Recent changes
Nov 30, 2020
Device priority
Primary device
Operating system
Windows 10
Sign-in account
Sign in with Microsoft ID
Log-in security
    • Windows Hello Fingerprint
    • Windows Hello PIN
Account permissions
Administrator account
Security updates
Automatically allow security and feature updates
Windows UAC
Always notify
Malware samples
No - Malware samples are not purposely downloaded
Real-time Malware protection
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall protection
Microsoft Defender Firewall
RTP configuration
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Periodic scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
VPN and Privacy
MS Edge Tracking Prevention on balanced.
uBlock Origin with its own filters and some optimized and plus filters from FilterLists | Subscriptions for uBlock Origin, Adblock Plus, AdGuard, ...
Winscribe VPN
Browser(s) and Add-ons
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Maintenance tools
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
Photos and Files backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
File backup schedule
Changes are automatically sync'd to my cloud storage provider
Backup and rollback
Windows system image
Backup schedule
Manually managed on a yearly basis
Activity usage
  1. Generic web browsing
  2. Financial and sensitive documents
  3. Working from home
  4. Video and photo editing
  5. Streaming audio and video content from the Internet
  6. Shared among other family members
Computer hardware
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Your changelog
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

shmu26

Level 85
Verified
Trusted
Content Creator
Nice setup, indeed! How about Driver Easy, is it any good? Im using Driver Booster/Snappy Driver Installer Origin.
According to your hw spec, you are using 850 Evo m.2. About a week ago Samsung released v3.3 nvme m.2 drivers. Im using two years old Lenovo Legion desktop 'puter with OEM Samsung m2 nvme 256gb. So for testing purposes, i "forced" to install the new v3.3 driver. Then i ran crystal disk mark and noticed roughly +7 % read/write speed boost. Well, even +7% is not much, but not bad either. :)
Do regular SATA-attached SSDs need updates?
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
I noticed that you use PatchMyPC and SUMo, do you find that one of them finds enough updates that the other one misses to make it worthwhile to use both? Currently I'm only using PatchMyPC, I used to use both but I wasn't too sure what KCSoftwares (SUMo's makers) do with the information SUMo gathers from our devices.


(y)
I use the free version of Suma because you can add a folder with some portable apps and you will be noticed of updates for them.
That's the plus of Suma. PatchMyPC can updates apps itself (for free), that's the plus of PatchMyPC.
Some screenshots:
Aantekening 2020-03-31 111041.png
Aantekening 2020-03-31 111042.png
 

stefanos

Level 28
Verified
@stefanos and @The Cog in the Machine No issues here with boot time and delays of the web browser.

For me, the boot time is always the same with Windows Defender, Kaspersky Security Cloud Free, and Ziggo safe Online:
View attachment 235704
Maybe disabling banking protection is the cause that I notice no delays in web browsing.

And of course, every system is different...
The problem to my system is I have a delay in all applications. But not in browser. And have some freezes on the laptop. I have noticed that in some systems it is very good, and in some like mine not. For this reason, everyone should find what suits him and works well in his system. That's why when I try something I say that in my system this product is good or not. I never blame any product. Only the Panta Protection :LOL: :LOL:

The problem to my system is I have a delay in all applications. But not in browser. And have some freezes on the laptop. I have noticed that in some systems it is very good, and in some like mine not. For this reason, everyone should find what suits him and works well in his system. That's why when I try something I say that in my system this product is good or not. I never blame any product. Only the Panta Protection :LOL: :LOL:
with WINDOWS DEFENDER i have very fast boot
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Nice setup, indeed! How about Driver Easy, is it any good? Im using Driver Booster/Snappy Driver Installer Origin.
According to your hw spec, you are using 850 Evo m.2. About a week ago Samsung released v3.3 nvme m.2 drivers. Im using two years old Lenovo Legion desktop 'puter with OEM Samsung m2 nvme 256gb. So for testing purposes, i "forced" to install the new v3.3 driver. Then i ran crystal disk mark and noticed roughly +7 % read/write speed boost. Well, even +7% is not much, but not bad either. :)
EDIT: Forgot to say, for OEM nvme m2, Windows uses its own "Microsoft surface..." drivers. Force it to use samsung nvme m2, and speeds goes up to like 15%. Which is quite funny i think.
Thanks, but my SSD is not a nvme one, so I won't need or benefit from those drivers.
Driver Easy is (paid) a very nice driver updater.
More info here: Update - Driver Easy
 

sepik

Level 10
Do regular SATA-attached SSDs need updates?
Samsung released their "Magician" software v6.1 while ago. This v3.3 driver is for their nvme m2 drives only. But it works really good for their OEM nvme m2 drives too. If you use or have a friends that use samsung oem nvme m2 drive(s), just install latest v3.3. According to Crystal DiskMark, for example SeqQ32T1 speeds were about 2.900/mbs and now with forced v3.3 it went to 3.100mb/s. 4KibQ1T write speed was about 96mbit/s, now its 128mbit/s. Not bad, eh? :)
 

