabled.”
There absolutely is a thing as too much security ... when it becomes so cumbersome that you actively avoid it or cannot function in a reasonable manner then that is too much security.
Also, if it's so much security that it compromises your privacy. I chose Windows Defender as the security software on my new PC because of privacy, actually, because it's less likely MS is gathering much info from their AV when they already gather info from other places on the OS.
@@jakobfel2 Defender sends to M$ the name of every domain you visit in any browser, and the hash and filename of every binary you launch. With Defender off, OS itself does not do that.
@@BarafuAlbino If you have automatic sample submission on, yes.
MS is already getting that info through other means in the OS. I'd rather not give my data to other corpos more than I have to.
I would suggest encrypting your desktop with Bitlocker. It's no more intrusive than doing the same on your laptop. And, yes someone could break in your home to steal your desktop. Less likely, but possible. However, what's being missed here is the day you have to replace your hard drive or you sell your desktop. With full disk encryption enabled, the data is not retrievable if the disk is removed and opened on another computer or if you clear the TPM (security chip) on the desktop. Simply formatting the disk is not enough to secure the data on an unencrypted disk. But with full disk encryption, all you have to do is throw away the key and the data is no more meaningful than random junk data. That's the easiest, fastest, and most secure way to decommission old hardware (aside large shredders and acid baths).
If your motherboard dies, you're also potentially screwed, if you lose your Bitlocker key. The problem with Bitlocker, is you're at risk of being locked out of your own data due to hardware failure. Unless you have sensitive data you're taking out of your home to a public setting, there's not reason to use it. As for disposing of drive, there are many utilities, including some that are free, which will do military grade erasures. You could also take a power drill and drive holes in the drive before you dispose of it.
@@wildbill4496 if you’re making proper backups losing your computer shouldn’t be a concern.
@@disgustedluigi So you're saying you're encrypting your working drive, but not your, presumably external, backup drives? Then what's the point of encrypting anything?
@@wildbill4496 what are you talking about, you can encrypt your backups too you know. And not just with Bitlocker. A lot of DAS or NAS devices (both retail or open source DIY) have their own robust encryption and data security methods. Plus if you keep them in, say, a locked networking closet in an enclosed rack you get the added physical security as well.
@@disgustedluigi Yeah let's tell every computer owner to go out and put a safe in their house to lock up their backup drives. LOL. The problem is the same with backup drives. If you lose your encryption key and your hardware fails you are still screwed with Bitlocker. The vast majority of home consumers do not need to encrypt their drives, if they secure their home network, and encrypting their drives actually adds another potential point for data loss. Now if you have a laptop you are frequently traveling with, then yes it would be a good idea to encrypt those drives if they contain sensitive data, but you are beyond paranoid (or probably doing something illegal or living in a bad neighborhood with lots of breakins), if you feel the need to encrypt drives that stay in your home and/or don't take into public settings. Simply put for most home consumers, the risks outweigh the benefits, when it comes to encrypting drives.
Security is a teeter totter with ease of use. If you are completely secure, it's unusable and vice versa. It comes down to a balance of secure enough for everyday usability.
Thank you Theo. Only thing you missed was to turn on System Restore which is not on by default. Be handy if an update breaks an unsupported machine yes.
For the few of you, who are interested in maxing out Windows's Security, check this guide out. It's very hardcore, but high security has a price....unless you run linux of coursr
Thanks for the very nice recommendations!
I myself activated additionally to the ones I had the app protection in the windows features and the for the edge the guard one.
Okay, the Sandbox one alone is godsend. Thanks Thio.
Love this channel ever since you stopped doing satire. Such awesome videos and straight to the point information. Love you Thio! 😁
2:13 ThioJoe, great rundwon on Windows Sandbox! For those wonderng, while it’s perfect for checking out files you’re unsre about, just a heads up, it’s not ideal for everything. Like, don’t expec to run high-end games or tackle sophistcated viruses in it. But for that extra piece of mind with everyday downloads, it’s pretty neat. ThioJoe’s insights are always on point, and it’s cool to see featurs like this geting highlighted.
I actually have enabled all of these except for Controlled Folder Access as it has so many false positives. Windows 11 in Insiders Builds also has Smart App Control (although it requires a clean install or a reset to work :( ) Edge also can disable JIT for more security (but with worse performance) if you run it normally or in Application Guard by going into Edge Settings (it was formerly known as Super Duper Secure Mode while it was in beta (I am not even kidding that was the name). Finally there are Attack Surface Reduction (ASR) rules which also requires Windows Pro edition that can increase security quite a bit
The warnings you get from Controlled Folder Access are not false positives. That is its literal job, to not allow untrusted apps to access folders. You can just go and whatever you're running to exclusions.
