Advanced Plus Security Gandalf_The_Grey's laptop config for 2020

Last updated
Nov 30, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Microsoft Defender Antivirus
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Firewall security
Microsoft Defender Firewall
About custom security
Microsoft Defender Antivirus set to High with ConfigureDefender
Controlled Folder Access enabled (not on the kid's laptops)
Memory integrity under Core Isolation enabled (not on the kid's laptops)
Hard_Configurator with Windows_10_Basic_Recommended_Settings
Periodic malware scanners
HitmanPro, Kaspersky Virus Removal Tool and AdwCleaner (for the kids)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor
Google Chrome with the same extensions plus the Microsoft Defender Browser Protection extension on the kid's laptops.
They use Edge for school and Chrome for fun
Maintenance tools
Autoruns, CCleaner, PatchMyPC, SUMo and Driver Easy Pro
File and Photo backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
System recovery
Windows system image
Risk factors
    • Browsing to popular websites
    • Logging into my bank account
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Notable changes
2020.02.23 removed VoodooShield and uBlock Origin and added Kaspersky Security Cloud Free and AdGuard (extension).
2020.03.09 removed AdGuard and Kaspersky Security Cloud Free and added Hard_Configurator 5.0.0.1 beta uBlock Origin and the Netcraft extension. replaced Bandizip with Explzh because of the advertisements in the free version.
2020.03.22 removed Hard_Configurator, kept ConfigureDefender, DocumentsAntiExploit and RunBySmartscreen.
Added NoVirusThanks SysHardener, VoodooShield and the Certificate Info extension.
2020.03.28 added Ziggo safe Online and Hard_Configurator and removed SysHardner.
2020.03.30 removed CCleaner Pro
2020.04.05 installed HC 5.0.01 beta with recommended settings. Removed VoodooShield.
Tried to minimize extensions: replaced uBlock Origin with AdGuard and removed Certificate Info and Netcraft. Added Microsoft Editor. All extensions are now from the Microsoft Store except Browsing Protection by F-Secure (installed automatically).
2020.04.22 Removed Ziggo Safe Online and Hard_Configurator Trying Windows Defender with Comodo Firewall.
2020.05.04 removed Comodo Firewall and installed Emsisoft Ant-Malware Home.
2020.05.08 replaced Emsisoft Anti-Malware with Kaspersky Security Cloud Free
2020.05.18 replaced KSC Free with WD and uninstalled some browser extensions.
2020.07.05 back to Bitwarden and Bitdefender TrafficLight and WhitelistCloud added.
2020.07.08 switched form WhitelistCloud to VoodooShield Pro. Went from uBlock Origin to AdGuard.
2020.07.15 Back to KSC Free.
2020.08.09 added SpywareBlaster 5.7 Private Beta with MS Edge support.
2020.08.12 back to Microsoft Defender Antivirus
2020.08.15 back to Kaspersky Security Cloud Free
2020.08.31 removed O&O ShutUp 10 and went back to Microsoft Defender
2020.09.27 removed Bitdefender TrafficLight and went back from Simple Windows Hardening to Hard_Configurator
2020.10.27 went from WD to KSCFree and from uBlock Origin to AdGuard.
2020.11.14 back to WD on high and simplified config

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
654
I just ditched H_C for Comodo Firewall :D
But keep being interested in its development.

There are so many great programs to choose from...Windows Defender (with Andy's tools), Kaspersky Security Cloud Free, F-Secure Safe, Comodo Firewall, VoodooShield (and of course the complete Hard_Configurator package).

The latest version 12.2.2.7036 of Comodo Firewall works great and without any issues on my system (y)

These great programs are like chocolates: we want to taste them all....:p
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Went back to the most privacy conscious AV with good offline protection and great support: Emsisoft Anti-Malware Home.
I think the weak spots of this AV will be covered by the recommended settings of the new Hard_Configurator 5.0.1.1 beta together with the AdGuard extension and SmartScreen in Edge.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Did you buy it for the whole family?
I bought a 3-seat license for my personal laptop and the ones of my son and daughter.
My mother uses an old desktop with Windows Defender and Hard_Configurator.
My mother in law uses a new laptop with KPN Veilig by F-Secure and Hard_Configurator.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Bought myself a TP-Link Archer AX6000 router and let my ISP set their cable modem in bridge mode.
No more WIFI problems, very stable connection now all over the house and built-in TP-Link HomeCare by Trend Micro.

Tried out some AV's again to see what works the best on my laptop.

Windows Defender with Controlled Folder Access always preforms great in the HUB but is still a pain to use. Lately even OneDrive got blocked.

Ziggo Safe Online by F-Secure has an even greater delay than Windows Defender when opening my downloads folder and its protected folder feature doesn't work. Don't like its banking protection either because of issues with IDEAL payments.

While I love Emsisoft Anti-Malware and have profound respect for its developers and customer service it's just not stable. The GUI crashed more than once when trying to change some settings. So again, a short career on my system, unfortunately.

Tried Kaspersky Security Cloud Free again and it performs great (since patch j?).
Supplemented by the latest HC beta with the Windows 10 Basic Recommended Settings profile.

