Advanced Plus Security Gandalf_The_Grey's Laptop Config 2024

Last updated
Feb 14, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
    • Basic account password (insecure)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Ziggo SmartWifi modem by Sagemcom in bridgemode. TP-Link Deco XE75 mesh system.
Real-time security
TP-Link HomeShield
Microsoft Defender Antivirus
Firewall security
Microsoft Defender Firewall
About custom security
Windows Hybrid Hardening
  • ConfigureDefender at High settings.
  • DocumentsAntiExploit with MS Office ON2 and VBA disabled.
  • WindowsHybridHardening Light with SWH on and WDAC on.
Windows 11 Pro 22H2
Periodic malware scanners
HitmanPro and Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Microsoft Edge with uBlock Origin, I don't care about cookies, Bitwarden and Bitdefender TrafficLight as extensions
Secure DNS
From my ISP (Ziggo)
Desktop VPN
AdGuard VPN
Password manager
Bitwarden browser extension
Maintenance tools
Maintenance tools: CCleaner Professional, Disk Cleanup, Optimize Drives, Autoruns, Driver Store Explorer
Update tools: Patch My PC, UCheck, Driver Easy Pro, LG Update & Recovery, Intel Driver & Support Assistant
File and Photo backup
Windows Backup, OneDrive with Microsoft 365 ransomware protection (always on sync)
Active subscriptions
    • Microsoft 365 Family 6TB
System recovery
Windows system image
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
2022.01.01 new config for the new year.
2022.01.31 removed Bitsum Process Lasso, Samsung Magician. Switched from DefenderUI Free and VoodooShield to the all-in-one DefenderUI Pro.
2022.02.12 back to Ziggo Safe Online by F-Secure
2022.02.16 added Quad9 secure DNS
2022.03.22 have to use Adobe Reader for work, removed KVRT.
2022.04.09 trying the AdGuard extension instead of uBlock Origin
2022.04.10 back to uBlock Origin
2022.05.01 removed Ziggo Safe Online, back to Microsoft Defender and installed Kerish Doctor
2022.05.04 installed the latest VoodooShield
2022.05.13 installed fs protection by F-Secure 18.4 beta 2
2022.05.20 back to Microsoft Defender Antivirus and Andy's tools
2022.05.23 changed from ConfigureDefender to DefenderUI
2022.06.07 back to fs protection and VoodooShield
2022.07.18 back to Microsoft Defender Antivirus with DefenderUI and VoodooShield
2022.08.14 reset of Windows 11 and added (back) Simple Windows Hardening
2022.08.31 small changes because of my new laptop
2022.09.06 went from uBlock Origin to AdGuard
2022.09.12 up to date with the latest changes in this form
2022.09.26 back to FS Protection
2022.10.23 reset of Windows 11 22H2 and using Microsoft Defender with ConfigureDefender on high
2022.12.12 filled the new fields and Smart App Control has turned itself off.
2023.01.01 back to FS Protection and running a trial of NoVirusThanks SysHardener
2023.01.29 removed NoVirusThanks SysHardener and switched from AdGuard MV3 to uBlock Origin
2023.03.20 back to Windows buit-in protection configured by Hard_Configurator
2023.03.15 back to Simple Windows Hardening
2023.05.19 up to date with the May 2023 Update of this form
2023.07.05 back to FS Protection
2023.08.17 testing Windows Hybrid Hardening
2024.02.02 using Windows Hybrid Hardening Light an added the I don't care about cookies extension
What I'm looking for?

Looking for minimum feedback.

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
New config for the new year with the new tools released by @danb
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Hi @Gandalf_The_Grey two questions

1. Could you explain what the benefits of Microsoft Editor are over the build-in spellcheckers (Word, Edge and Mail)?

2. Why do you prefer Foxit PDF reader over Edge PDF reader?
Hi Kees,

1) when you have a Microsoft 365 license it offers advanced grammar and style refinements like clarity, conciseness, formality, vocabulary suggestions, and more :D
It will be integrated in Edge:

Microsoft editor is already integrated in Word, Excel (the office programms).

2) I like Foxit for the Protected View, the thumbnails in Windows Explorer, and you can open a PDF inside MS Outlook, both were on the roadmap for MS edge.