@@heyporange sadly with a lot of updated to even trusted programs it blocks em because of the temp files created. So you would still have to turn it off, update and then reenable
@@Damascus_Zeramas You don't have to turn it off. Just add the executable to exclusions.
@@heyporange i did and have but it always game me an error as it tried to make a temp file in an “invisible” location (not in a hidden file mind you) and it never allowed it to update. I have a long list of excluded programs and it still caused the issue. So it remains off
@@heyporange I mean I get that but it just constantly blocks apps over and over. Worst part is that some apps just give an error when they are not able to save with no chance to retry. Some installers that save shortcut to Desktop also give errors during install (so I don’t know if the program completely installed just without the shortcut or it is an incomplete install)
Bitlocker and Windows' Built-In Encryption feature is actually two distinct features, they are not mutually exclusive.
Difference?
How are they different?
My wallpaper now is your "Another Failed Simulation" masterpiece
Noice
You've got some great wall paper, Another Failed Simulation and Fall of Midnight.
Before enabling bitlocker, please be aware that if you are dual booting your machine then it's not a good idea. It might potentially corrupt the whole boot partition and you'd most likely have to reinstall windows.
Also you need to enable Virtualization in BIOS for Hyper Visor and Sandbox to be selectable in the first place.
This is kina awkward since on Ryzen having Virtualization enabled seems to interfere with using Ryzen Master for some odd reason and only let you run it. But if you're not overclocking then who cares? Also keep in mind Win10 calls it "Hyper-V," and "Hyper Visor" in Win11 in the list of Windows Features, but they are exactly the same thing. You can enable Hyper Visor with Virtualization disabled, but you're just installed a client-side app that lets you connect to a hypervisor VM being ran on another PC or server on your network.
Extremely useful video. Thank you
Personally, as a dev, i would recommend to disable SmartScreen instead. Most of the time, it is redundant as you can already guess if an app is common or not.
It also makes it harder and scarier for users to install smaller apps, and not everyone can afford to pay a very expensive license monthly or yearly. This is just a measure that hurts smaller devs a little while it is pretty much useless against malwares anyways.
If you're developing in compiled languages, it can also be very annoying to allow your own compiled app to run each time.
I disable them to get more fps😎
uhh
Hmmm
Yeah gotta make sure that free FPS tweaker download works
@ThioJoe, is it me or does the Airline Pilot Kelsey from "74 Gear" youtube channel have very similar mannerism to yours.
I couldnt put my finger on it but i always had a feeling that he was reminding me of someone, and recently i realised it was Thio.
Anyone else thinks so?
The Most useful channel on TH-cam for explaining new things on our PCs. Thank You!
I completely agree with that
For Windows Sandbox you haven't to activate the Hypervisor Platform, but "Hyper-V" (virtualization service), and to activate Hyper-V you gotta go in BIOS and make sure the virtualization is supported by CPU and motherboard and activated ;-D
The ONLY security I absolutely NEED: Preventing Microshaft's system destroyer updates!
All my software wiped, all software certifications gone, and none of my sites recognized me.
Took me 4 days to resume working! That was on a latest model Asus Zenbook. that perfectly until the update.
Great features! I have not know about all of them! BTW - Windows PIN instead of simple password should be mentioned here. Bitlocker for all Windows devices (not laptops only) is definitely a right thing to make use of.
I make my pin larger than my use to be password. I make them alphanumeric!
Most people don't have Pro. I'm still using Windows 10, due to the plethora of negative remarks I've seen, pertaining to Windows 11.
I'd like to make a friendly and helpful suggestion that you pitch this for Windows Home users and be a little more Windows 10 savvy. It doesn't inspire confidence when you are continually saying that you're "not sure: about features in Windows 10. You're a TH-cam presenter. If you're not sure, research it first. I hope you take on board these suggestions as constructive criticism, not admonishment. We all appreciate the efforts you've gone to but things must be relevant to "The great unwashed".
That Sandbox is awesome.
I'm curious about the impact on speed for applications, especially when it comes to games old and new. And ssd operations.
Thanks ThioJoe! I'm pretty savvy but there's always one or two things I forget about, like the Core Isolation setting.
Excellent work and video! Too bad these features aren't on by default. Thanks for sharing
Hey Joe. can you talk about the products of Hak5?
They make normal looking USB or lightning cables that have a built in keylogger, can exectue scripts on a device, have a built in wireless access point to controll the cable from the far and many more features. A cable costs between 40 and 160 USD, which is dirt cheap for such a tool.
