Advanced Plus Security Gandalf_The_Grey's laptop config for 2020

Last updated
Nov 30, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall security
Microsoft Defender Firewall
About custom security
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Periodic malware scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Maintenance tools
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
File and Photo backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
System recovery
Windows system image
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Notable changes
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
My config for 2020.
Windows Defender and Hard_Configurator is probably enough, but I like the idea of WhitelistCloud by VoodooShield.
For office I use Microsoft Office 365 Home downloaded from the Microsoft Store.
As archiver I use Bandizip that keeps the mark of the web.
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: Brahman, ForgottenSeer 89360, valvaris and 29 others
Z

Zemana

New Member
Dec 31, 2019
7
Lots of people in their 2020 configurations have Windows Defender Firewall as their main Firewall like yours Gandalf. However, when I turn on my real-time protection Norton, it says in Windows Defender setting that the firewall is now Norton. Should that happen? What is better Windows Defender Firewall or Norton Smart Firewall?
 
  • Like
Reactions: Stopspying, Nevi, [correlate] and 8 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Like @oldschool said, full Antivirus suites such as most versions of Norton Security include their own firewall, and they turn off Windows firewall. That is fine, Norton firewall is good.
Many forum members do not use full Antivirus suites, so that's why they are using Windows firewall.
 
  • Like
Reactions: Stopspying, Nevi, [correlate] and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
Inspired by the config of @silversurfer : SECURE: Complete - silversurfer Laptop Security Config 2020
I decided to see what config worked the best on my laptop:
Windows Defender (with ConfigureDefender at High)
Ziggo Safe Online (F-Secure Safe (free from my ISP))
Kaspersky Security Cloud Free
For me, Kaspersky Security Cloud Free is the lightest on my system at the moment while still offering very good protection.
Replaced (maybe temporarily) uBlock Origin with AdGuard for adding Googles Safe Browsing to the mix.
 
  • Like
Reactions: scorpionv, Stopspying, Nevi and 12 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,514
Sometimes I ask myself if H_C can be useful for protecting the computers of MT members, because it was never the primary goal of H_C. It is possible, that anyone who can use it and understand how it works, in fact, does not need it anymore to protect his/her computer and can start to use it to protect family/friends computers.
H_C can be also useful as a kind of educational tool to understand some important features of Windows security.
 
Last edited:
  • Like
Reactions: Stopspying, Nevi, Venustus and 8 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
Outpost said:
Sorry, but from his penultimate post he seemed to be using them both. Obviously I misinterpreted.
Click to expand...
Sorry for not being clear enough.
I tried 3 kinds of config on my laptop.
1) Window Defender with ConfigureDefender on high.
2) Ziggo Safe Online
3) Kaspersky Security Cloud Free
Config 3 worked the best for me on this laptop.
All 3 configs were with Hard_Configurator for added security and O&O ShutUp10 for added privacy.
 
  • Like
Reactions: Cortex, Nevi, Venustus and 8 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
Andy Ful said:
Sometimes I ask myself if H_C can be useful for protecting the computers of MT members, because it was never the primary goal of H_C. It is possible, that anyone who can use it and understand how it works, in fact, does not need it anymore to protect his/her computer and can start to use it to protect family/friends computers.
H_C can be also useful as a kind of educational tool to understand some important features of Windows security.
Click to expand...
I have learned so much using your tools and discussing issues/blocks and still don't know enough to have the confidence to do all manually.
And why should I? Your tools are very useful to harden windows and configuring Windows Defender. It's so much easier than doing it manually and do not forget the logging is very useful for solving issues and blocks. Again many thanks from me. 🙏
 
  • Like
Reactions: Cortex, Nevi, stefanos and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
Trying out the new Hard_Configurator 5.0.0.1 beta.
Replaced Bandizip with Explzh because of the advertisements in the free version of Bandizip.
Explzh keeps the mark of the web.
Because I can only use uBlock Origin and LastPass on my work and I want to keep my configurations as much the same as possible I ditched AdGuard and Bitwarden.
Enabled 2FA with the Microsoft Authenticator app for my Microsoft, Google, Twitter, PayPal and LastPass account.
 
  • Like
  • Applause
Reactions: Cortex, HarborFront, imuade and 16 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,284
Got a new HP OfficeJet Pro 9015 All-in-One Printer this weekend:
Unfortunately I couldn't get scanning over wifi to my laptop to work with Hard_Configurator at recommended settings.
And I couldn't find any blocks in the logs to help me troubleshoot that problem.
So I removed Hard_Configurator but kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
I added SysHardner (recommended settings) and VoodooShield (AutoPilot Mode).
Now everything works fine.
 
  • Like
  • Applause
  • +Reputation
Reactions: FireHammer, Cortex, Protomartyr and 10 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,514
Gandalf_The_Grey said:
Got a new HP OfficeJet Pro 9015 All-in-One Printer this weekend:
Unfortunately I couldn't get scanning over wifi to my laptop to work with Hard_Configurator at recommended settings.
And I couldn't find any blocks in the logs to help me troubleshoot that problem.
So I removed Hard_Configurator but kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
I added SysHardner (recommended settings) and VoodooShield (AutoPilot Mode).
Now everything works fine.
Click to expand...
It was not probably blocked by SRP default-deny, but by one o the hardening restrictions (from the right panel) or by one of FirewallHardening rules. HP printers use HTA scripts, and if mshta.exe outbound connections are blocked the Wi-Fi features may not work properly. Anyway, you did not need the H_C to be safe.:)(y)
 
Last edited:
  • Like
  • Thanks
  • Applause
Reactions: FireHammer, Cortex, Nevi and 9 others
You must log in or register to reply here.

Similar threads

RRlight
    • Like
Advanced Security RRlight gaming laptop config 2024
Replies
4
Views
218
PC Setup Configuration Help & Showcase
RRlight
RRlight
Gandalf_The_Grey
    • Like
Microsoft pulls fix for Outlook bug behind ICS security alerts
Replies
1
Views
489
Office, email and business apps
Bot
Bot
S
New Microsoft guidance for the DoD Zero Trust Strategy
Replies
1
Views
643
Microsoft Defender
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top