Advanced Plus Security Gandalf_The_Grey's laptop config for 2020

[Back3]

I just ditched H_C for Comodo Firewall
But keep being interested in its development.

There are so many great programs to choose from...Windows Defender (with Andy's tools), Kaspersky Security Cloud Free, F-Secure Safe, Comodo Firewall, VoodooShield (and of course the complete Hard_Configurator package).

The latest version 12.2.2.7036 of Comodo Firewall works great and without any issues on my system

These great programs are like chocolates: we want to taste them all....

 

[ForgottenSeer 55474]

Hello, Very nice Configuration, have not seen anything like it, Thanks!

 

[Gandalf_The_Grey]

Went back to the most privacy conscious AV with good offline protection and great support: Emsisoft Anti-Malware Home.
I think the weak spots of this AV will be covered by the recommended settings of the new Hard_Configurator 5.0.1.1 beta together with the AdGuard extension and SmartScreen in Edge.

 

[oldschool]

I think the weak spots of this AV will be covered by the

... excellent malware removal and customer service!

Edit: I mean this seriously, because most users don't use H_C.

 

[oldschool]

Did you buy it for the whole family?

 

[Gandalf_The_Grey]

Did you buy it for the whole family?

I bought a 3-seat license for my personal laptop and the ones of my son and daughter.
My mother uses an old desktop with Windows Defender and Hard_Configurator.
My mother in law uses a new laptop with KPN Veilig by F-Secure and Hard_Configurator.

 

[Gandalf_The_Grey]

Bought myself a TP-Link Archer AX6000 router and let my ISP set their cable modem in bridge mode.

AX6000 Next-Gen Wi-Fi Router

AX6000 Dual-Band Wi-Fi speed boosted by 1024-QAM delivers astonishing wireless speeds of up to 5952 Mbps: 4804 Mbps (5 GHz) and 1148 Mbps (2.4 GHz).

www.tp-link.com

No more WIFI problems, very stable connection now all over the house and built-in TP-Link HomeCare by Trend Micro.

Tried out some AV's again to see what works the best on my laptop.

Windows Defender with Controlled Folder Access always preforms great in the HUB but is still a pain to use. Lately even OneDrive got blocked.

Ziggo Safe Online by F-Secure has an even greater delay than Windows Defender when opening my downloads folder and its protected folder feature doesn't work. Don't like its banking protection either because of issues with IDEAL payments.

While I love Emsisoft Anti-Malware and have profound respect for its developers and customer service it's just not stable. The GUI crashed more than once when trying to change some settings. So again, a short career on my system, unfortunately.

Tried Kaspersky Security Cloud Free again and it performs great (since patch j?).
Supplemented by the latest HC beta with the Windows 10 Basic Recommended Settings profile.

My final config till the MT Virus strikes again

 

[oldschool]

Lately even OneDrive got blocked.

Blocking their own product? M$ wouldn't do that, would they? I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.

 

[Gandalf_The_Grey]

Blocking their own product? M$ wouldn't do that, would they? I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.

Maybe because my OneDrive folder is on D? Never had a block like that (if it was indeed a real block) before. Could of course whitelist onedrive.exe but that shouldn't be necessary. OneDrive is a particularly important part of my backup strategy with MS 365 ransomware protection. IMO I can't trust CFA working like it should do on computers of family and friends when I'm not around. That's why I chose Kaspersky Security Cloud Free strengthened with the basic profile of Hard_Configurator.

 

[SeriousHoax]

Blocking their own product? M$ wouldn't do that, would they? I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.

Maybe because my OneDrive folder is on D? Never had a block like that (if it was indeed a real block) before. Could of course whitelist onedrive.exe but that shouldn't be necessary. OneDrive is a particularly important part of my backup strategy with MS 365 ransomware protection. IMO I can't trust CFA working like it should do on computers of family and friends when I'm not around. That's why I chose Kaspersky Security Cloud Free strengthened with the basic profile of Hard_Configurator.

In my experience CFA blocks everything trusted or not. It blocks mspaint, snipping tools like system apps too. They follow a default deny approach here. You may have seen F-Secure's test done by MacDefender where F-Secure failed even though protected folders was enabled because it trusts 7zip.exe. So tbh, Microsoft's approach is safer and less prone to failure. Also, they don't enable it by default so those who enables, Microsoft expect them to whitelist their required programs.

 

[oldschool]

Maybe because my OneDrive folder is on D?

I suppose I would suspect it as well.

 

[Gandalf_The_Grey]

Get some eplore.exe crashes lately.
Anybody knows how to troubleshoot those crashes?

