Basic Security somename Security Config 2021

Last updated
Jul 25, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
N/A
Real-time security
Microsoft Defender configure with group policy
Firewall security
About custom security
Firewall:
-block all incoming connections
-Hard_Configurator lists

Bitlocker setup on all drives with passphrases+tpm
Hard_Configurator recommended setup without default deny policy
core isolation, secure boot
bcdedit /set nx alwayson
print service disabled
swap disabled

(following config descriptions are from securitynigthmares config)
  • Data Execution Prevention (DEP) enforced to AlwaysOn
  • Microsoft Defender runs in a sandbox (AppContainer)
  • Windows Explorer:
    • Hidden files and folders - Show hidden files: activated
    • Hide extensions for known file types: deactivated
  • Windows Security -> App & Browser control -> Exploit-Protection -> Enable Random Arrangement for Images (Mandatory ASLR) enabled
  • Windows Updates -> Settings -> Downloads from other PCs deactivated
  • removed the following optional Windows features:
    • Internet Explorer 11
    • Internet Printing Service (under Print and Document Services)
    • Maths recognition
    • Microsoft Remote Help
    • OpenSSH Client
    • Paint 3D
    • SMB Direct
    • Windows Fax and Scan
    • Windows Hello Face Recognition
    • Windows Media Player
    • Windows PowerShell Integrated Scripting Environment
    • Working folder client
Periodic malware scanners
standard windows intervalls
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
edge mostly using wdag,
duckduckgo,
no addons, except sometimes ublock in wdag for watching youtube
Secure DNS
none (edited)
Desktop VPN
nordvpn for file sharing (would rather get mullvad)
Password manager
KeepassXC
Maintenance tools
win 10 disk cleanup
File and Photo backup
copy and paste (ctrl+c/v)
System recovery
windows internal one
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Downloading software and files from reputable sites
    • Sharing and receiving files and torrents
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Ryzen 5 3600
AMD RX 5700
MSI B450M Mortar Max
48GB 3200mhz Ram
few nvme/sata ssds
What I'm looking for?

Looking for medium feedback.

somename

New Member
Thread author
Jul 16, 2021
5
This is a quite insecure windows setup for gaming, filesharing and media consumption/creation, although I would like for it to become better in the future.
This setup will never reach good security, because of filesharing and light gaming, but it's not handling important personal data/transactions.
Work in progress, happy about feedback.

credits/thanks go to anupritaisno1, beerisgood-win10hardening, andy ful and more
 
Last edited:

somename

New Member
Thread author
Jul 16, 2021
5
Yes, 48 gigs of ram (2x16 + 2x8, same specs/manufacturer/name otherwise). I was running QubesOS previously. I don't have control over the router. I think of the network as hostile/compromised, so I don't care about not having control over the router.
 
Last edited:

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,897
Periodic security scanners: You may add here some 3rd party tools such as EmsiSoft E. Kit, HitManPro...

Personal Files & Photos backup: You may use cloud services

Device recovery & backup: You may add here a full system back solution such as Macrium Reflect / AOMEI Backupper
 

somename

New Member
Thread author
Jul 16, 2021
5
48 gigs, wow, why so much?
Ram is cheap these days and I was using QubesOS before switching to Windows. When I built this pc, ram was expensive, so I went for 16gigs and added more later. Otherwise I would've gotten 32gb right away.
I am thinking about upgrading to Ryzen 3 for hardware shadow stack as well, but then I should probably invest some time into finding a decent motherboard. I'll proly wait.

Thanks for all the input (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top