My final config till the MT Virus strikes again 🤔
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Lately even OneDrive got blocked.
Blocking their own product? M$ wouldn't do that, would they? ;):D I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.:rolleyes:
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Blocking their own product? M$ wouldn't do that, would they? ;):D I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.:rolleyes:
Maybe because my OneDrive folder is on D? Never had a block like that (if it was indeed a real block) before. Could of course whitelist onedrive.exe but that shouldn't be necessary. OneDrive is a particularly important part of my backup strategy with MS 365 ransomware protection. IMO I can't trust CFA working like it should do on computers of family and friends when I'm not around. That's why I chose Kaspersky Security Cloud Free strengthened with the basic profile of Hard_Configurator.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Blocking their own product? M$ wouldn't do that, would they? ;):D I couldn't find any info on M$ forums. Have you emailed OneDrive support team? Here's the link.

I know I get occasional "blocks" that aren't real blocks. Maybe WD issues the alert when an exclusion has been made just because its M$.:rolleyes:
Maybe because my OneDrive folder is on D? Never had a block like that (if it was indeed a real block) before. Could of course whitelist onedrive.exe but that shouldn't be necessary. OneDrive is a particularly important part of my backup strategy with MS 365 ransomware protection. IMO I can't trust CFA working like it should do on computers of family and friends when I'm not around. That's why I chose Kaspersky Security Cloud Free strengthened with the basic profile of Hard_Configurator.
In my experience CFA blocks everything trusted or not. It blocks mspaint, snipping tools like system apps too. They follow a default deny approach here. You may have seen F-Secure's test done by MacDefender where F-Secure failed even though protected folders was enabled because it trusts 7zip.exe. So tbh, Microsoft's approach is safer and less prone to failure. Also, they don't enable it by default so those who enables, Microsoft expect them to whitelist their required programs.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Get some eplore.exe crashes lately.
Anybody knows how to troubleshoot those crashes?
Beschrijving
Pad naar toepassing met fout: C:\Windows\explorer.exe

Probleem met handtekening
Naam van probleemgebeurtenis: APPCRASH
Naam van de toepassing: Explorer.EXE
Versie van toepassing: 10.0.18362.815
Tijdstempel van toepassing: 51185cb4
Naam van foutmodule: ntdll.dll
Versie van foutmodule: 10.0.18362.815
Tijdstempel van foutmodule: b29ecf52
Uitzonderingscode: c000071f
Uitzonderingsmarge: 00000000000b2cca
Versie van besturingssysteem: 10.0.18363.2.0.0.256.48
Landinstelling-id: 1043
Aanvullende informatie 1: 036d
Aanvullende informatie 2: 036d25959e361ad38b77dfb223a7efe8
Aanvullende informatie 3: 9018
Aanvullende informatie 4: 90189745a5011ea35cd1259ca67cc538

Extra informatie over het probleem
Bucket-id: 8efcb33d89bbceb748183a58862606d6 (1736201808233498326)
Ran sfc /scannow and it repaired some issues.
After a reboot, the second scan didn't show any issues.
 

enaph

Level 28
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505

enaph

Level 28
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,787
Thanks, but I don't think I can find out more information.
The error came from ntdll.dll and AppCrashView let you see its path: C:\WINDOWS\SYSTEM32\ntdll.dll
Don't know how to proceed further...
In most cases it will be display driver or security software.
Have you been messing around with either one of them recently?
You might also try to clear file explorer cache.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
In most cases it will be display driver or security software.
Have you been messing around with either one of them recently?
You might also try to clear file explorer cache.
The most recent change was Kaspersky Security Cloud Free.
Will see if after uninstalling KSC Free and going back to Windows Defender the crashes are gone.
Thanks for your help (y)
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Back to built-in Windows security enhanced by the wonderful tools of @Andy Ful
My laptop seems to work better and with less issues without a third-party AV.
Followed the advice of @security123 and now use only three extensions: an adblocker, a password manager and a writing tool.
Aantekening 2020-05-18 204034.png
 
Last edited:

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Updated config.
Did made me try the combo of uBlock Origin and Bitwarden once again.
The speed difference compared with the combination of AdGuard and LastPass is very noticeable in everyday browsing.

The release of Simple Windows Hardening by @Andy Ful let me think again about my security config.
Because I use Microsoft 365, I will get the most protection with Windows built-in tools.
The weak point of my config is quoted from @Andy Ful :
THE EXE / MSI 0-DAY MALWARE
The SWH application does not apply restrictions to EXE and MSI files, because these files are often used to install/update applications. Nowadays, many antivirus solutions have very good detection of such files, as compared to the detection of scripts. But still, the antivirus proactive features can have a problem with 0-day malware. In the home environment, the main delivery vectors of 0-day malware are spam emails and flash drives (USB drives).
The user has to be very careful when running EXE/MSI files originated from:
  • Internet web links embedded in the emails.
  • Attachments embedded in the emails.
  • Flash drives (USB drives) shared with other people.
When using SWH restrictions, the user can consider the RunBySmartScreen tool. It allows checking any EXE/MSI file against the Microsoft SmartScreen Application Reputation service in the cloud. Many such files are accepted by SmartScreen, and this is the best way to avoid the 0-day malware. If the EXE/MSI file is not recognized by SmartScreen as safe or malicious, then the simplest method is waiting a minimum one day before running the unsafe file. After one day most of the malicious links are dead and most of the 0-day malware are properly detected by a good antivirus.
For that reason, I added the Bitdefender TrafficLight extension to Edge and WhitelistCloud from @danb to my system.
With Simple Windows Hardening I would have to add ConfigureDefender and Run-By-Smartscreen and I use Autoruns.
So, with keeping Hard_Configurator (using the Windows_10_Basic_Recommended_Settings profile) I have all those tools in one installer.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top