Advanced Plus Security Devjit's Laptop Security Setup

Last updated
Dec 1, 2018
Windows Edition
Home
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Symantec Endpoint Protection + Shadow Defender
Firewall security
Periodic malware scanners
None
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Google Chrome
Maintenance tools
CCleaner
File and Photo backup
External HDD
System recovery
AOMEI Backupper
Computer specs
https://malwaretips.com/threads/devjits-work-laptop.86179/

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Thank you guys for all the help. I updated my config. Using Comodo Firewall with Kaspersky Free now. So far no hiccups and all runs well. I was a busy for the last couple of days assembling my gaming pc. And just when I bought the GTX 1070Ti Nvidia announces the RTX series (sigh). Do I need to make another post for the security config of my gaming desktop or can I edit this post to reflect the new setup?
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Thank you guys for all the help. I updated my config. Using Comodo Firewall with Kaspersky Free now. So far no hiccups and all runs well. I was a busy for the last couple of days assembling my gaming pc. And just when I bought the GTX 1070Ti Nvidia announces the RTX series (sigh). Do I need to make another post for the security config of my gaming desktop or can I edit this post to reflect the new setup?
If you have 2x systems running different config, guess you can make just config 2 thread and update both

About https everywhere, there seems to people advising to remove/adding it. Also so called secure browsers have built in extension doing same thing, so its up to you do you want to use that extension, since most browsers will connect to https anyways as first priority
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Update: I'm back to using Windows Defender and Windows firewall. I used hard_configurator to configure defender and disable scripts, powershell and all those stuff. Now I need some lightweight companions for defender. I was considering voodooshield, OSArmor and HitmanPro.Alert. Will these be okay?
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Update: I'm back to using Windows Defender and Windows firewall. I used hard_configurator to configure defender and disable scripts, powershell and all those stuff. Now I need some lightweight companions for defender. I was considering voodooshield, OSArmor and HitmanPro.Alert. Will these be okay?

I've used WD+ H_C + Voodooshield, though I believe VS is even overkill with H_C. OSA would overlap/duplicate H_C. No experience with Hitman so I can't say. I suggest reading the H_C thread if you haven't already. You will see more about how it works and how it compares to some other options. (y)
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Update: I'm back to using Windows Defender and Windows firewall. I used hard_configurator to configure defender and disable scripts, powershell and all those stuff. Now I need some lightweight companions for defender. I was considering voodooshield, OSArmor and HitmanPro.Alert. Will these be okay?
If You changed the config, please kindly edit and announce the changes here, thanks.
 
  • Like
Reactions: given and oldschool

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
Thank you guys for the help. I have so much to learn here. I was browsing the forums and came upon some posts regarding ReHIPS. Currently trying it out on my laptop. What are your opinions about REHIPS?
 
  • Like
Reactions: given and ZeroDay

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
UPDATE: removed all resident protections. ATM using Avast Free with HMPA and NVT ERP v4 and Windows Firewall(along with all the other built in security features in Windows 10). Windows Firewall is set to block all Incoming Connections. Very light config and no system impact :D
 
Last edited:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Probably You don't need all those 3 at the same time (overkill): ATM using Avast Free with HMPA and NVT ERP v4...

Avast Free (Hardened Mode Aggressive)

Or

NVT ERP v4 (knowing well the product and tweaking it)

And I'm not sure if HMPA would be necessary... maybe as on demands scanner...
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
In 14 days I have learnt a LOT from this forum by browsing through the various posts. I substituted HitmanPro.Alert with Sandboxie Free and Shadow Defender(trial) since HMPA was blocking installation of Kaspersky Secure Connection. So far am really impressed with Sandboxie and Shadow Defender. At $35 for lifetime license it looks like a deal-breaker for me and I may actually buy SD. So right now my setup stands at Avast Free(hardened mode aggressive), NVT ERP(lockdown mode), Sandboxie Free and Shadow Defender. I may substitute Avast with ESET Internet Security since I have a license for it on 1PC(don't know if I can use the same license on 2 PCs)

PS: just wanted to know that if ERP v4 final is released, will I still be able to use the beta version which I have now, since it's free and I know that the final version will be a paid product. :emoji_money_mouth:
 
