SECURITY: Complete Gandalf_The_Grey's Security Config 2021

Last updated
Nov 30, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 11
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
Ziggo Safe Online by F-Secure 18.1
VoodooShield Pro 6.81 beta
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Ziggo Safe Online at default settings
VoodooShield Pro in AutoPilot Mode and WhitelistCloud disabled
O&O ShutUp10++ at almost all recommended settings...
Foxit PDF Reader 11.1.0.52543
Protected View for all files, Safe Reading Mode enabled, JavaScript disabled
Malware testing
No malware samples
Periodic security scanners
Microsoft Defender periodic scanning, HitmanPro and AdwCleaner (for the kids)
Secure DNS
From ISP (Ziggo)
VPN
AdGuard VPN (seldom used)
Password manager
Bitwarden extension
Browsers, Search and Addons
Microsoft Edge using Google search with uBlock Origin, Browsing Protection by F-Secure, Bitwarden and Microsoft Editor as extensions
Maintenance and Cleaning
Autoruns, CCleaner, Disk Cleanup, PatchMyPC and SUMo
Personal Files & Photos backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Windows system image
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Multimedia. 
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Personal changelog
2020.12.29 Filled the new fields
2020.12.30 installed Ziggo Safe Online
2021.01.04 back to Microsoft Defender with Hard_Configurator and added SpywareBlaster
2021.01.06 removed SpywareBlaster and went with stronger H_C -setup
2021.02.01 back to simpler setup with ConfigureDefender and Simple Windows hardening. Added Process Lasso
2021.02.08 Filled the new fields, no changes to config
2021.02.12 Microsoft Defender caused problems, back to KSCF and removed Process Lasso
2021.03.03 Update Kaspersky Security Cloud Free to the latest version, removed HitmanPro and enabled Microsoft Defender periodic scanning.
2021.03.28 back to Microsoft Defender Antivirus
2021.04.25 back to Ziggo Safe Online
2021.05.03 back to Microsoft Defender Antivirus
2021.05.07 switched from the uBlock Origin to the AdGuard extension
2021.10.04 back to Ziggo Safe Online and uBlock Origin
2021.10.05 back to the AdGuard extension
2021.10.13 upgraded to Windows 11 and back to uBlock Origin
2021.10.24 back to Microsoft Defender enhanced by DefenderUI Pro
2021.10.26 back to Kaspersky Security Cloud Free and Simple Windows Hardening
2021.11.06 back to Ziggo Safe Online by F-Secure
2021.11.10 removed Simple Windows Hardening and added VoodooShield
2021.11.16 testing DefenderUI Free with the latest Voodooshield beta
2021.11.30 back to Ziggo Safe Online
Feedback Response

Most critical feedback

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,127
6,458
@Gandalf_The_Grey

I am also switching between uBO and AG, benefits of uBO is the extra insight of what is happening under the hood when visiting a website, benefit of AdGuard is extra privacy features (e.g. cleaning URL's) and extra functionality (e.g. blocking of cookies as falback when blocking requests causes website breakage)

I now am now opting for Edge +AG in strict profile and switch between uMatrix for WDAG-sanboxed browsing (when uMA would not work anymore, I will fallback to uBO).

It is a pitty AG is not adding its pop-up blocker user script to AG extension. That would definitely switch me over to AG
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
@Gandalf_The_Grey

I am also switching between uBO and AG, benefits of uBO is the extra insight of what is happening under the hood when visiting a website, benefit of AdGuard is extra privacy features (e.g. cleaning URL's) and extra functionality (e.g. blocking of cookies as falback when blocking requests causes website breakage)

I now am now opting for Edge +AG in strict profile and switch between uMatrix for WDAG-sanboxed browsing (when uMA would not work anymore, I will fallback to uBO).

It is a pitty AG is not adding its pop-up blocker user script to AG extension. That would definitely switch me over to AG
They are both great extensions. uBO has indeed the extra benefit to see more easily what's happening and the extra modes, so more granular control is possible.
AG has extra privacy functions and a more simple way to ask for support for site breakage from within the extension itself.
Like both but prefer the extra insight provided by uBO. Never missed a pop-up blocker script in AG 🤔
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
The thread SE Labs Report for Oct-Dec 2020 got me thinking about privacy and the best config for me (again) :D
For the best privacy I believe there are two options: Emsisoft Anti-Malware or F-Secure Safe.