Hopefully soon I don't need both anymore.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Thanks for this link. Can you give some idea of what you did or didn't use, e.g. the reg tweaks?
NOTE: Always set a service’s startup type to MANUAL and never set it to DISABLED. We suggest this because if a service is set to MANUAL start and Windows needs the service, it’ll be able to start the service and there will be no affect on OS functionality. But if a service is set to DISABLED and Windows requires that service, it’ll not be able to start the service and you may face problems.
 
Last edited:

JasonUK

Level 5
Apr 14, 2020
232
Cleaned my config and went from DefenderUI Free and VoodooShield to the all-in-one DefenderUI Pro.
Only reason I haven't done the same (when using VS & DUI) is that I found the alerts in DUI Pro didn't persist/stay on top so if multiple windows were open they could be missed unlike VS alerts. Haven't checked latest version of DUI Pro though so would be interested if you still experience this.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Only reason I haven't done the same (when using VS & DUI) is that I found the alerts in DUI Pro didn't persist/stay on top so if multiple windows were open they could be missed unlike VS alerts. Haven't checked latest version of DUI Pro though so would be interested if you still experience this.
I don't think that is still a problem, at least I haven't noticed that.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Back to Ziggo Safe Online by F-Secure (F-Secure Safe).
  • It had impressive results in the testing done by @Shadowra and in the HUB tests by @upnorth (y)
  • Malicious downloads are completely blocked and not partially downloaded like with the SmartScreen when using Microsoft Edge.
  • It doesn't use a root certificate like Kaspersky does.
  • It is noticeably light on the system and the slowdowns when shutting down are now resolved: F-Secure 18.2 released Thanks for that post @Bill K (y)
  • When I follow the analysis of current threats done by @Andy Ful adding Simple Windows Hardening and Documents Anti-Exploit closes any potential weaknesses for fileless and Microsoft Office based attacks. Thanks again @Andy Ful for your tools and your analysis (y)
  • EDIT: forgot to mention the (also) impressive results for banking protection done by AVLab.pl: AVLab.pl - Test of security solutions in blocking attacks on Internet banking
 
Last edited:

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
With defender, does this make any reason to switch over?
I found (when using a second opinion scanner) that because I use file history as backup solution that the malicious files blocked by SmartScreen were also present in the file history backups.
If you use Disk Cleanup to clean your system including file history before doing a backup, they are no longer present.
So, it depends on your config.
If you don't use file history or clean file history regularly it is not a problem.
When we tested extensions with @Evjl's Rain I saw the same behavior with Emsisoft Browser Security, but not with for example Bitdefender TrafficLight.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Is Quad9 any good ? its not as fast like cloudflare in my country , but i wonder about their uptime ? (if its down a lot or not)
So far so good...
What has your DNS up-time been?
Quad9 is a global anycast service. Multiple points of presence around the world mean redundancy is built into the system. If a resolver goes down, the traffic is automatically routed to the next closest resolver. To date, our uptime has been 99.999%.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Quad9 is not as fast as my own ISP, so back to Ziggo.
Trying the new AdGuard extension.
I spoke with Quad9 about some routing issues. Their speed wasn’t bad for name resolution, but not all their servers are setup for transit, and your ISP may route you elsewhere based on their network optimization. This causes issues with getting CDNs close to you, I was being routed halfway across the country to Chicago. Which was fine for DNS queries, but awful for getting CDNs based on the DNS server location half way across the US (a long way). I tried their EDNS Client Subnet, which helps with some CDNs, but others only accept edns info from Google or OpenDNS as they have agreements about how to handle the location data safely/privately. So, results were mostly good, but family streaming services buffered. Also their DoT implementation has a higher rate of failed requests.

All of this to say they responded quickly and worked with me to troubleshoot. The couldn’t fix the problem since they have no agreement with my ISP, but they are working on implementing more servers for transit to help alleviate these issues. And their “customer service” is fantastic! They were friendly, prompt, and helpful. Quad9 is an amazing not for profit, but for now we also went back to my ISP. It is lightning fast and have CDN caches in their edge services that you can’t beat the performance.

Sorry for the long winded post in your wall, but I really like Quad9 even if I don’t use them either.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top