Advanced Plus Security Gandalf_The_Grey's Laptop Config 2024

Last updated
Nov 5, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
Ziggo SmartWifi modem by Sagemcom in bridgemode.
TP-Link Deco XE75 mesh system.
Real-time security
Microsoft Defender Antivirus
Firewall security
Microsoft Defender Firewall
About custom security
Hard_Configurator 7.0.0.1
  • Windows 11 SAC ON Recommended Settings
  • ConfigureDefender: High settings
  • DocumentsAntiExploit: MS Office ON1 and Disable VBA in MS Office ON
Windows 11 Pro 24H2
  • Memory integrity and BitLocker: enabled
  • Smart App Control on
Resources used to tweak privacy and security settings
Periodic malware scanners
Norton Power Eraser and Sophos Scan & Clean
Malware sample testing
I do not participate in malware testing
Environment for malware testing
None
Browser(s) and extensions
Microsoft Edge with uBlock Origin Lite, Bitwarden, McAfee WebAdvisor and Bonjourr as extensions
Secure DNS
From my ISP (Ziggo)
Desktop VPN
AdGuard VPN
Password manager
Bitwarden browser extension
Maintenance tools
Maintenance tools: CCleaner Pro, Disk Cleanup, Optimize Drives, Autoruns.
Update tools: UCheck Portable, Driver Easy Pro, LG Update & Recovery, Intel Driver & Support Assistant.
File and Photo backup
Windows Backup, OneDrive with Microsoft 365 ransomware protection (always on sync)
Subscriptions
    • Microsoft 365 Family 6TB
System recovery
Windows system image
Risk factors
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Logging into my bank account
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
2022.01.01 new config for the new year.
2022.01.31 removed Bitsum Process Lasso, Samsung Magician. Switched from DefenderUI Free and VoodooShield to the all-in-one DefenderUI Pro.
2022.02.12 back to Ziggo Safe Online by F-Secure
2022.02.16 added Quad9 secure DNS
2022.03.22 have to use Adobe Reader for work, removed KVRT.
2022.04.09 trying the AdGuard extension instead of uBlock Origin
2022.04.10 back to uBlock Origin
2022.05.01 removed Ziggo Safe Online, back to Microsoft Defender and installed Kerish Doctor
2022.05.04 installed the latest VoodooShield
2022.05.13 installed fs protection by F-Secure 18.4 beta 2
2022.05.20 back to Microsoft Defender Antivirus and Andy's tools
2022.05.23 changed from ConfigureDefender to DefenderUI
2022.06.07 back to fs protection and VoodooShield
2022.07.18 back to Microsoft Defender Antivirus with DefenderUI and VoodooShield
2022.08.14 reset of Windows 11 and added (back) Simple Windows Hardening
2022.08.31 small changes because of my new laptop
2022.09.06 went from uBlock Origin to AdGuard
2022.09.12 up to date with the latest changes in this form
2022.09.26 back to FS Protection
2022.10.23 reset of Windows 11 22H2 and using Microsoft Defender with ConfigureDefender on high
2022.12.12 filled the new fields and Smart App Control has turned itself off.
2023.01.01 back to FS Protection and running a trial of NoVirusThanks SysHardener
2023.01.29 removed NoVirusThanks SysHardener and switched from AdGuard MV3 to uBlock Origin
2023.03.20 back to Windows buit-in protection configured by Hard_Configurator
2023.03.15 back to Simple Windows Hardening
2023.05.19 up to date with the May 2023 Update of this form
2023.07.05 back to FS Protection
2023.08.17 testing Windows Hybrid Hardening
2024.02.02 using Windows Hybrid Hardening Light an added the I don't care about cookies extension
2024.04.20 removed I don't care about cookies and Bitdefender TrafficLight
2024.04.20 removed McAfee WebAdvisor
2024.04.24 changed from uBlock Origin to AdGuard
2024.06.19 added DefenderUI and switched from AdGuard to uBlock Origin Lite
2024.07.12 changed to Hard_Configurator and the AdGuard extension.
2024.10.20 Smart App Control on and uBlock Origin Lite and McAfee WebAdvisor as extensions.
What I'm looking for?

Looking for minimum feedback.

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,430
Another doubt regarding F-Secure is that it has no password to protect the software settings, so in this case, I would have to format my machine and use the user as a user with "common" privileges.
I have no idea what this means.
I find F Secure incredibly easy to use, zero bloat, install and forget.
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
674
I am a student and software developer and tired of configuring AV's, I would like something more automated and clean, maybe that is why I am in doubt between F-Secure and SysHardener+OSarmor for example.
With W11, been using F-Secure Safe + OSArmor+ Macrium Image Guardian for the last 2 months. Very stable.
 
Last edited:
G

Guilhermesene

I have no idea what this means.
@Digmor Crusher I was referring to this

Use a standard user account or an administrator account

 
  • Like
  • Applause
Reactions: Nevi and vtqhtr413

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
My laptop wasn't working great with Windows 11 22H2 and 3rd party security apps.
There was always a (sometimes slight) delay when opening files, settings and things like that.
After a reset I'm using only Microsoft Defender configured with ConfigureDefender on high and Smart App Control is in evaluation mode.
Curious when Smart App Control will change to on or off...

