Advanced Plus Security Gandalf_The_Grey's laptop config for 2020

Last updated
Nov 30, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall security
Microsoft Defender Firewall
About custom security
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Periodic malware scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Maintenance tools
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
File and Photo backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
System recovery
Windows system image
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Notable changes
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Simplified my config based on Windows built-in security.
Just an AV and some Windows hardening should be enough protection.
Same here. VoodooShield just doesn't seem to be the same now. Maybe Dan tried to do too much to it, but it's buggy with command-lines. Maybe fixed now with new version? Just the same, our simple setups are fine, and trouble-free.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Yep, I'm still using AdGuard. No problems with YouTube ads.
I have added the two filters from Yuki2718: AdGuard Social media Plus and AdGuard Tracking Protection Plus. Maybe those helped?
I didn't know about Yuki's filters. He's a nice guy. He has helped me quite a few times when I created issues/pull requests on EasyList & Adguard's GitHub.
I'll check it out.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
I didn't know about Yuki's filters. He's a nice guy. He has helped me quite a few times when I created issues/pull requests on EasyList & Adguard's GitHub.
I'll check it out.
These are the filters I'm using in AdGuard:
Schermafbeelding 2020-11-14 213842.jpg

The two custom filters are from Yuki.
And I have "Use optimized filters" enabled.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Simple and effective (y)
Edit: Hope they include advanced mode similar to uBO which let you see domains connected and blocked directly into UI.
Went back to uBlock Origin just for that (y)
And uBlock Origin is lighter on the browser compared to AdGuard.
 
Last edited:

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
After testing Kaspersky Security Cloud Free and Ziggo Safe Online (F-Secure Safe) again, I went back to Microsoft Defender Antivirus enhanced by ConfigureDefender and the Windows 10_Basic Recommended Settings from Hard_Configurator.
Added the Bitdefender TrafficLight extension for extra online protection (no partial downloads allowed).
This config works best for my family, especially without any network slowdowns when we all have to work or study from home during this pandemic.
 

YuanJiawj

Level 12
Verified
Top Poster
Well-known
Oct 9, 2014
583
After testing Kaspersky Security Cloud Free and Ziggo Safe Online (F-Secure Safe) again, I went back to Microsoft Defender Antivirus enhanced by ConfigureDefender and the Windows 10_Basic Recommended Settings from Hard_Configurator.
Added the Bitdefender TrafficLight extension for extra online protection (no partial downloads allowed).
This config works best for my family, especially without any network slowdowns when we all have to work or study from home during this pandemic.
WD + ConfigureDefender simple but very effective combo. Are you still using Adguard or have you switched to uBo?
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
This config works best for my family, especially without any network slowdowns
I did a very basic page loading test manually yesterday for Windows Defender, Bitdefender Free and Kaspersky Free. For that particular page on Firefox, WD loaded it in 1.59 on sec on average, Bitdefender in 1.69 sec and Kaspersky in 1.80 sec with Script injection feature & Kaspersky extension disabled. Tested it 10 times for each product so very accurate result for this particular bleepingcomputer page.
So yes, for faster internet/browsing experience WD is the best choice even though this outcome is predictable for obvious reason that we already know about.
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
I did a very basic page loading test manually yesterday for Windows Defender, Bitdefender Free and Kaspersky Free. For that particular page on Firefox, WD loaded it in 1.59 on sec on average, Bitdefender in 1.69 sec and Kaspersky in 1.80 sec with Script injection feature & Kaspersky extension disabled. Tested it 10 times for each product so very accurate result for this particular bleepingcomputer page.
So yes, for faster internet/browsing experience WD is the best choice even though this outcome is predictable for obvious reason that we already know about.
We need to get the most out of our ISP provided internet speed when I work fulltime from home and both kids follow their school lessons from home.
 

rndmblk

Level 3
Nov 18, 2020
94
After testing Kaspersky Security Cloud Free and Ziggo Safe Online (F-Secure Safe) again, I went back to Microsoft Defender Antivirus enhanced by ConfigureDefender and the Windows 10_Basic Recommended Settings from Hard_Configurator.
Added the Bitdefender TrafficLight extension for extra online protection (no partial downloads allowed).
This config works best for my family, especially without any network slowdowns when we all have to work or study from home during this pandemic.
Is "Windows 10_Basic Recommended Settings" in H_C what you get when you click the Recommended Settings button or is this a "custom" collection of settings?
 

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Is "Windows 10_Basic Recommended Settings" in H_C what you get when you click the Recommended Settings button or is this a "custom" collection of settings?
No, it's a profile you can load.
From the manual:
Basic_Recommended_Settings on Windows 8+.

This is a predefined setting profile that allows EXE (TMP) and MSI files globally.
The scripts, shortcuts and other files with unsafe extensions are still
blocked by default in UserSpace.
This profile can harden Windows 8+ while maintaining maximum functionality
and compatibility. It could be probably called Recommended Settings
for cautious users.

The "Run By SmartScreen" entry in the Explorer context menu can be used
to check the standalone application installers (EXE and MSI) by SmartScreen
Application Reputation service. This entry should be also used for unsafe
executables listed below:
1. Files downloaded from the Internet, especially email attachments and executables
from the archives (7-zip, Zip, Arj, Rar, etc.).
2. Executables shared with other people via USB drives, Memory cards, etc.

The users can install/execute/update applications via EXE and MSI files. The
only exceptions are EXE and MSI files executed directly from an archive or
email client. In such cases, the archive has to be first unpacked and email attachment
has to be downloaded to hard disk. Next, it is recommended to use
"Run By SmartScreen" to execute those files via SmartScreen.

It is also recommended to use this profile with ConfigureDefender HIGH
Protection Level (if WD is the main antivirus) and "Recommended H_C" firewall
outbound block rules (see <FirewallHardening> option). The profile
can be used with any antivirus which can apply strong proactive detection.

Is it safe?
It is as safe as the H_C Recommended Settings if the user is cautious enough
to use the "Run By SmartScreen" entry in the Explorer context menu. If not
then EXE and MSI files will be covered only by the Antivirus.

PLEASE NOTE: This profile will be not enough for children. They will be
better protected by the H_C Recommended Settings and SmartScreen set to
Block, with occasional help from more experienced users.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top