Advanced Plus Security Gandalf_The_Grey's Security Config 2021

Last updated
Dec 21, 2021
How it's used?
For home and private use
Operating system
macOS 15 Sequoia
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall security
Microsoft Defender Firewall
About custom security
Microsoft Defender Antivirus
  • ConfigureDefender 3.0.1.0: High settings
  • Simple Windows Hardening 1.0.1.0: Basic Recommended Settings and restrict SMB123
  • DocumentsAntiExploit 2.0.0.0: MS Office ON2
  • Controlled Folder Access: enabled
  • Core Isolation: Memory Integrity enabled
Windows 11 Pro
  • O&O ShutUp10++: almost all recommended settings...
  • O&O AppBuster: uninstalled apps I don't want or need
  • Samsung Magician: Full Performance Mode
  • Bitsum Process Lasso Pro: ProBalance enabled
Foxit PDF Reader
  • Protected View for all files, Safe Reading Mode enabled, JavaScript disabled
Periodic malware scanners
HitmanPro and AdwCleaner (for the kids)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge using Google search with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor as extensions
Secure DNS
From ISP (Ziggo)
Desktop VPN
AdGuard VPN
Password manager
Bitwarden browser extension
Maintenance tools
Autoruns, CCleaner, Disk Cleanup, PrivaZer, PatchMyPC, SUMo and Driver Easy
File and Photo backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
System recovery
Windows system image
Risk factors
    • Working from home
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Requesting and accepting remote access
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Notable changes
2020.12.29 Filled the new fields
2020.12.30 installed Ziggo Safe Online
2021.01.04 back to Microsoft Defender with Hard_Configurator and added SpywareBlaster
2021.01.06 removed SpywareBlaster and went with stronger H_C -setup
2021.02.01 back to simpler setup with ConfigureDefender and Simple Windows hardening. Added Process Lasso
2021.02.08 Filled the new fields, no changes to config
2021.02.12 Microsoft Defender caused problems, back to KSCF and removed Process Lasso
2021.03.03 Update Kaspersky Security Cloud Free to the latest version, removed HitmanPro and enabled Microsoft Defender periodic scanning.
2021.03.28 back to Microsoft Defender Antivirus
2021.04.25 back to Ziggo Safe Online
2021.05.03 back to Microsoft Defender Antivirus
2021.05.07 switched from the uBlock Origin to the AdGuard extension
2021.10.04 back to Ziggo Safe Online and uBlock Origin
2021.10.05 back to the AdGuard extension
2021.10.13 upgraded to Windows 11 and back to uBlock Origin
2021.10.24 back to Microsoft Defender enhanced by DefenderUI Pro
2021.10.26 back to Kaspersky Security Cloud Free and Simple Windows Hardening
2021.11.06 back to Ziggo Safe Online by F-Secure
2021.11.10 removed Simple Windows Hardening and added VoodooShield
2021.11.16 testing DefenderUI Free with the latest Voodooshield beta
2021.11.30 back to Ziggo Safe Online
2021.12.21 optimized system with Samsung Magician and Bitsum Process Lasso Pro and back to Windows built-in security
What I'm looking for?

Looking for maximum feedback.

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
After reading the latest post in Windows 11 - First look I too installed Windows 11 on an unsupported system.
Enjoying the change and the search for (new) settings :D
The only thing I really dislike is the big taskbar.
Tried the reg fixes that are posted on the net, but small looks horrible with cut off icons in the taskbar.
And I changed from AdGuard to uBlock Origin again, both are great, I just like uBO more.
Just don't follow Mr. Hill on Twitter...
Congrats man
 

carl fish

Level 7
Verified
Mar 6, 2012
333
After reading the latest post in Windows 11 - First look I too installed Windows 11 on an unsupported system.
Enjoying the change and the search for (new) settings :D
The only thing I really dislike is the big taskbar.
Tried the reg fixes that are posted on the net, but small looks horrible with cut off icons in the taskbar.
And I changed from AdGuard to uBlock Origin again, both are great, I just like uBO more.
Just don't follow Mr. Hill on Twitter...
I don't mind personally that the taskbar is bigger but microsoft should allow you to resize it if you want and the fact that drag and drop, options to move it to different sides of the screen is really bad, I hope they decide to put these options back in through an update at some stage.
 