Also trying out the current beta of Microsoft's PC Manager, but that is not completely stable yet.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
There was always a (sometimes slight) delay when opening files, settings and things like that.
Maybe that's related to FS Protection. I tried both the stable and beta version of F-Secure like more than 6 months ago (long time by now) and with FS Protection had delay on almost everything but for the stable version there was no delay when running signed apps. The stable version only had significant delay with relatively high CPU & disk usage running unsigned apps after every signature update.
So, wondering if you have tried any other third-party AVs recently, excluding FS Protection? Like Kaspersky for example (free or paid) which IMO has absolutely the best cache management, so things run very fast if it was already ran before once at least/a full system scan was performed.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
Maybe that's related to FS Protection. I tried both the stable and beta version of F-Secure like more than 6 months ago (long time by now) and with FS Protection had delay on almost everything but for the stable version there was no delay when running signed apps. The stable version only had significant delay with relatively high CPU & disk usage running unsigned apps after every signature update.
So, wondering if you have tried any other third-party AVs recently, excluding FS Protection? Like Kaspersky for example (free or paid) which IMO has absolutely the best cache management, so things run very fast if it was already ran before once at least/a full system scan was performed.
I tried Kaspersky recently, but surprisingly nothing is as fast for me on Windows 11 22H2 as its own Microsoft Defender.
Even adding DefenderUI gives a slight delay and therefore I chose to go with ConfigureDefender.
VoodooShield adds a significant delay on photos and especially on Logitech software.
There are known issues with SRP and Simple Windows Hardening or Hard_Configurator.
It could be that those SRP issues (according to Andy caused by Smart App Control) have an influence on other security programs.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,867
I tried Kaspersky recently, but surprisingly nothing is as fast for me on Windows 11 22H2 as its own Microsoft Defender.
Even adding DefenderUI gives a slight delay and therefore I chose to go with ConfigureDefender.
VoodooShield adds a significant delay on photos and especially on Logitech software.
There are known issues with SRP and Simple Windows Hardening or Hard_Configurator.
It could be that those SRP issues (according to Andy caused by Smart App Control) have an influence on other security programs.
I see, it's strange. On my 22H2 I tried BD, ESET & Kaspersky and the latter two runs really fast. I haven't tried HC & SWH yet because of the issue you mentioned.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
I see, it's strange. On my 22H2 I tried BD, ESET & Kaspersky and the latter two runs really fast. I haven't tried HC & SWH yet because of the issue you mentioned.
Have you done a clean install or reset so that Smart App Control is on or in evaluation mode?
Issues are not present on an upgrade.
 
G

Guilhermesene

Like Kaspersky for example (free or paid) which IMO has absolutely the best cache management, so things run very fast if it was already ran before once at least/a full system scan was performed.
What is this information based on? I am asking this because I would like to know more about this subject.
 
Last edited by a moderator:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,779
I have no idea what this means.
I find F Secure incredibly easy to use, zero bloat, install and forget.
Totally agree with @Digmore Crusher on this one. I'm new to F-Secure, only been using it about 2 weeks, but every day on pc seems a little better, especially in reference to using Freedome vpn. It adds an element of malware protection to vpn browsing, and its speed has become very good even running inside my VM.
 
  • Like
Reactions: Nevi

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,414
After a long evaluation mode Microsoft turned Smart App Control off on my laptop.
Windows 11 Pro 22H2 I have an issue using VoodooShield or DefenderUI Pro that they slow down the loading of almost anything on my laptop.
A clean install or a reset of Windows 11 Pro 22H2 has an issue with Simple Windows Hardening and/or Hard_Configurator that the SRP part is not working.

So I decided to go with FS Protection (F-Secure Safe Beta) again.
For system hardening and privacy I am currently running a 30 day trial of NoVirusThanks SysHardener.
 
F

ForgottenSeer 97327

You have a Windows Pro, so you could use WDAC using the Wizard (link), it has a SmartAppControl.xml (link)

1. Make an image backup
2. Set the WDA in Audit mode (is the default) and check the event logs for problems (you can import them to create exception rules)
3. When you disable audit mode, enable
a) Enable Advance Boot Options menu (just in case, for easier disaster recover)
b) Enable Boot audit on failure (when a critical driver fails to load the WDAC falls back to Audit mode)

I like to use MD in MAX to apply a cloud based white as safety net.

Can you fallback to a previous image, so you can upgrade to Windows11 22H2. On my wife's laptop (with Windows11 22H2) SRP still works, so you could add SWH as an additional layer
 

Radagast_The_Brown

New Member
Jan 30, 2023
6
Good configuration noble friend ;)

Here's what I found in my files..
Gandalf-and-Radagast.jpg


A photo of the two of us together :D that moment was amazing
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top