SECURITY: Complete Gandalf_The_Grey's laptop config for 2020

Last updated
Nov 30, 2020
About
Personal, primary device
Desktop OS
Windows 10
Login security
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Real-time protection
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Malware testing
No malware samples
Periodic security scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
Browsers, Search and Addons
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Maintenance and Cleaning
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
Personal Files & Photos backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Windows system image
Device backup routine
PC activity
  1. Browsing the web. 
  2. Banking. 
  3. Working from home. 
  4. Multimedia. 
  5. Streaming. 
  6. Shared access. 
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Personal changelog
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,080
Got a new HP OfficeJet Pro 9015 All-in-One Printer this weekend:
Unfortunately I couldn't get scanning over wifi to my laptop to work with Hard_Configurator at recommended settings.
And I couldn't find any blocks in the logs to help me troubleshoot that problem.
So I removed Hard_Configurator but kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
I added SysHardner (recommended settings) and VoodooShield (AutoPilot Mode).
Now everything works fine.
Those HP wifi-enabled printers have a big problem with changing IP. You often need to restart the computer and/or the printer to get it to recognize the IP of the printer. Simply drives me crazy, so I made a wired connection from the printer to the router.
It is sort of a random issue, you never know when the printer will work and when it will not.
Just thought I would mention that -- you might have a different problem.
 

blackice

Level 33
Verified
Apr 1, 2019
2,204
Those HP wifi-enabled printers have a big problem with changing IP. You often need to restart the computer and/or the printer to get it to recognize the IP of the printer. Simply drives me crazy, so I made a wired connection from the printer to the router.
It is sort of a random issue, you never know when the printer will work and when it will not.
Just thought I would mention that -- you might have a different problem.
I can second that I’ve had this problem. It’s also been worse on some routers than others.
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,974
Those HP wifi-enabled printers have a big problem with changing IP. You often need to restart the computer and/or the printer to get it to recognize the IP of the printer. Simply drives me crazy, so I made a wired connection from the printer to the router.
It is sort of a random issue, you never know when the printer will work and when it will not.
Just thought I would mention that -- you might have a different problem.
I can second that I’ve had this problem. It’s also been worse on some routers than others.
Thanks you both for your replies. Not a problem at the moment but good to know there is a workaround (wired connection) 👍
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,974
It was not probably blocked by SRP default-deny, but by one o the hardening restrictions (from the right panel) or by one of FirewallHardening rules. HP printers use HTA scripts, and if mshta.exe outbound connections are blocked the Wi-Fi features may not work properly. Anyway, you did not need the H_C to be safe.:)(y)
Thanks @Andy Ful 👍
I had removed all FirewallHardening rules, so it was probably one of the hardening restrictions (from the right panel).
Good to know where to start troubleshooting if I want to return to the H_C one day.
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,974
COVID19 introduced working from home and like our president calls it intelligent self-isolation.
As a result, I use my personal laptop more and more, also for work and spent even more time here on MalwareTips.
After discussion with @oldschool and @The Cog in the Machine I realized that Windows Defender and VoodooShield are not the best combo.
Together they cause a delay when launching apps and that the by my ISP offered Ziggo Safe Online by F-Secure is a great alternative.
I had my doubts about SysHardner because it's not actively supported at the moment.
Luckily Hard_Configurator is a well-supported alternative, thanks again @Andy Ful !
I love to use tools like uBlock Origin, Hard_Configurator, and VoodooShield because of their logs.
With those logs, you can clearly see what's happening on your system.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,616
COVID19 introduced working from home and like our president calls it intelligent self-isolation.
As a result, I use my personal laptop more and more, also for work and spent even more time here on MalwareTips.
After discussion with @oldschool and @The Cog in the Machine I realized that Windows Defender and VoodooShield are not the best combo.
Together they cause a delay when launching apps and that the by my ISP offered Ziggo Safe Online by F-Secure is a great alternative.
I had my doubts about SysHardner because it's not actively supported at the moment.
Luckily Hard_Configurator is a well-supported alternative, thanks again @Andy Ful !
I love to use tools like uBlock Origin, Hard_Configurator, and VoodooShield because of their logs.
With those logs, you can clearly see what's happening on your system.
F-Secure is very decent and light on system resources. Are you planning to use Voodooshield with it (I would not)?
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,616
I tried f secure 2 months ago. And a year ago. Same results on my system. Low ram and cpu. Slow boot time , and delay the browsers and applications
While it is surprising to me, I know that the same product might behave differently on different systems. Anyway, I suggest you contact the support if it happens and you try F-Secure again; I feel that there was sth wrong on your device as I did not experience a delay in system startup even on a low-end laptop. The only slowdown happens when you enable F-Secure browser extension.
 

stefanos

Level 28
Verified
Oct 31, 2014
1,726
While it is surprising to me, I know that the same product might behave differently on different systems. Anyway, I suggest you contact the support if it happens and you try F-Secure again; I feel that there was sth wrong on your device as I did not experience a delay in system startup even on a low-end laptop. The only slowdown happens when you enable F-Secure browser extension.
I have one year licence from MT. But for now i am so pleased with Kaspersky. My laptop start like ferari , so low RAM and CPU . Just perfect
 

stefanos

Level 28
Verified
Oct 31, 2014
1,726
While it is surprising to me, I know that the same product might behave differently on different systems. Anyway, I suggest you contact the support if it happens and you try F-Secure again; I feel that there was sth wrong on your device as I did not experience a delay in system startup even on a low-end laptop. The only slowdown happens when you enable F-Secure browser extension.
For this i write on my system ;)
 

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,974
@stefanos and @The Cog in the Machine No issues here with boot time and delays of the web browser.

For me, the boot time is always the same with Windows Defender, Kaspersky Security Cloud Free, and Ziggo safe Online:
Aantekening 2020-03-28 213207.png

Maybe disabling banking protection is the cause that I notice no delays in web browsing.

And of course, every system is different...
 

Stopspying

Level 14
Verified
Jan 21, 2018
624
I noticed that you use PatchMyPC and SUMo, do you find that one of them finds enough updates that the other one misses to make it worthwhile to use both? Currently I'm only using PatchMyPC, I used to use both but I wasn't too sure what KCSoftwares (SUMo's makers) do with the information SUMo gathers from our devices.

I love to use tools like uBlock Origin, Hard_Configurator, and VoodooShield because of their logs.
With those logs, you can clearly see what's happening on your system.
(y)
 

sepik

Level 11
Aug 21, 2018
521
Nice setup, indeed! How about Driver Easy, is it any good? Im using Driver Booster/Snappy Driver Installer Origin.
According to your hw spec, you are using 850 Evo m.2. About a week ago Samsung released v3.3 nvme m.2 drivers. Im using two years old Lenovo Legion desktop 'puter with OEM Samsung m2 nvme 256gb. So for testing purposes, i "forced" to install the new v3.3 driver. Then i ran crystal disk mark and noticed roughly +7 % read/write speed boost. Well, even +7% is not much, but not bad either. :)
EDIT: Forgot to say, for OEM nvme m2, Windows uses its own "Microsoft surface..." drivers. Force it to use samsung nvme m2, and speeds goes up to like 15%. Which is quite funny i think.
 
Top