Last edited:

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Had serious issues with Microsoft Excel not responding when using Ziggo Safe Online by F-Secure 18.0, so back to Microsoft Defender Antivirus enhanced by DefenderUI Pro.
That solved my Excel problems (y)
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
I used the script made by AveYo to update my unsupported laptop to Windows 11:
The name of the script has changed recently, so the direct link may not work anymore in the future.

A how-to is published by Tom's Hardware:
How to Bypass Windows 11's TPM Requirement
1. Navigate to the Github page for Aveyo's open-source Universal MediaCreationTool You actually don't need the whole tool, just the script for skipping TPM checks.
2. Scroll down to "Skip_TPM_Check_on_Dynamic_Update_v2.cmd"
3. Select and copy all the code for that file only.
4. Open Notepad and paste the code into it.
5. Save the file as disable-tpm-check.cmd to your desktop.
6. Double click the file to run it.
7. Click Yes when asked whether to allow Windows PowerShell to make changes to your device
You'll see PowerShell open with the note "Skip TPM Check on Dynamic Update [Installed]." Note that if you run it again, it will re-enable TPM check.
After this, if you are in the Insider Program, Windows update will start downloading Windows 11 and install it. If you are already running Windows 11 and have been denied an update, that will download.
If you are not in the Insider program, you can upgrade to the new OS by downloading a Windows 11 ISO file, writing it to a USB drive or optical disc and running the setup.exe file from within Windows 10.
How to Bypass Windows 11's TPM Requirement and Upgrade from Windows 10
 
Last edited:

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Hi @Dave Russo , for us the problem was that we need a stable and good wifi network when I and my kids were working/schooling from home during lockdown.
We had connection problems in the house with our provider (Ziggo) provided cable modem (Connect Box).
An option is to let the provider set it in bridge mode and use your own router.
I bought a TP-Link Archer AX6000 router for 269 euros including 21% VAT and the wifi situation is a lot better now.
We have no problems anymore when all three of us are using Teams and other software. for work and school at the same time on different floors of the house.
A bonus is that that router comes with a free HomeCare by Trend Micro subscription, so we have another layer of protection for all devices connected with the internet.
In conclusion it is not that important, but it solved an issue for us.
If the cable modem/router of my provider worked as good, I would never have bought a third-party router.
I'm no network expert but setting it up was not that difficult.
 

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,129
Hi again. Gandalf _The_Grey, I see you kept Spy Blaster for maybe 2 days then upgraded HC and. Got rid of it,the going back to simpler setup/windows hardening,then adding process Lasso. What I would like to know if possible did you find Spy Blaster (a mute point?) and is Process Lasso been a plus(configured or default?) Thank you Dave Russo
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
I didn't find a real use of SpywareBlaster, it was really useful when Internet Explorer was everybody's browser.
Multi-Angle Protection
  • Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
  • Block spying / tracking via cookies.
  • Restrict the actions of potentially unwanted or dangerous web sites.
ActiveX is only for Internet Explorer
Spying and tracking via cookies is dealt with by bocking third-party cookies and a good adblocker.
Google Safe Browsing or Microsoft SmartScreen blocks unwanted and dangerous websites together with your favorite AV.

Process Lasso is a difficult subject, I have an active license but if it is needed is doubtful on a reasonably powerful computer.

I switch a lot of times my setup when testing new software and I'm trying to find the best combination for my hardware and my family.
On my shortlist I have three av's that I like: Microsoft Defender, F-Secure Safe (in the form of Ziggo Safe Online) and Kaspersky Security Cloud Free.
I combine them with H_C, SWH or VoodooShield and lately I tested DefenderUI Pro.
@Andy Ful and @danb both make wonderful software.
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
And another Excel freeze :mad:
But found a probable cause: Core Isolation.

