Advanced Plus Security Gandalf_The_Grey's laptop config for 2020

Last updated
Nov 30, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall security
Microsoft Defender Firewall
About custom security
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Periodic malware scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Maintenance tools
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
File and Photo backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
System recovery
Windows system image
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Notable changes
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Thinking about Simple Windows Hardening vs Hard_Configurator.
If you use Simple Windows Hardening with ConfigureDefender, FirewallHardening and use Autoruns isn't easier to just use Hard_Configurator with the Windows_10_Basic_Recommended_Settings profile instead?
One tool to install and not having to download and maintain multiple portable programs.
The protection level is the same.
Any pros or cons?
@Andy Ful What do you think?
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Thinking about Simple Windows Hardening vs Hard_Configurator.
If you use Simple Windows Hardening with ConfigureDefender, FirewallHardening and use Autoruns isn't easier to just use Hard_Configurator with the Windows_10_Basic_Recommended_Settings profile instead?
One tool to install and not having to download and maintain multiple portable programs.
The protection level is the same.
Any pros or cons?
Just going to use H_C as you are able to handle tools like that...
I'm personally running WD/MD and using H_C included tools like CD & FH, that's for me easier to control over the main GUI of H_C.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@Gandalf_The_Grey

No idea. These configs are the same.
You can use SWH + ConfigureDefender + FirewallHardening via 3 shortcuts on your Desktop (copy these applications first to Windows folder) or use H_C. It will be rather the choice of taste (like which GUI do you like better).:)
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
@Gandalf_The_Grey

No idea. These configs are the same.
You can use SWH + ConfigureDefender + FirewallHardening via 3 shortcuts on your Desktop (copy these applications first to Windows folder) or use H_C. It will be rather the choice of taste (like which GUI do you like better).:)
After trying both configs I like the one with the standalone tools more.
Just pinned those 3 to the startmenu.
Less exes installed in total and the logging is better / more filtered.
Example: the log of ConfigureDefender contains entries when Microsoft Defender (and the system) starts. Not needed I think.
The logs of the standalone ConfigureDefender doesn't show them.
Both contain some blocks for Controlled Folder Access (needed).
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Experimenting with the for me best and most easy protection for the laptops in my household/family
Tried VoodooShield, but one of the laptops in my household froze completely with it.
Tried Comodo Firewall with CS settings, but it has still a problem with unrecognizing safe Windows files, so needs to be babysitted.
So back to Hard_Configurator where whitelisting is easier than in Simple Windows Hardening because of the apply changes button.
When something is blocked on the laptops of my children it's quite easy to see in the log and if needed whitelist by file.
@Andy Ful Is it correct that there is no apply settings button in Simple Windows Hardening or am I missing something?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
That's correct, but what do you do after whitelisting a file? Do you have to log out or reboot?
Both SWH and H_C ver. 5.1.1.2 apply whitelisted SRP entries on the fly - no need to reboot or Log off. When the reboot is required, then H_C will alert while pressing the <REFRESH> button, SWH alerts about the reboot only when SMB settings are changed.
SWH is much simpler and does not need the <REFRESH> button.

Edit.
If you use this config on the child's computer, then you can set in ConfigureDefender the ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" to ON. This should not be a problem, but if something will be blocked by this rule, then please remember to wait about 2 days, or if you are certain that the file is clean set this rule temporarily to Audit and next install/update and finally run the installed/updated application. Do not try to whitelist the blocked file in H_C or exclude it in WD, because this will not work when this ASR rule was triggered.
 
Last edited:

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
@SeriousHoax browser cache problem inspired me to try Kaspersky Security Cloud again (y)
Running great so far, I have slightly more system and browsing speed compared to Windows Defender on high settings.
I hope that Simple Windows Hardening and Documents Anti Exploit from @Andy Ful compensate for the lack of application control in the free version.
This time I also changed form uBlock origin to AdGuard, both are great and maybe I will switch back sometime.
But this time AdGuard's log was more helpful in unbreaking a website my daughter needed for school.
And it is easy to report such breakage and it will be solved in a few days by the AdGuard filter maintainers.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@SeriousHoax browser cache problem inspired me to try Kaspersky Security Cloud again (y)
Running great so far, I have slightly more system and browsing speed compared to Windows Defender on high settings.
I hope that Simple Windows Hardening and Documents Anti Exploit from @Andy Ful compensate for the lack of application control in the free version.
This time I also changed form uBlock origin to AdGuard, both are great and maybe I will switch back sometime.
But this time AdGuard's log was more helpful in unbreaking a website my daughter needed for school.
And it is easy to report such breakage and it will be solved in a few days by the AdGuard filter maintainers.
Just use standalone RunBySmartscreen to run not-trusted files, especially when extracted from archives or originated from flash drives (USB drives).(y)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Surfing is almost the same, in testing I have a slightly lower ping, maybe it's because I want it but browsing feels a bit snappier 🤔
Surprising. In my case, I don't notice speed difference if I just casually browse the web but if I go for accurate measurements using a stopwatch (😂) then I can see that with Defender it's slightly faster.
 

FireHammer

Level 10
Verified
Well-known
Aug 27, 2020
446
Inspired by the config of @silversurfer : SECURE: Complete - silversurfer Laptop Security Config 2020
I decided to see what config worked the best on my laptop:
Windows Defender (with ConfigureDefender at High)
Ziggo Safe Online (F-Secure Safe (free from my ISP))
Kaspersky Security Cloud Free
For me, Kaspersky Security Cloud Free is the lightest on my system at the moment while still offering very good protection.
Replaced (maybe temporarily) uBlock Origin with AdGuard for adding Googles Safe Browsing to the mix.
Hi, @Gandalf_The_Grey I also have been offered F-Secure Safe from my ISP-STOFA, but I like Bitdefender more. (y)
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Hi, @Gandalf_The_Grey I also have been offered F-Secure Safe from my ISP-STOFA, but I like Bitdefender more. (y)
My ISP Ziggo offers a rebranded version of F-Secure Safe: Ziggo Safe Online, but I prefer Kaspersky Security Cloud Free (at the moment :D ).

Added Run By SmartScreen like @Andy Ful suggested.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Are you still using Adguard? I saw a few months old on ongoing issue on their GitHub about few YouTube ads being missed by Adguard. Have you experienced anything like this?
Yep, I'm still using AdGuard. No problems with YouTube ads.
I have added the two filters from Yuki2718: AdGuard Social media Plus and AdGuard Tracking Protection Plus. Maybe those helped?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top