Stopspying

Level 10
I use the free version of Suma because you can add a folder with some portable apps and you will be noticed of updates for them.
That's the plus of Suma. PatchMyPC can updates apps itself (for free), that's the plus of PatchMyPC.
Some screenshots:
View attachment 235913View attachment 235914
Thanks for the reply. I had a SUMo license and then removed it when that ran out, I'll probably get the free version and see what it finds needs updating which PatchMyPC has missed after you've shown us this. I've kept an eye on software that regularly has updates that I noticed PatchMyPC didn't pick up on, but there's likely to be somethings I've missed. Thanks again.
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Further cleanup of my config.
Uninstalled VoodooShield (nice but not really needed).
Replaced uBlock Origin with AdGuard because I get less ad block warnings with AdGuard now and it just works.
Can change repeatedly, I just like them both :D
Removed Certificate Info and Netcraft because they are not available in the Microsoft Store and not really needed.

The biggest change is going with the recommended settings of Hard_Configurator 5.0.0.1 beta again.
So far printing and scanning with my HP OfficeJet Pro 9015 is working great.

I had only 1 block in the logs for C:\Users\Gandalf\AppData\Local\Temp\7zS6ECF\FileExtractor.exe
This extracts a fresh copy of HP Print and Scan Doctor when you want to solve any issues.
I whitelisted that file by hash.
@Andy Ful Is that the right way?
 

blackice

Level 28
Verified
Further cleanup of my config.
Uninstalled VoodooShield (nice but not really needed).
Replaced uBlock Origin with AdGuard because I get less ad block warnings with AdGuard now and it just works.
Can change repeatedly, I just like them both :D
Removed Certificate Info and Netcraft because they are not available in the Microsoft Store and not really needed.

The biggest change is going with the recommended settings of Hard_Configurator 5.0.0.1 beta again.
So far printing and scanning with my HP OfficeJet Pro 9015 is working great.

I had only 1 block in the logs for C:\Users\Gandalf\AppData\Local\Temp\7zS6ECF\FileExtractor.exe
This extracts a fresh copy of HP Print and Scan Doctor when you want to solve any issues.
I whitelisted that file by hash.
@Andy Ful Is that the right way?
Glad to hear this is working for you. My HP is very finicky, so it’s always good to find a setup that is secure and lets it just work.
 

Andy Ful

Level 65
Verified
Trusted
Content Creator
...
I had only 1 block in the logs for C:\Users\Gandalf\AppData\Local\Temp\7zS6ECF\FileExtractor.exe
This extracts a fresh copy of HP Print and Scan Doctor when you want to solve any issues.
I whitelisted that file by hash.
@Andy Ful Is that the right way?
Yes, the hash rule is the safest one. The folder:
...\AppData\Local\Temp\7zS6ECF\
is a 7-Zip temporary folder - the 4 letters and digits (6ECF) will change any time the file will be executed. So, whitelisting by path would require a special path rule with wildcards.

I noticed something strange anyway. The rule used by H_C to block the execution from 7-Zip temporary folder is:
...AppData\Local\Temp\7z?????????\
But, your blocked folder is another type, because it has only 4 changing letters and digits (instead of 8).
Could you look at H_C log, to confirm what rule blocked the FileExtractor.exe ?
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Yes, the hash rule is the safest one. The folder:
...\AppData\Local\Temp\7zS6ECF\
is a 7-Zip temporary folder - the 4 letters and digits (6ECF) will change any time the file will be executed. So, whitelisting by path would require a special path rule with wildcards.

I noticed something strange anyway. The rule used by H_C to block the execution from 7-Zip temporary folder is:
...AppData\Local\Temp\7z?????????\
But, your blocked folder is another type, because it has only 4 changing letters and digits (instead of 8).
Could you look at H_C log, to confirm what rule blocked the FileExtractor.exe ?
Thanks Andy (y)
This is the complete line in the log:
De beheerder heeft de toegang tot C:\Users\Gandalf\AppData\Local\Temp\7zS6ECF\FileExtractor.exe beperkt op locatie met de beleidsregel {1016bbe0-a716-428b-822e-3e544b6a3281} voor het pad C:\Users\*\AppData\Local\Temp\7z?????????\*.exe.
 

Stopspying

Level 10
Replaced uBlock Origin with AdGuard because I get less ad block warnings with AdGuard now and it just works.
That is interesting, I get very few warnings from uBlockOrigin. I haven't tweaked it very much from the default settings as it seemed to work well at blocking what I wanted blocked with those. I browse a wide variety of sites so I know that I'm go to ones which want to load up tons of ads, but I never see any.
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
That is interesting, I get very few warnings from uBlockOrigin. I haven't tweaked it very much from the default settings as it seemed to work well at blocking what I wanted blocked with those. I browse a wide variety of sites so I know that I'm go to ones which want to load up tons of ads, but I never see any.
Next week it can be the other way around for some sites I'm visiting...
Now I use Edge Tracking Protection on Strict and AdGuard with optimized (now 63100 adblocking rules) filters.