Recent changes
Nov 14, 2020
Device priority
Primary device
Operating system
Windows 10
Sign-in account
Sign in with Microsoft ID
Log-in security
    • Windows Hello Fingerprint
    • Windows Hello PIN
Account permissions
Administrator account
Security updates
Automatically allow security and feature updates
Windows UAC
Always notify
Malware samples
No - Malware samples are not purposely downloaded
Real-time Malware protection
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall protection
Microsoft Defender Firewall
RTP configuration
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled
Memory integrity under Core Isolation enabled
Microsoft Defender Application Guard for isolated browsing installed
NoVirusThanks SysHardener at recommended settings
Periodic scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
VPN and Privacy
MS Edge Tracking Prevention on Strict, AdGuard extension in incognito mode and Cleanbrowsing Adult DNS content filter on the router.
Browser(s) and Add-ons
Microsoft Edge with AdGuard, Bitwarden and Microsoft Editor
Maintenance tools
CCleaner, PatchMyPC, SUMo and Driver Easy Pro
Photos and Files backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
File backup schedule
Changes are automatically sync'd to my cloud storage provider
Backup and rollback
Windows system image
Backup schedule
Manually managed on a yearly basis
Activity usage
  1. Generic web browsing
  2. Financial and sensitive documents
  3. Working from home
  4. Video and photo editing
  5. Streaming audio and video content from the Internet
  6. Shared among other family members
Computer hardware
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Your changelog
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

Back3

Level 6
I just ditched H_C for Comodo Firewall :D
But keep being interested in its development.

There are so many great programs to choose from...Windows Defender (with Andy's tools), Kaspersky Security Cloud Free, F-Secure Safe, Comodo Firewall, VoodooShield (and of course the complete Hard_Configurator package).

The latest version 12.2.2.7036 of Comodo Firewall works great and without any issues on my system (y)

These great programs are like chocolates: we want to taste them all....:p
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Went back to the most privacy conscious AV with good offline protection and great support: Emsisoft Anti-Malware Home.
I think the weak spots of this AV will be covered by the recommended settings of the new Hard_Configurator 5.0.1.1 beta together with the AdGuard extension and SmartScreen in Edge.
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Bought myself a TP-Link Archer AX6000 router and let my ISP set their cable modem in bridge mode.
No more WIFI problems, very stable connection now all over the house and built-in TP-Link HomeCare by Trend Micro.

Tried out some AV's again to see what works the best on my laptop.

Windows Defender with Controlled Folder Access always preforms great in the HUB but is still a pain to use. Lately even OneDrive got blocked.

Ziggo Safe Online by F-Secure has an even greater delay than Windows Defender when opening my downloads folder and its protected folder feature doesn't work. Don't like its banking protection either because of issues with IDEAL payments.

While I love Emsisoft Anti-Malware and have profound respect for its developers and customer service it's just not stable. The GUI crashed more than once when trying to change some settings. So again, a short career on my system, unfortunately.

Tried Kaspersky Security Cloud Free again and it performs great (since patch j?).
Supplemented by the latest HC beta with the Windows 10 Basic Recommended Settings profile.

My final config till the MT Virus strikes again 🤔
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Blocking their own product? M$ wouldn't do that, would they? ;):D I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.:rolleyes:
Maybe because my OneDrive folder is on D? Never had a block like that (if it was indeed a real block) before. Could of course whitelist onedrive.exe but that shouldn't be necessary. OneDrive is a particularly important part of my backup strategy with MS 365 ransomware protection. IMO I can't trust CFA working like it should do on computers of family and friends when I'm not around. That's why I chose Kaspersky Security Cloud Free strengthened with the basic profile of Hard_Configurator.
 

SeriousHoax

Level 32
Verified
Blocking their own product? M$ wouldn't do that, would they? ;):D I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.:rolleyes:
Maybe because my OneDrive folder is on D? Never had a block like that (if it was indeed a real block) before. Could of course whitelist onedrive.exe but that shouldn't be necessary. OneDrive is a particularly important part of my backup strategy with MS 365 ransomware protection. IMO I can't trust CFA working like it should do on computers of family and friends when I'm not around. That's why I chose Kaspersky Security Cloud Free strengthened with the basic profile of Hard_Configurator.
In my experience CFA blocks everything trusted or not. It blocks mspaint, snipping tools like system apps too. They follow a default deny approach here. You may have seen F-Secure's test done by MacDefender where F-Secure failed even though protected folders was enabled because it trusts 7zip.exe. So tbh, Microsoft's approach is safer and less prone to failure. Also, they don't enable it by default so those who enables, Microsoft expect them to whitelist their required programs.
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Get some eplore.exe crashes lately.
Anybody knows how to troubleshoot those crashes?
Beschrijving
Pad naar toepassing met fout: C:\Windows\explorer.exe

