SECURITY: Complete Gandalf_The_Grey's laptop config for 2020

Last updated
Nov 30, 2020
About PC
This is my primary device
Operating system
Windows 10
Sign-in with
Microsoft account
Login security
Permissions
Administrator
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Malware samples
No - malware is not downloaded
Software firewall
Microsoft Defender Firewall
Real-time protection
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
RTP & OS hardening settings
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Periodic scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
Browsers
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Optimization & maintenance
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
Personal Files & Photos backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Windows system image
Device backup routine
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Main activity usage
  1. Generic web browsing
  2. Financial and sensitive documents
  3. Working from home
  4. Video and photo editing
  5. Streaming audio and video content from the Internet
  6. Shared among other family members
Your changelog
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

oldschool

Level 59
Verified
Mar 29, 2018
4,840
Simplified my config based on Windows built-in security.
Just an AV and some Windows hardening should be enough protection.
Same here. VoodooShield just doesn't seem to be the same now. Maybe Dan tried to do too much to it, but it's buggy with command-lines. Maybe fixed now with new version? Just the same, our simple setups are fine, and trouble-free.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,344
Yep, I'm still using AdGuard. No problems with YouTube ads.
I have added the two filters from Yuki2718: AdGuard Social media Plus and AdGuard Tracking Protection Plus. Maybe those helped?
I didn't know about Yuki's filters. He's a nice guy. He has helped me quite a few times when I created issues/pull requests on EasyList & Adguard's GitHub.
I'll check it out.
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,090
I didn't know about Yuki's filters. He's a nice guy. He has helped me quite a few times when I created issues/pull requests on EasyList & Adguard's GitHub.
I'll check it out.
These are the filters I'm using in AdGuard:
Schermafbeelding 2020-11-14 213842.jpg

The two custom filters are from Yuki.
And I have "Use optimized filters" enabled.
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,090
After testing Kaspersky Security Cloud Free and Ziggo Safe Online (F-Secure Safe) again, I went back to Microsoft Defender Antivirus enhanced by ConfigureDefender and the Windows 10_Basic Recommended Settings from Hard_Configurator.
Added the Bitdefender TrafficLight extension for extra online protection (no partial downloads allowed).
This config works best for my family, especially without any network slowdowns when we all have to work or study from home during this pandemic.
 

YuanJiawj

Level 11
Oct 9, 2014
513
After testing Kaspersky Security Cloud Free and Ziggo Safe Online (F-Secure Safe) again, I went back to Microsoft Defender Antivirus enhanced by ConfigureDefender and the Windows 10_Basic Recommended Settings from Hard_Configurator.
Added the Bitdefender TrafficLight extension for extra online protection (no partial downloads allowed).
This config works best for my family, especially without any network slowdowns when we all have to work or study from home during this pandemic.
WD + ConfigureDefender simple but very effective combo. Are you still using Adguard or have you switched to uBo?
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,344
This config works best for my family, especially without any network slowdowns
I did a very basic page loading test manually yesterday for Windows Defender, Bitdefender Free and Kaspersky Free. For that particular page on Firefox, WD loaded it in 1.59 on sec on average, Bitdefender in 1.69 sec and Kaspersky in 1.80 sec with Script injection feature & Kaspersky extension disabled. Tested it 10 times for each product so very accurate result for this particular bleepingcomputer page.
So yes, for faster internet/browsing experience WD is the best choice even though this outcome is predictable for obvious reason that we already know about.
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,090
I did a very basic page loading test manually yesterday for Windows Defender, Bitdefender Free and Kaspersky Free. For that particular page on Firefox, WD loaded it in 1.59 on sec on average, Bitdefender in 1.69 sec and Kaspersky in 1.80 sec with Script injection feature & Kaspersky extension disabled. Tested it 10 times for each product so very accurate result for this particular bleepingcomputer page.
So yes, for faster internet/browsing experience WD is the best choice even though this outcome is predictable for obvious reason that we already know about.
We need to get the most out of our ISP provided internet speed when I work fulltime from home and both kids follow their school lessons from home.
 

rndmblk

Level 2
Nov 18, 2020
50
After testing Kaspersky Security Cloud Free and Ziggo Safe Online (F-Secure Safe) again, I went back to Microsoft Defender Antivirus enhanced by ConfigureDefender and the Windows 10_Basic Recommended Settings from Hard_Configurator.
Added the Bitdefender TrafficLight extension for extra online protection (no partial downloads allowed).
This config works best for my family, especially without any network slowdowns when we all have to work or study from home during this pandemic.
Is "Windows 10_Basic Recommended Settings" in H_C what you get when you click the Recommended Settings button or is this a "custom" collection of settings?
 

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,090
Is "Windows 10_Basic Recommended Settings" in H_C what you get when you click the Recommended Settings button or is this a "custom" collection of settings?
No, it's a profile you can load.
From the manual:
Basic_Recommended_Settings on Windows 8+.

This is a predefined setting profile that allows EXE (TMP) and MSI files globally.
The scripts, shortcuts and other files with unsafe extensions are still
blocked by default in UserSpace.
This profile can harden Windows 8+ while maintaining maximum functionality
and compatibility. It could be probably called Recommended Settings
for cautious users.

The "Run By SmartScreen" entry in the Explorer context menu can be used
to check the standalone application installers (EXE and MSI) by SmartScreen
Application Reputation service. This entry should be also used for unsafe
executables listed below:
1. Files downloaded from the Internet, especially email attachments and executables
from the archives (7-zip, Zip, Arj, Rar, etc.).
2. Executables shared with other people via USB drives, Memory cards, etc.

The users can install/execute/update applications via EXE and MSI files. The
only exceptions are EXE and MSI files executed directly from an archive or
email client. In such cases, the archive has to be first unpacked and email attachment
has to be downloaded to hard disk. Next, it is recommended to use
"Run By SmartScreen" to execute those files via SmartScreen.

It is also recommended to use this profile with ConfigureDefender HIGH
Protection Level (if WD is the main antivirus) and "Recommended H_C" firewall
outbound block rules (see <FirewallHardening> option). The profile
can be used with any antivirus which can apply strong proactive detection.

Is it safe?
It is as safe as the H_C Recommended Settings if the user is cautious enough
to use the "Run By SmartScreen" entry in the Explorer context menu. If not
then EXE and MSI files will be covered only by the Antivirus.

PLEASE NOTE: This profile will be not enough for children. They will be
better protected by the H_C Recommended Settings and SmartScreen set to
Block, with occasional help from more experienced users.
 
Top