Last time I checked Emsisoft it was not working great on my laptop and I have F-Secure Safe free from my ISP (rebranded as Ziggo Safe Online).

So, after reading the review by @McMcbrad here: User Feedback - F-Secure Quick Review the conclusion there was that the weakest spot in its protection (Java malware) can easily be solved by using Simple Windows Hardening from @Andy Ful or not installing Java at all.
But since I want to use my config for all family members it is good to have some extra protection/hardening.

After making this change to my config I first noticed the speed/performance I gained.
Every program opens quicker and web browsing is quicker. My laptop seems more responsive.
 
F

ForgottenSeer 89360

The thread SE Labs Report for Oct-Dec 2020 got me thinking about privacy and the best config for me (again) :D
For the best privacy I believe there are two options: Emsisoft Anti-Malware or F-Secure Safe.

Last time I checked Emsisoft it was not working great on my laptop and I have F-Secure Safe free from my ISP (rebranded as Ziggo Safe Online).

So, after reading the review by @McMcbrad here: User Feedback - F-Secure Quick Review the conclusion there was that the weakest spot in its protection (Java malware) can easily be solved by using Simple Windows Hardening from @Andy Ful or not installing Java at all.
But since I want to use my config for all family members it is good to have some extra protection/hardening.

After making this change to my config I first noticed the speed/performance I gained.
Every program opens quicker and web browsing is quicker. My laptop seems more responsive.
That weak spot is not guaranteed to affect all users at all times, it is mentioned as a side note in the context of a website, where people are interested in malware, malware protection principles and capabilities. F-Secure is still great and above all, privacy-conscious product that deserves attention.
I would definitely not pay for this product, but I believe there are reasons for users to like it.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
This made me go back to Microsoft Defender Antivirus.

Thanks to the config of @security123 and the comments of @silversurfer who convinced me to enable the sandbox (y)

it was an interesting morning today when my work laptop got stuck in an upgrade of Windows 10.
I had to reenable Internet Explorer (for one specific program that we use) and install Microsoft Teams on my own laptop to continue working from home.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,617
8,258
This made me go back to Microsoft Defender Antivirus.

Thanks to the config of @security123 and the comments of @silversurfer who convinced me to enable the sandbox (y)

it was an interesting morning today when my work laptop got stuck in an upgrade of Windows 10.
I had to reenable Internet Explorer (for one specific program that we use) and install Microsoft Teams on my own laptop to continue working from home.
F-Secure is very great tbh, but it has always caused some issues, at least for me. I keep revisiting it to see what they have improved.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
Where is He using SpywareBlaster? :unsure:
I have added it since I was forced to reenable Internet Explorer (needed for one site when working at home).
Internet Explorer is also used by Microsoft Outlook 365 to render web content (even when you have uninstalled IE).
You can see that when cleaning cookies with (for example) CCleaner.
SpywareBlaster nowadays also supports the new Microsoft Edge and adds a blocklist for some cookies.
Maybe it helps a little bit and because it is not running in real time it poses no risk.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
More about SpywareBlaster: it has cookie and script blocking for Edge:
Schermafbeelding 2021-01-05 163855.jpg
Result:
Schermafbeelding 2021-01-05 164524.jpg Schermafbeelding 2021-01-05 164632.jpg
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,127
6,458
@Gandalf_The_Grey very interesting, thanks for posting screenshots

Some time ago (when I was still using Chrome), I once used uBlock-scope and added trackers to the cookie and script blocklist. For what I remember the cookie blocklists blocks cookies when they are set as first and third-party. When I recall correctly the script blocking feature only was applied to first party scripts. This was the reason why I added a content blocker (to get a grip on data set by third-party javascript, iframes and xmlhttprequest/fetches and websocket communication)..

Unless things have changed do you really think chromium script blocking indeed blocks third-party java script (most trackers are third-party)? I will do a field-test also with Edge (disabling tracking protection and running uMatrix without blocklists). I will report back.

