Advanced Plus Security ARandomBloke's day-to-day laptop config 2020

Last updated
Nov 25, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
ConfigureDefender High setting
Hard_Configurator 'recommended settings'
Windows Firewall Control
Quad9 DNS on router

Disable Macros, Add-ins etc - set in all Office products for each user
Periodic malware scanners
Emsisoft Emergency Kit
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Browser = Edge Chromium
Add-ons:
uBlock Origin in "Lazy Medium" mode (Medium mode plus add NOOP exception for some Top Level Domains)
Bitdefender TrafficLight
Bitwarden
Maintenance tools
None
File and Photo backup
OneDrive
Monthly backup to external USB (kept disconnected)
System recovery
System image with Macrium Reflect
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Working from home
    • Streaming audio/video content from shady sites
Computer specs
Older Surface laptop
i7-7600U CPU
GPU inbuilt
16G RAM (not sure on type)
256 GB SSD
Notable changes
25/11/2020- Added Quad9 DNS to router after seeing discussion of third party DNS
21/11/2020b - Changed ConfigureDefender from MAX to High setting
21/11/2020 - Uninstalled Tinywall and installed Windows Firewall Control
20/11/2020 - Installed Tiny Wall
19/11/2020 - Configured uBlock in Medium mode with some NOOP commands. Uninstalled noScript, HTTPS everywhere, Privacy Badger extensions
19/11/2020 - Installed Macrium Reflect for system backup, Bitwarden for password management
Nov 2020 - Installed Hard_Configurator. Applied H_C recommended, ConfigureDefender MAX and firewall settings for H_C users

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
@rndmblk:

In Backup and RollBack, You may add a full Image System BackUp solution: Macrium Reflect Free or AOEMI Backupper, both are free and reliable.

A PassWord Manager would be welcome also.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
While all those extension are great: noScript, HTTPS everywhere, Privacy Badger, Bitdefender Trafficlight.
You could loose some if you invest time in the blocking modes of uBlock Origin:
 

rndmblk

Level 3
Thread author
Nov 18, 2020
94
@rndmblk:

In Backup and RollBack, You may add a full Image System BackUp solution: Macrium Reflect Free or AOEMI Backupper, both are free and reliable.

A PassWord Manager would be welcome also.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
Thanks @harlan4096. I've implemented both suggestions with Macrium Reflect Free for system backup and Bitwarden as Password Manager.

While all those extension are great: noScript, HTTPS everywhere, Privacy Badger, Bitdefender Trafficlight.
You could loose some if you invest time in the blocking modes of uBlock Origin:
Thanks @Gandalf_The_Grey - I'll have a look through both links. Reducing the number of extensions while maintaining protection sounds good.

Nice to see another Windows internal security build (y)

With Edge you can also take a look at my guide for isolate your surfing against shopping: Edge - Chromium-Edge "3-Browser-Profiles" Solution
This will increase your privacy and also can use better hardening in default profile without loosing comfort in banking profile :cool:
Thanks @security123 - I'll read through your guide
 

rndmblk

Level 3
Thread author
Nov 18, 2020
94
After reading about uBlock medium mode and some of the configs others are using I enabled uBlock Medium with NOOP filters for the main 'English speaking' TLDs. I removed noScript, HTTPS everywhere and Privacy Badger as I believe most of the functionality may be in uBlock Medium mode.

I'll see how the recent changes go with a mind to creating different Edge profiles. Don't want to introduce too many changes at once :)
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Extensions:
- definitely keep Bitdefender Trafficlight, fantastic browser addon for security, even works seamlessly when using DDG search engine
- done the correct thing removing them 3 for uBlock in Medium Mode

Firewall:
- think about applying a better way to control Windows Fw, off the bat if you don't know how to configure it's like cellophane wrapped on your computer, if you like notifications I would suggest using Malwarebytes Windows Firewall Control, or straight forward setup and forget w/out notifications is Tinywall, but make sure you setup the "Change mode" to Autolearn first (providing you know your computer is clean) and open up all important software that you use on a daily/monthly basis, or you will encounter problems

VPN (optional):
- for free feel free to use ProtonVPN or Windscribe, pros and cons are debated on both xD

PW Manager:
- Bitwarden, only one to recommend and its 100% FREE

Backup:
- I certainly can't hesitate enough to have more than one way to backup, you have cloud covered, maybe add something like Macrium Reflect as previous stated in other comments to backup straight to a HD or other removal drive

Everything else to me looks covered.

~LDogg
 

rndmblk

Level 3
Thread author
Nov 18, 2020
94
Thanks @LDogg

Firewall - I'll have a look at both of your suggestions. My initial gut feel is that 'set and forget' might win out!

VPN - I have to admit I've not really ever used one (apart from on my work PC where it's required to work from home)

PW Manager - Glad I chose a good one. I think it was a poll here on MT that pointed me to it.

Backup - Good point, I've added Macrium Reflect. I'm trying it with one of their default setups: I think it's Full once a month, differential once a week and incremental once a day. All to an external drive.

Edit: I've installed Tinywall. I put it in learning mode and started all the apps I use regularly then put it in normal mode.
Edit2: I've replaced Tinywall with Windows Firewall Control. I tried both and just prefer WFC for some reason, maybe the layout
 
Last edited:

rndmblk

Level 3
Thread author
Nov 18, 2020
94
I dropped my ConfigureDefender setting from MAX down to High. I found that I was getting more notifications than I prefer and I believe High is still a considerable improvement over the default settings. I'm just trying to find that balance between security and convenience/minimum number of notifications.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I dropped my ConfigureDefender setting from MAX down to High. I found that I was getting more notifications than I prefer and I believe High is still a considerable improvement over the default settings. I'm just trying to find that balance between security and convenience/minimum number of notifications.
High is the best balance between security and usability.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It is good to read the FAQ from @askalan's website and General Help (<General Help> button in H_C's main window). The H_C may require also some learning:
Helpfiles - Hard_Configurator (hard-configurator.com)
The H_C manual is also available via <General Help><DOCUMENTATION> from the H_C application.

Some H_C users on MT prefer the Basic_Recommended_Settings that are less restrictive (allowed EXE and MSI files, restricted scripting and other file types). But, this can depend on installed software and user habits. The more restrictive settings, the more whitelisting will be required.
Be safe. (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top