After installing Kaspersky Security Cloud Free it is recommended to turn of Core Isolation:
Turning Core Isolation off solved (hopefully) my Excel problems permanently... if not, I will let everybody know :D

Found more info on potential problems with Core Isolation and Virtualization-based Security on Windows 11 in this article:
In addition to AMD, benchmarking company UL Procyon has confirmed that a feature in Windows 11 called “Virtualization-based Security (VBS)”, which is now enabled by default, causes performance to drop. As a result, benchmark scores may be slightly lower when benchmarking Windows 11 version 21H2 with VBS enabled.
And that could be the reason for Microsoft to call my laptop an unsupported device...
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Now that my ISP finally released version 18.1 of Ziggo Safe Online (a rebrand of F-Secure Safe), which is officially Windows 11 compatible, I went back to Ziggo Safe Online. For added security I use Simple Windows Hardening by @Andy Ful and for added privacy I use O&O ShutUp10++.
Learned my lesson and will keep Core Isolation off on this laptop that doesn't meet all Windows 11 hardware requirements, it doesn't have a TPM chip.
 
F

ForgottenSeer 92963

@Gandalf_The_Grey Are you running VS alongside Ziggo Safe Online?

I understood* that when running a vanilla Microsoft setup (Office/Edge) Microsoft Defender with ConfigureDefender and SimpleWindowsHardening provide top notch securty. @Gandalf_The_Grey Is it the fun to try out other setups or the need to have better than standard security protection, which makes you try alternative security setups?

* @Andy Ful I have seen you posting about SWH and CD protecting against some in the wild malware. Is above statement still valid (MD with your tools is top notch protection on typical M$ setup)?
 
Last edited by a moderator:

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
@Gandalf_The_Grey Are you running VS alongside Ziggo Safe Online?

I understood* that when running a vanilla Microsoft setup (Office/Edge) Microsoft Defender with ConfigureDefender and SimpleWindowsHardening provide top notch securty. @Gandalf_The_Grey Is it the fun to try out other setups or the need to have better than standard security protection, which makes you try alternative security setups?

* @Andy Ful I have seen you posting about SWH and CD protecting against some in the wild malware. Is above statement still valid (MD with your tools is top notch protection on typical M$ setup)?
@Kees1958 Yes, I'm running Ziggo Safe Online together with VoodooShield.
I'm still trying different setups to find the best combo for me and my family.
It's always nice to try new things and stay up to date with the latest developments.

The main reason to use Ziggo Safe Online instead of Microsoft Defender is speed.
My laptop feels much snappier with Ziggo Safe Online.

The main reason to use VoodooShield instead of Simple Windows Hardening or Hard_Configurator is that you get a popup when there is a block.
With SW or H_C you must go to the logs to find out what's blocked and whitelist it if needed.
That's fine for me, but less ideal for my family members.
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
Maybe I will give ziggo safe online a go then. With my previous cpu ziggo felt slower than defender. Thx
It is much better in the 18.1 update.
Changelog posted here for F-Secure Safe 18.1 by @upnorth :
Most important part:
All user interfaces now with .NET technology
  • All user interfaces have been converted to .NET technology.
  • The change has been implemented, as the old user interface needed to be loaded into memory after restart, affecting the computer performance. It was also always running in the background, consuming memory and a little bit of CPU. The new .NET-based user interface now loads into the memory only when needed, resulting in less resource usage while the product still protects you in the background.
 

Gandalf_The_Grey

Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
I used the script made by AveYo to update my unsupported laptop to Windows 11:
The name of the script has changed recently, so the direct link may not work anymore in the future.

A how-to is published by Tom's Hardware:

How to Bypass Windows 11's TPM Requirement and Upgrade from Windows 10
The script is not there anymore 😞
With the last two unsupported devices I did an upgrade using the Windows11Upgrade tool from here:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top