Beschrijving
Pad naar toepassing met fout: C:\Windows\explorer.exe

Probleem met handtekening
Naam van probleemgebeurtenis: APPCRASH
Naam van de toepassing: Explorer.EXE
Versie van toepassing: 10.0.18362.815
Tijdstempel van toepassing: 51185cb4
Naam van foutmodule: ntdll.dll
Versie van foutmodule: 10.0.18362.815
Tijdstempel van foutmodule: b29ecf52
Uitzonderingscode: c000071f
Uitzonderingsmarge: 00000000000b2cca
Versie van besturingssysteem: 10.0.18363.2.0.0.256.48
Landinstelling-id: 1043
Aanvullende informatie 1: 036d
Aanvullende informatie 2: 036d25959e361ad38b77dfb223a7efe8
Aanvullende informatie 3: 9018
Aanvullende informatie 4: 90189745a5011ea35cd1259ca67cc538

Extra informatie over het probleem
Bucket-id: 8efcb33d89bbceb748183a58862606d6 (1736201808233498326)

Ran sfc /scannow and it repaired some issues.
After a reboot, the second scan didn't show any issues.

 

[enaph]

Get some eplore.exe crashes lately.
Anybody knows how to troubleshoot those crashes?

Ran sfc /scannow and it repaired some issues.
After a reboot, the second scan didn't show any issues.

You can use AppCrashView - View application crashes (.wer files) in Windows 7/Vista to read the .wer files created during the app crash.
This might help you to see which module caused the crash.

 

[Gandalf_The_Grey]

You can use AppCrashView - View application crashes (.wer files) in Windows 7/Vista to read the .wer files created during the app crash.
This might help you to see which module caused the crash.

Thanks, but I don't think I can find out more information.
The error came from ntdll.dll and AppCrashView let you see its path: C:\WINDOWS\SYSTEM32\ntdll.dll
Don't know how to proceed further...

 

[enaph]

Thanks, but I don't think I can find out more information.
The error came from ntdll.dll and AppCrashView let you see its path: C:\WINDOWS\SYSTEM32\ntdll.dll
Don't know how to proceed further...

In most cases it will be display driver or security software.
Have you been messing around with either one of them recently?
You might also try to clear file explorer cache.

 

[Gandalf_The_Grey]

In most cases it will be display driver or security software.
Have you been messing around with either one of them recently?
You might also try to clear file explorer cache.

The most recent change was Kaspersky Security Cloud Free.
Will see if after uninstalling KSC Free and going back to Windows Defender the crashes are gone.
Thanks for your help

 

[plat]

Windows Defender with Controlled Folder Access always preforms great in the HUB but is still a pain to use.

I didn't have much luck with it either, Gandalf_The_Grey. It's one of those theory-to-practice discrepancies. At least it'll always be there in Defender's Settings, waiting for another chance.

 

[LDogg]

Fantastic setup!!

~LDogg

 

[Gandalf_The_Grey]

Back to built-in Windows security enhanced by the wonderful tools of @Andy Ful
My laptop seems to work better and with less issues without a third-party AV.
Followed the advice of @security123 and now use only three extensions: an adblocker, a password manager and a writing tool.

Microsoft Edge - Microsoft takes down malicious extension from the Edge Add-ons Store

Microsoft takes down malicious extension from the Edge Add-ons Store: Back in December, Microsoft Edge Addon Store went live for the public with around 160 extensions. Since then, the number has grown and in March, it passed 1,000 extensions. However, not all the extensions were created in good...

malwaretips.com

 

[Gandalf_The_Grey]

Updated config.

1000 Most Popular Chrome extensions Impact on Browser performance

I tested how the 1000 most popular Chrome extensions affect browser performance. The main metrics I'll consider are CPU consumption, memory consumption, and whether the extension makes pages render more slowly...

malwaretips.com

Did made me try the combo of uBlock Origin and Bitwarden once again.
The speed difference compared with the combination of AdGuard and LastPass is very noticeable in everyday browsing.

The release of Simple Windows Hardening by @Andy Ful let me think again about my security config.
Because I use Microsoft 365, I will get the most protection with Windows built-in tools.
The weak point of my config is quoted from @Andy Ful :

THE EXE / MSI 0-DAY MALWARE
The SWH application does not apply restrictions to EXE and MSI files, because these files are often used to install/update applications. Nowadays, many antivirus solutions have very good detection of such files, as compared to the detection of scripts. But still, the antivirus proactive features can have a problem with 0-day malware. In the home environment, the main delivery vectors of 0-day malware are spam emails and flash drives (USB drives).
The user has to be very careful when running EXE/MSI files originated from:

• Internet web links embedded in the emails.
• Attachments embedded in the emails.
• Flash drives (USB drives) shared with other people.

When using SWH restrictions, the user can consider the RunBySmartScreen tool. It allows checking any EXE/MSI file against the Microsoft SmartScreen Application Reputation service in the cloud. Many such files are accepted by SmartScreen, and this is the best way to avoid the 0-day malware. If the EXE/MSI file is not recognized by SmartScreen as safe or malicious, then the simplest method is waiting a minimum one day before running the unsafe file. After one day most of the malicious links are dead and most of the 0-day malware are properly detected by a good antivirus.

For that reason, I added the Bitdefender TrafficLight extension to Edge and WhitelistCloud from @danb to my system.
With Simple Windows Hardening I would have to add ConfigureDefender and Run-By-Smartscreen and I use Autoruns.
So, with keeping Hard_Configurator (using the Windows_10_Basic_Recommended_Settings profile) I have all those tools in one installer.