Would you please show such a product and teach the people about how increadibly dangerous it can be, to put in a random usb cable into a device. Most people probably don't think that a USB cable they found somewhere can be extremely dangerous.
Bitlocker is the bane of a repair technician. Customers never remember their microsoft logins. :( Still the only windows security measure that actually protects your data. Passwords don't mean a thing.
The more you know! Knowledge is power! 🧠💪
You should make a list of security tools in descriptionb(and ideally the timestamp where that topic starts)
Your recommendations caused my CPU temperatures to go from the high 40s to the high 90s.
These features are probably good for security, but they also affect performance, especially perceived latency when opening files and programs. I don't care about security on my gaming computer and i want it to feel fast, so I disable Microsoft Defender altogether.
for those are using AMD custom resolution before enabling the "Windows-Sandbox" just in case because for some reason when i had the custom AMD Resolution on after i enabled the windows sandbox my display was messed up for example the display was offscreen somewhat but after i deleted my display and re-created it it was working completely fine now it just needed a refresh.
1. disable your custom resolution first from the "AMD Radeon Software (The Red One)" "Gaming > Display (Custom Resolutions)"
2. then enable "Windows-Sandbox" then restart your computer
3. then once done and logged in go into "AMD Radeon Software(The Red One)" and in the menu "Gaming > Display then under the custom color there should be a (Custom Resolutions)" then re-enable it
this was on a tv btw
Great video as always. I like your Windows 11 theme, is it a custom theme?
I had heard that Windows 11 requires you to use a Microsoft account, but you referred to using a local account in your video. That is good news!
I suggested a Windows sandbox. Not sure if I was the only one but I suggested it at least. I was a member of the insider. Not now tho after Windows 11.
my favorite windows security feature is installing linux /hj
windows sandbox is actually really cool though, had no idea that existed!
Thanks ThioJoe, time to disable all these annoying features now!
Just an FYI to anyone who uses cracked software. Dont turn on the majority of these settings because Windows will erase the activator/cracking software. An easy way to enable security AND have those tools on your machine is to convert your folder into a winrar or winzip archive and add it to MS security exclusions list. I cant tell you how many times I've had to re-download something because windows saw it as a threat. By the way Brave is the best browser in the world!
A great channel with many amazing tips and tricks for your home pc / laptop setup 🥰😇👍
Thank you Joe
Awesome video, what software do you use for your start menu? looks kinda like the windows 10 menu.
Excellent info... Thanks. 😎😎😀😀
Thanks for your sharing
9:20 If the Core Isolation option is not available in Windows settings despite the hardware being supported, the Virtual Machine in the BIOS is most likely disabled. To enable it, go to the motherboard BIOS and look for "SVM Mode" for AMD and "Intel (VMX) Virtualization Technology" for INTEL Systems.
1:26 "If you downloaded a program that you think is kinda suspicious" **types "edge" in the search bar**
12:05 controlled folder access is an abandoned feature... windows doesnt even automatically whitelist games from xbox game pass that save files in documents
Hola Tio, thanks for the tips even though most people don't need them as they have the home versions of malware windows 10 / 11
Awesome tutorial
Although this is a good video,
The audience definitely needs to know which version of windows is being spoken about.
is it windows 11 student edition or is it ultimate?
stuff like that.
Love your videos why don't I get your notifications when I set it
You need to have a CPU that supports VMware (Intel virtualization or AMD) for Windows Sandbox
All (?) modern CPUs support virtualization, but this function is disabled by default. Check your UEFI settings.
thanks Joe!
Thanks! This helped me! ❤️
Sorry my keyboard autocorrect
Good information .Stay safe
Thank you so much!
Windows sandbox needs virtualization techology enabled in bios?
Core Integrity is actually a feature introduced in Windows 11 that I really liked. So, thanks for reminding me to activate it!
Controlled Folder Access coulda been real useful if it allowed modifications of the protected directories
Not a good security practice I know, but for people lacking in their backups they could dedicate a library location as their "backup" for important files and let CFA protect it
Thanks a lot!
Hi, thanks for a great video.
I tried activating HVCI setting but it reported a list of incompatible driver instead.
I searched internet for a solution and found a complete solution.
For a driver with a publisher name, run "pnputil -f -d " without angled brackets, in administrator console.
For a driver without a publisher name, run autoruns (included in Sysinternals Suite, can be downloaded from Windows Store) in administrator mode, and navigate to driver tab. There you can disable loading certain drivers. Find the incompatible drivers by name in the list from the Security UI.
Now that the all incompatible drivers are either removed or inactive, you can try restarting Windows and see if it works.