  • Like
Reactions: given and oldschool

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It would be good if you could decide what setup is OK for you: default-deny, or default-allow with some restrictions. The first is the simplest, and most secure, but it would be convenient only in a semi-closed software configuration.
If you like default-allow setup then OSArmor would be probably the more comprehensive solution than Hard_Configurator (the last is strong when configured with default-deny SRP settings)
If you like frequently installing the new applications then forget temporarily about default-deny. You will probably come back later to default-deny, when your learning phase will be over.
Anyway, if you like experimenting, then you can try: ReHIPS, SpyShelter, Sandboxie, Shadow Defender, Comodo Firewall, and OSArmor. Please, be prepared to do some fresh Windows installations, because installing many security programs, makes the system to work strangely.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Any suggestions on using Sandboxie and Shadow Defender together?
Shadow Defender is often used to protect the system (OS + disk boot sectors) against malware persistence, but it allows running any malware until reboot.
Sandboxie (paid) can be used to protect the vulnerable applications. The default sandbox is OK, but most malware can run in the sandbox and spy you. Anyway, you can also prepare a very restrictive sandbox separately for the concrete application. So for example, nothing in the sandbox can access the Internet or nothing except the application itself can run in the sandbox.
Sandboxie and Shadow Defender can be also used for trying applications without bloating the system - you have to run the application installer in the default sandbox or in the Shadow Mode.
 
Last edited:

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
UPDATE:
I had to do a PSID Revert and a Secure Erase of my SSD since it was acting up lately. Before I install Windows 10, I just need some opinions. I will update the config once I am done.. I am looking for a lightweight security setup that will not slow down the laptop. Windows Defender seems to thrash my SSD a lot, I don't know why. For the realtime protection, I will be having OSArmor. For the antivirus, which one would you guys prefer between Panda Dome Free and Avast Free. Avast seems to have a lot of telemetry and shows a lot of ads, which sometimes is distracting. Also I think that Panda will be lighter than Avast, although I may be wrong. And as for hardening of Windows, I have found two tools- NVT Sys Hardener and Hard_Configurator. Which of these would you guys choose? Or can I use both?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
UPDATE:
Windows Defender seems to thrash my SSD a lot, I don't know why.
That is strange, although some people reported the similar issue.
On my system with Windows 10 Pro + WD, there is about 2GB disk writes per day - this includes also web browsing and other standard activities. I can check disk writes easily, because I use ShadowDefender.
I think that about 0.5 GB can be related to WD. I do not include disk reading activity, because it does not harm SSD.
How did you found that WD is the only reason for the above problem?
 

Wraith

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 15, 2018
634
That is strange, although some people reported the similar issue.
On my system with Windows 10 Pro + WD, there is about 2GB disk writes per day - this includes also web browsing and other standard activities. I can check disk writes easily, because I use ShadowDefender.
I think that about 0.5 GB can be related to WD. I do not include disk reading activity, because it does not harm SSD.
How did you found that WD is the only reason for the above problem?

It's just that the laptop feels sluggish even when I'm watching any movie or a youtube video. When I check task manager, I find antimalware service executable consuming around 30% cpu and 80% disk. I did use configure defender to set WD Protection from Normal to High. Maybe that's the reason for this behaviour.
 
D

Deleted Member 3a5v73x

It's just that the laptop feels sluggish even when I'm watching any movie or a youtube video. When I check task manager, I find antimalware service executable consuming around 30% cpu and 80% disk. I did use configure defender to set WD Protection from Normal to High. Maybe that's the reason for this behaviour.
No, Configure_Defender isn't the problem, Windows Defender is. Really, just move away from that built-in hog and build some light AV around Andy's Hard_Configurator's SRP. I don't understand why people keep torturing themselves with Windows Defender.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It is a well known issue, that Windows Defender can cause slowdowns on some computers. There were many posts about this behavior. But on many computers, WD is OK even with small resources and average CPU. Generally, it is also confirmed on AV Labs performance tests.
Consuming 30% CPU resources is not normal. The Quick or even the Full Scan can usually consume about 30% of CPU resources on computers with CPU like the old Intel i3 processor and 4GB RAM. I noticed a better behavior on Windows 10 ver. 1803, because on earlier versions the Full Scan usually consumed 50%. If WD is not scanning, then there should not be any slowdowns.
In my case, I can see occasional slowdowns during Windows Updates, WD updates, and updates from Microsoft store. In most cases, I can see that Windows Defender CPU consumption is simply 0%.
Anyway, if WD is not working, then the light AV + any default-deny setup with script blocking + document protection will be OK.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top