Advanced Plus Security Fallen's Security Config 2021

Last updated
Feb 23, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Norton 360
Firewall security
About custom security
Norton 360:
  • Antivirus
Boot Time Protection set to Aggressive.
SONAR Advanced Mode set to Aggressive.
  • Firewall
Block Traffic for Malicious Applications set to Aggressive.
  • Administrative Settings
Idle Time Optimizer is Off.
Detailed Error Data Collection set to Never.
  • List of features removed in Windows
Microsoft Remote Help
Windows Media Player
Windows Fax and Scan
Windows Hello Face Recognition
Windows PowerShell Integrated Scripting Environment
Internet Printing Service
Internet Explorer
Working Folder Client
OpenSSH Client
SMB Direct
  • Group Policy settings:
Data Collection and Preview Builds
Allow commercial data pipeline - Disabled
Allow Desktop Analytics Processing - Disabled
Allow device name to be sent in Windows diagnostic data - Disabled
Allow Telemetry - Disabled
Allow Update Compliance Processing - Disabled
Configure the Commercial ID - Disabled
Configure diagnostic data upload endpoint for Desktop Analytics - Disabled
Disable deleting diagnostic data - Disabled
Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service - Disabled
Limit Enhanced diagnostic data to the minimum required by Windows Analytics - Disabled
Configure Connected User Experiences and Telemetry - Disabled
Configure collection of browsing data for Desktop Analytics - Disabled
  • Internet Communication Management
Internet Communication settings
Turn off handwriting recognition error reporting - Enabled
Turn off Windows Customer Experience Improvement Program - Enabled
Turn off Help and Support Center "Did you know?" content - Enabled
Turn off Help and Support Center Microsoft Knowledge Base search - Enabled
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com - Enabled
Turn off Windows Error Reporting - Enabled
Turn off the Windows Messenger Customer Experience Imprevement Program - Enabled
Turn off handwriting personalization data sharing - Enabled
  • Control Panel
Allow Online Tips - Disabled
  • Handwriting personalization
Turn off automatic learning - Enabled
  • BitLocker Drive Encryption
Disable new DMA devices when this computer is locked - Enabled
Choose drive encryption method and cipher strength - Enabled (256-bit).
Allow Secure Boot for integrity validation - Enabled
Require additional authentication at startup - Enabled (TPM is required).
  • Windows Error Reporting
Disable Windows Error Reporting - Enabled
Do not send additional data - Enabled
  • Mitigation Options
Untrusted Font Blocking - Enabled
  • User Profiles
Turn off the advertising ID - Enabled
  • Microsoft Support Diagnostic Tool - All services disabled.
  • Scripted Diagnostics - All services disabled.
  • Desktop Gadgets - Disabled
  • Turn off Autoplay - Enabled
  • Application Compatibility
Turn off Application Telemetry - Enabled
Turn off Inventory Collector - Enabled
  • Find My Device
Turn On/Off Find My Device - Disabled
  • Microsoft User Experience Virtulization
Windows Apps
Finance, Games, Maps, Music, News, Reader, Sports, Travel, Video, Weather - Disabled
  • Online Assistance
Turn off Active Help - Enable
  • Search
Allow Cloud Search - Disabled
Allow Cortana - Disabled
Allow Cortana above lock screen - Disabled
Allow Cortana Page in OOBE on an AAD account - Disabled
Allow search and Cortana to use location - Disabled
Do not allow web search - Enabled
Prevent indexing e-mail attachments - Enabled
  • Shutdown Options
Turn off legacy remote shutdown interface - Enabled
  • Speech
Allow Automatic Update of Speech Data - Disabled
  • Text Input
Improve inking and typing recognition - Disabled
  • File Explorer Options
Show sync provider notifications - Uncheck
  • OneDrive disabled
  • Advertising ID disabled
  • Cortana disabled
  • Usage of location data for Cortana disabled
  • Non-critical notifications disabled
  • Web search disabled
- Settings
Lock screen - Slideshow, Picture.
Get fun facts, tips, tricks, and more on your lock screen - Off

- Start
Show suggestions occasionally in Start - Off

- Remote Desktop
Enable Remote Desktop - Off

- Notifications & actions
Show me the Windows welcome experience after updates and occasionally when I signed in to highlight what's new and suggested - Uncheck
Suggest ways I can finish setting up my device to get the most out of Windows - Uncheck
Get tips, tricks, and suggestions as you use Windows - Uncheck

- Setting \ Privacy
Speech - Off
Inking & typing personalization - Off
Diagnostics & feedback - Off
Activity history - Send my activity history to Microsoft is uncheck.
Location - Off
Camera - Off
Microphone - Off
Voice activation - Off
Account info - Off
Contacts - Off
Calendar - Off
Phone calls - Off
Call history - Off
Email - Off
Task - Off
Messaging - Off
Radios - Off
Other devices - Off
Background apps - Off (except WS)
App diagnostics - Off
Pictures - Off
Videos - Off
File system - Off
  • Windows Update - Delivery Optimization
Allow downloads from other PCs - Off
Periodic malware scanners
MBAM and EKK.
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge w/ some flags - uBlock Origin, Bitwarden and Norton Safe Web.
Mozilla Firefox w/ some tweaks - uBlock Origin, Decentraleyes and Bitwarden.
Secure DNS
NextDNS CLI (Configured on RPi Zero WH).
Desktop VPN
I have my own VPN server; WireGuard + Pi-hole + Unbound.
Password manager
Bitwarden
Maintenance tools
Windows Tools and Revo Uninstaller Portable.
File and Photo backup
WD My Book 3TB
System recovery
Macrium Reflect
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
CPU: AMD Ryzen 7 2700X
RAM: Corsair Vengeance 16GB DDR4
SSD: WD Green 240GB
GPU: MSI Geforce GTX1080
MBA: MSI X470 Gaming M7 AC
PSU: Corsair TX850M 850W
What I'm looking for?

Looking for maximum feedback.

FALLEN

Level 3
Thread author
Verified
Well-known
Feb 13, 2015
112
Hi,
This my security configuration for 2021.

On my system Norton usually uses 15-50 MB of memory. Not just RAM usage, Norton is very light, maybe the lightest AV. I love it.

Untitled.png


Cloudflare is just a little faster than NextDNS for me. But NextDNS has very good features, so I chose NextDNS.

test.png

By the way, Cloudflare's response time 1ms. It doesn't make any difference anyway.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Thanks for your advice.
Added:
  • Password (Aa-Zz, 0-9, Symbols)
The previous state was set to None, which is not possible with a Microsoft account.

Now you have chosen Password, which is also less secure.

Windows Hello PIN is unique to the local device. It is neither your MS acc. password nor is it stored by Microsoft. It can only be used by Windows 10 device is was setup upon.


The Windows Hello options are:

1614107185196.png


Optionally, Hello PIN allows for letters and symbols.

1614107489923.png
 

FALLEN

Level 3
Thread author
Verified
Well-known
Feb 13, 2015
112
@Spawn I appreciate why you think that, but simply I don't need that, password protection too, but I activated anyway. We have security guards, receptions, card system, security cams, steel door, if some burglar break our security, I will congrat him. And most important thing, I don't have important documents and stuff.
 
  • Like
Reactions: Venustus

FALLEN

Level 3
Thread author
Verified
Well-known
Feb 13, 2015
112
That's normal when you add false information.
OK, I've got your point. Too bad, there is no way to block you.

Btw, my answer is here. I activated password login because it's "better than nothing". I didn't say you anything about Windows Hello. I just thanked for your advice, that's it. There is no false information.
 
Last edited:
  • HaHa
Reactions: Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top