Probleem met handtekening
Naam van probleemgebeurtenis: APPCRASH
Naam van de toepassing: Explorer.EXE
Versie van toepassing: 10.0.18362.815
Tijdstempel van toepassing: 51185cb4
Naam van foutmodule: ntdll.dll
Versie van foutmodule: 10.0.18362.815
Tijdstempel van foutmodule: b29ecf52
Uitzonderingscode: c000071f
Uitzonderingsmarge: 00000000000b2cca
Versie van besturingssysteem: 10.0.18363.2.0.0.256.48
Landinstelling-id: 1043
Aanvullende informatie 1: 036d
Aanvullende informatie 2: 036d25959e361ad38b77dfb223a7efe8
Aanvullende informatie 3: 9018
Aanvullende informatie 4: 90189745a5011ea35cd1259ca67cc538

Extra informatie over het probleem
Bucket-id: 8efcb33d89bbceb748183a58862606d6 (1736201808233498326)
Ran sfc /scannow and it repaired some issues.
After a reboot, the second scan didn't show any issues.
 

pablozi

Level 26
Verified
Trusted

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator

pablozi

Level 26
Verified
Trusted
Thanks, but I don't think I can find out more information.
The error came from ntdll.dll and AppCrashView let you see its path: C:\WINDOWS\SYSTEM32\ntdll.dll
Don't know how to proceed further...
In most cases it will be display driver or security software.
Have you been messing around with either one of them recently?
You might also try to clear file explorer cache.
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
In most cases it will be display driver or security software.
Have you been messing around with either one of them recently?
You might also try to clear file explorer cache.
The most recent change was Kaspersky Security Cloud Free.
Will see if after uninstalling KSC Free and going back to Windows Defender the crashes are gone.
Thanks for your help (y)
 

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Back to built-in Windows security enhanced by the wonderful tools of @Andy Ful
My laptop seems to work better and with less issues without a third-party AV.
Followed the advice of @security123 and now use only three extensions: an adblocker, a password manager and a writing tool.
Aantekening 2020-05-18 204034.png
 
Last edited:

Gandalf_The_Grey

Level 38
Verified
Trusted
Content Creator
Updated config.
Did made me try the combo of uBlock Origin and Bitwarden once again.
The speed difference compared with the combination of AdGuard and LastPass is very noticeable in everyday browsing.

The release of Simple Windows Hardening by @Andy Ful let me think again about my security config.
Because I use Microsoft 365, I will get the most protection with Windows built-in tools.
The weak point of my config is quoted from @Andy Ful :
THE EXE / MSI 0-DAY MALWARE
The SWH application does not apply restrictions to EXE and MSI files, because these files are often used to install/update applications. Nowadays, many antivirus solutions have very good detection of such files, as compared to the detection of scripts. But still, the antivirus proactive features can have a problem with 0-day malware. In the home environment, the main delivery vectors of 0-day malware are spam emails and flash drives (USB drives).
The user has to be very careful when running EXE/MSI files originated from:
  • Internet web links embedded in the emails.
  • Attachments embedded in the emails.
  • Flash drives (USB drives) shared with other people.
When using SWH restrictions, the user can consider the RunBySmartScreen tool. It allows checking any EXE/MSI file against the Microsoft SmartScreen Application Reputation service in the cloud. Many such files are accepted by SmartScreen, and this is the best way to avoid the 0-day malware. If the EXE/MSI file is not recognized by SmartScreen as safe or malicious, then the simplest method is waiting a minimum one day before running the unsafe file. After one day most of the malicious links are dead and most of the 0-day malware are properly detected by a good antivirus.
For that reason, I added the Bitdefender TrafficLight extension to Edge and WhitelistCloud from @danb to my system.
With Simple Windows Hardening I would have to add ConfigureDefender and Run-By-Smartscreen and I use Autoruns.
So, with keeping Hard_Configurator (using the Windows_10_Basic_Recommended_Settings profile) I have all those tools in one installer.
 
Top