Also, I have recently upgraded from Windows 11 from Windows 10, and Security UI was not opening.
If that's the case, run "Windows PowerShell" in Administrator mode, not the "Powershell" (pscore) or "Windows Terminal".
Then, run following line:
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
for some reason running this with gsudo does not work, so you'll have to launch the powershell window in a admin mode.
If you have the Home edition you shorten pretty much the process, as the Home version doesn't feature many of these things.
Very helpful.
Pro Tip: use system image software like Acronis True Image and set it up to update a master image of your complete system "on event " I choose startup Get infected NP remove or turn off internet access 1st reboot and install fresh copy of windows 2nd install Acronis ..I was prompted with a message that the software had found an image restore point ( on local disc hopefully you did not wipe to install new copy of windows ...this would be bad ..for redundancy I copy weekly versions of my system image to external thumb nail drive or memory card and set up Acronis to write the back up in 699MB blocks so if I ever felt the need I could make CDRW disc copy's of the system ) and asked if i would like to load from it ? YES I WOULD ... depending on the size of the back up image ( encryption options vary this size) the last time I had to use it 45min later everything was as I had left it ..100% exactly the same every setting in windows every doc, shortcut ....everything and the best part is this is before the infection so no worries of quarantined files ect. I would reset passwords as a extra step just for safe measure Another damming and time saving (before a remote control attack of your system can be used ) option is to shut off ( disable or remove windows features) remote access to your PC through windows features .. those pestkey scammers will have no idea what the hell is going on and why they can not connect remotely to your PC ..this will hopefully make you realize something shady is about to go down and you can terminate the connection ..My favorite method of this is to disable any network adapters not in use by my connection ... So if you are pugged in via ethernet ( hopefully :) -) disable the WIFY at the hardware level through windows .. and if ya think something is weird or you are locked out of your keyboard and mouse I just pull the plug litterly unplug the network ethernet cable and Wi-Fi will not auto connect and hard power down the PC .. I feel this is good for me ( my opinion) and a better trade for system resources with my particular PC builds and usage thus far .. Also I had a psychical HDD fail replaced the hardware and went through the steps for mentioned back up and running in less then 1 hour.. hope this info helps someone protect their data and when used with windows features you should have no problems ... Be safe and stop looking at porn ...that is where ya get PC VD ....
this is going to be great!
Video about turning of windows telemetry in win 11 would be useful
Antimalware Service Executable is the bane of my existence on Windows OS, especially at work where I have less control over it. I get its purpose; however, especially when offline, I just want it to stop interfering in processes, especially when running personally made code. Sometimes, it acts like malware when it take priorty over anything, which both makes sense and infuriating.
6:42 broo plz. Delete egde and defender and app guard. Enable vbs boot ot secure launch with eset internet security its works with secure launch . Windows defender slow pc soo hard :/
Love your videos
Always helps!
Some settings require correct BIOS settings to be enabled.
on win 10 pro 21H1 all exploit protection were all enabled except for image randomization
3:11 Force randomization for images (Mandatory ASLR)
Careful with exploit protection! Chances are, if a toggle is disabled by default there's a reason for it. Be weary of issues and worse stability if you don't know much about what each toggle does or what its risks are
Helpful ! PS: Wallpaper Download link please ?
Hi Theo,
Can you make a video or blog for Windows 10 to Win 11 upgrade, what all backup I need to take, just C: or whole hard drive ?
Thanks!
Yep glad it helped 👍
Hey Joe, really needed this. Anyways. Is Windows Sandbox propperly isolated? I mean,can I destroy it with viruses safely?
I'm also interested in the answer
Note that you don’t want to install windows sandbox if you’re using other virtual machines. It has compatibility issues with Vmware workstations and probably also with other virtual machines. And what’s the point of having two virtual machines?
Enabled all of them except controld folder access because use Bitdefender antivirus and core isolation because have incompatible drivers.
Wasn't there a problem with memory core isolation feature causing games slow down or something?
In 10, its pro only. Mine is grayed out though, but I have every service possible disabled too plus some.
Thank you ThioJoe! Much appreciated 👍
You can activate Core isolation by regedit when it's not suported
Mine windows 10, is greyed option s for Windows Sandbox and Windows Defender Application Guard.
What do you think about sandboxie?
1:30 Hi please answer! Would you copy the shortcut of the installed file? Or would you copy the installer file and install & run it in the sandbox? Or did you mean something else completely?
Joe waiting for ever to see videos about apple silicon macs
When there's an sponsor and he mentions it in the time stamp it says "Very good thing' lol 😂
It's a good feeling being early, isn't it?