Advanced Plus Security cliffspab's Security Config 2020

[cliffspab]

My setup

Is there any redundancy here?

Do I need Malwarebytes Browser Guard with Ublock Origin, Privacy Possum, Decentralise, Smartscreen and R.O.B.E.R.T?

Also, I have no optical drive, is Windows Backup and Restore with Google Drive for files enough?


Thanks!

 

[Protomartyr]

I see you have Malwarebytes Premium listed under Virus and Removal Tools. Are you running Malwarebytes Premium with real-time protection enabled or as on-demand only?

I don't think you need Malwarebytes Browser Guard with Edge Chromium since you have SmartScreen. On Chrome, I'd rather use Windows Defender Browser Protection as it is lighter. Depending on how you are running Malwarebytes Premium, you'd also have its Web Protection module which I'm a fan of.

Windows Backup and Restore has never failed me. I would get an external hard drive just so you can have an offline backup available along with your online backup to Google Drive.

 

[oldschool]

You really need to edit your configuration:

Real time protection: KSC Free and ConfigureDefender? which is it?

On demand scanners: 2 premium, 5 total? Why so many and why premium? WiseVector is real time? or configured as on demand only?

 

[cliffspab]

You really need to edit your configuration:

Real time protection: KSC Free and ConfigureDefender? which is it?

On demand scanners: 2 premium, 5 total? Why so many and why premium? WiseVector is real time? or configured as on demand only?

Just KSC free (EDIT+ OSArmor) I thought Configure Defender altered a few non-real-time settings too. Wisevector does not run in real-time either.

Zemana was a free deal. I paid for Malwarebytes Premium ($5 for 4 years) before I switched to KSC Free. Given that none of them run in real-time, would you uninstall any of them? If so, which would you keep?

 

[Protomartyr]

I would uninstall Zemana.
That leaves you with Emsisoft Emergency Kit, Malwarebytes Premium, HitmanPro, and WiseVector StopX. They are all good programs so I'm not sure which ones to keep. I would just pick 2 that you like and are familiar with and uninstall the others.

 

[oldschool]

I would uninstall Zemana.
That leaves you with Emsisoft Emergency Kit, Malwarebytes Premium, HitmanPro, and WiseVector StopX. They are all good programs so I'm not sure which ones to keep. I would just pick 2 that you like and are familiar with and uninstall the others.

This is a good place to start. No one needs this many on-demand scanners. Either trust the program(s) you use, or don't use them.

Stay safe, not paranoid!

I thought Configure Defender altered a few non-real-time settings too.

No, only real-time.

 

[cliffspab]

I would uninstall Zemana.
That leaves you with Emsisoft Emergency Kit, Malwarebytes Premium, HitmanPro, and WiseVector StopX. They are all good programs so I'm not sure which ones to keep. I would just pick 2 that you like and are familiar with and uninstall the others.

Thanks, I'll uninstall Zemana, HitmanPro (since it's not paid it doesn't remove anything anyway) and WiseVector (I had it installed before KSC Free to trial it and switched off real-time protection later)

No, only real-time.

Ah, I didn't realise. do you recommend I uninstall it too?

 

[cliffspab]

Removed:

Zemana
HitmanPro
WiseVector Stopx
MalwareBytes Browser Guard

 

[cliffspab]

REMOVED:

Kaspersky Security Cloud Free - Tried the premium free trial and hated Trusted Application / Application Control. It threw up random errors with some games I have installed from certain 'sources' until I'd whitelisted them. I don't like the idea of an antivirus simply breaking things without giving a proper warning notification.

NoVirusThanks OSArmor - See below.

KCleaner, PrivaZer - I think Wise Disk Cleaner has both of these covered and I'm aiming for a slimmer, lighter system.

ADDED:

F-Secure SAFE - Free 1-year licence. It's got good feedback on MWT so I thought I'd give it a try.

QUESTION - I removed NVT OSArmor just because it seems like one extra program running I probably don't need. Do the experts here recommend sticking with it in conjunction with F-Secure?

 

[ForgottenSeer 823865]

OSA isn't needed if you have any AV or suite with default-deny (BB, HIPS, etc...) components.

 

[cliffspab]

OSA isn't needed if you any AV or suite with default-deny (BB, HIPS, etc...) components.

Thanks, does that include F-Secure SAFE?

 

[ForgottenSeer 823865]

Thanks, does that include F-Secure SAFE?

That i can't say since i don't use it.

@cliffspab after a little bit research, F-Secure uses DeepGuard ( like a BB with process monitoring) however i don't know if you can add custom rules like OSA.

 

[cliffspab]

@cliffspab after a little bit research, F-Secure uses DeepGuard ( like a BB with process monitoring) however i don't know if you can add custom rules like OSA.

Thanks for investigating. For now I'll leave OSA off, but might re-add it when a new version gets released.

Happy New Year to you!

 

[cliffspab]

Updated to Windows 1909

ADDED
AOMEI Backupper Pro - weekly system backup (also created a boot USB)
Trace - Edge Dev extension
UAC set to Always Notify
FS Protection - Beta builds for the new version of F-Secure SAFE

REMOVED
Decentraleyes
Privacy Possum
F-Secure SAFE

 

[cliffspab]

I have a question:

I realised I'm currently using an admin account (not a standard one like I thought).

I don't really want the hassle of moving lots of settings/programs/startup items to a new, standard account.

Is it possible to create a new admin account instead then change my current admin account to a standard user?
Would that leave my current setup untouched but give me the extra security of a standard account?

EDIT - I tried it and it seems to have worked. Please let me know if there are any issues with this approach!

 

[oldschool]

I tried it and it seems to have worked. Please let me know if there are any issues with this approach!

You can easily check this by signing in to Admin account > Settings > Accounts > Family & others = it should say 'Local account". And you should see UAC prompt for password when elevation is needed while on local account.

 

[cliffspab]

You can easily check this by signing in to Admin account > Settings > Accounts > Family & others = it should say 'Local account". And you should see UAC prompt for password when elevation is needed while on local account.

Thanks

It's working, but Throttlestop no longer appears to start when I log on. Is there a way to fix this?

Also, will my Aomei backups continue to run as scheduled now I need to enter the admin password to run the software?

 

[plat]

Throttlestop no longer appears to start when I log on. Is there a way to fix this?

I use Intel XTU and had to create a basic Task in Task Scheduler. You can set it to start at every user log on. I set XTU to start w/Windows.

 

[oldschool]

but Throttlestop no longer appears to start when I log on. Is there a way to fix this?

I don't know this program. Is it hardware related? If so, you may have to start the GUI manually.

will my Aomei backups continue to run as scheduled now I need to enter the admin password to run the software?

Not sure what you mean... Yes, you should need admin password for Aomei and you can configure it from local account.

 

[cliffspab]

I don't know this program. Is it hardware related? If so, you may have to start the GUI manually.

It's CPU undervolting software that ran using task scheduler for my admin account. I can't work out how to get it to start when I look in under the SUA

Not sure what you mean... Yes, you should need admin password for Aomei and you can configure it from local account.

Yep, and will the scheduled backups still run automatically without requiring a password to start?