Basic Security Arequire's Security Config 2021

Last updated
Oct 1, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Allow security updates
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
  • Potentially unwanted app blocking enabled
  • Network protection enabled
  • Cloud protection level set to High+
  • Block abuse of exploited vulnerable signed drivers set to warn
  • Block executable content from email client and webmail
  • Block execution of potentially obfuscated scripts
  • Block JavaScript or VBScript from launching downloaded executable content
  • Block persistence through WMI event subscription
  • Block untrusted and unsigned processes that run from USB
  • Use advanced protection against ransomware enabled
Periodic malware scanners
Kaspersky Virus Removal Tool, Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Edge - AdGuard
Firefox - uBlock Origin, Video DownloadHelper
Secure DNS
NextDNS
Desktop VPN
Windscribe
Password manager
KeePass
Maintenance tools
PatchMyPC
File and Photo backup
External hard drive & OneDrive
System recovery
Windows System Image Backup
Risk factors
    • Browsing to popular websites
    • Buying from online stores, entering banks card details
Computer specs
Dell Inspiron 3000 (Desktop)
Intel i3-7100
Intel HD Graphics 630
8GB DDR4
1TB HDD
Notable changes
Jan 9 - Replaced Brave with Firefox
Jan 10 - Enabled network protection
Jan 18 - Raised Defender's cloud protection level to High+ and enabled multiple ASR rules via ConfigureDefender
Feb 15 - Uploaded important files to OneDrive
Oct 1 - Switched DNS from ISP's to NextDNS
What I'm looking for?

Looking for minimum feedback.

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,345
ConfigureDefender doesn't require whitelisting on high settings the only rule I had to disable once is the advanced ransomware protection ASR rule.
It really enhances the protection of Microsoft Defender.

Why not go further with the buit-in protection and use the new Microsoft Edge as browser?
 

Arequire

Level 29
Thread author
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
ConfigureDefender doesn't require whitelisting on high settings the only rule I had to disable once is the advanced ransomware protection ASR rule.
It really enhances the protection of Microsoft Defender.
I'll think about it. On previous use, upping Defender's cloud protection level to High ended up wrecking my system's performance, and blocking executables by prevalence ended up blocking updates for certain software, so I'll have to audit CD's settings to see if they have any detrimental effects if I choose to use it.

Why not go further with the buit-in protection and use the new Microsoft Edge as browser?
I dislike Edge's UI, specifically its new tab page, its warmer colour palate and its increased font size.
Plus Chrome gets security fixes faster, and if I do choose to enable Network Protection it won't overlap with Google Safe Browsing like it does with SmartScreen.
 

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,345
I'll think about it. On previous use, upping Defender's cloud protection level to High ended up wrecking my system's performance, and blocking executables by prevalence ended up blocking updates for certain software, so I'll have to audit CD's settings to see if they have any detrimental effects if I choose to use it.


I dislike Edge's UI, specifically its new tab page, its warmer colour palate and its increased font size.
Plus Chrome gets security fixes faster, and if I do choose to enable Network Protection it won't overlap with Google Safe Browsing like it does with SmartScreen.
Ok, fair enough. I can understand the performance part, Microsoft Defender is slowing down systems (it depends on the system how much you will notice) and it could well be the cloud protection part. The cloud is however a big part of its protection. I have not tested myself if changing that level has any influence.
Blocking executables by prevalence is not part of the high settings.

For me after using the new Edge, I don't like Chrome anymore (still use it on my work laptop that has not gotten the new Edge yet).
That's personal.
You have a point that Chrome gets the security updates before all the other chromium-based browsers and therefore should be considered as the most secure one for a day or two.
Combining Safe Browsing (browser) with SmartScreen (windows) could also give you more protection if you follow the recommendations of SmartScreen on Windows, but most people don't. I don't think it matters very much; both are great protection mechanisms for their browsers.

You have a good and light config. It all comes down to if you trust Microsoft Defender at default settings enough to keep you safe.
 

Protomartyr

Level 7
Sep 23, 2019
314
A better alternative to Hard_Configurator, if you're wanting to keep the barebones approach, would be Simple Windows Hardening. I recently made the transition from H_C to SWH and I am loving the simplicity.

I would also consider switching your DNS to something other than your ISP's. NextDNS or Quad9 are popular choices.

I'm planning on getting a new laptop soon and will be taking a barebones approach similar to yours (y)
 

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
743
Nice setup! I would recommend using a backup tool beyond just what Windows provides. If you want to keep a very light setup feel free to use AOMEI Backupper's USB backup configuration and back up using their software. If anyone here on MT knows - sometimes one gets burned on the Windows stuff and they want to have a fail safe. AOMEI installed on your computer should be 'light' enough.

Link to free version: Free Backup Software for Windows 10/8/7 - AOMEI Backupper Standard

Another good tool to try out would be Macrium Reflect free. Have one or the other and you should be in good shape.

Link to free version: Macrium Reflect Free

In this day and age its always good to have backups of information and verify those backups. Follow the 3+2+1 methodology for backups. Having those backups available will make life easier in a off chance of disaster.

Hope this helps!
~Brian
 

Arequire

Level 29
Thread author
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
For me after using the new Edge, I don't like Chrome anymore
I did use it for a period of time and its performance definitely topped Chrome's, but I simply can't get over its weird UI design decisions.
As an example, clicking Chrome's Other Bookmarks folder allows you to view 40 bookmarks at once without scrolling, but Edge only allows you to view 27 bookmarks before you have to start scrolling. It's like Microsoft activated an accessibility feature to make the text bigger for those with poor eyesight and haven't provided a way to turn it off. It's baffling.

if you follow the recommendations of SmartScreen on Windows, but most people don't.
I never install new software once I have everything I use installed, so if SmartScreen throws up a warning then that's a huge red flag of potential infection. 😅

I would also consider switching your DNS to something other than your ISP's. NextDNS or Quad9 are popular choices.
My ISP already offers malicious domain filtering from Sophos, so I don't know whether NextDNS or Quad9 would really add anything of value honestly.

Nice setup! I would recommend using a backup tool beyond just what Windows provides. If you want to keep a very light setup feel free to use AOMEI Backupper's USB backup configuration and back up using their software. If anyone here on MT knows - sometimes one gets burned on the Windows stuff and they want to have a fail safe. AOMEI installed on your computer should be 'light' enough.
I usually only make one system image backup (right after installing and updating Windows but before installing software or changing any settings) so it's not really worth installing AOMEI or Macrium as I probably won't use them again.
As for file backups, I already have my important files backed up on multiple external hard drives, and plan on uploading them to a cloud storage provider in the near future. I just haven't decided on the provider yet.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top