EDIT: NOPE blocking amazon adsystem does not block third-party scripts, see image

1609874074916.png
 
Last edited:

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
@Gandalf_The_Grey very interesting, thanks for posting screenshots

Some time ago (when I was still using Chrome), I once used uBlock-scope and added trackers to the cookie and script blocklist. For what I remember the cookie blocklists blocks cookies when they are set as first and third-party. When I recall correctly the script blocking feature only was applied to first party scripts. This was the reason why I added a content blocker (to get a grip on data set by third-party javascript, iframes and xmlhttprequest/fetches and websocket communication.

Unless things have changed do you really think chromium script blocking indeed blocks third-party java script (most trackers are third-party)? I will do a field-test also with Edge (disabling tracking protection and running uBo without blocklists). I will report back.
I'm not sure, but first or third-party should make no difference.
EDIT: damn that it doesn't block third party scripts is a major letdown.
Thanks for testing (y)
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,247
41,414
@Gandalf_The_Grey

On the other side when they have curated their cookie block list (any idea how many domains it blocks), it is a nice combo to use in Edge in combination with strict blocking in Edge.
They block 232 cookies:
[*.]e-plus.cc
[*.]100hot.com
[*.]101webstats.com
[*.]123count.com
[*.]123counts.com
[*.]247media.com
[*.]247realmedia.com
[*.]7adpower.com
[*.]7search.com
[*.]8ad.com
[*.]911promotion.com
[*.]acecounter.com
[*.]activemeter.com
[*.]ad-flow.com
[*.]ad-logics.com
[*.]adbrite.com
[*.]adbureau.com
[*.]adbutler.com
[*.]addynamix.com
[*.]adengage.com
[*.]adforce.com
[*.]adhostingsolutions.com
[*.]adinterax.com
[*.]adjuggler.com
[*.]adlegend.com
[*.]adminder.com
[*.]admodus.com
[*.]admonitor.com
[*.]adorigin.com
[*.]adrevolver.com
[*.]ads360.com
[*.]adserver.com
[*.]adservingcentral.com
[*.]advertising.com
[*.]advertserve.com
[*.]adviva.com
[*.]affiliatefuel.com
[*.]aggregateknowledge.com
[*.]atdmt.com
[*.]aureate.com
[*.]bankads.com
[*.]bfast.com
[*.]bluestreak.com
[*.]bpath.com
[*.]bridgetrack.com
[*.]brilliantdigital.com
[*.]burstmedia.com
[*.]burstnet.com
[*.]casalemedia.com
[*.]centrport.com
[*.]cj.com
[*.]click2net.com
[*.]clickagents.com
[*.]clickfinders.com
[*.]comclick.com
[*.]cometcursor.com
[*.]cometcursors.com
[*.]commission-junction.com
[*.]commissionpartner.com
[*.]coremetrics.com
[*.]counted.com
[*.]cpxinteractive.com
[*.]dbbsrv.com
[*.]directnetadvertising.com
[*.]directtrack.com
[*.]doubleclick.com
[*.]ebch.com
[*.]ebdv.com
[*.]ebdw.com
[*.]ebjp.com
[*.]ebkn.com
[*.]ebky.com
[*.]eblv.com
[*.]ebvr.com
[*.]ecwz.com
[*.]ecyb.com
[*.]eduy.com
[*.]eeev.com
[*.]engage.com
[*.]ads.enliven.com
[*.]epilot.com
[*.]euniverseads.com
[*.]ezhits4u.com
[*.]falkag.com
[*.]fastadvert.com
[*.]fastclick.com
[*.]findwhat.com
[*.]flycast.com
[*.]flyswat.com
[*.]focalink.com
[*.]gator.com
[*.]gatoradvertisinginformationnetwork.com
[*.]goclick.com
[*.]hightrafficads.com
[*.]hitbox.com
[*.]hitboxcentral.com
[*.]hitslink.com
[*.]hotnaughtywives.com
[*.]ibmx.com
[*.]icwb.com
[*.]icwo.com
[*.]icwp.com
[*.]iddh.com
[*.]idhh.com
[*.]ifiz.com
[*.]iguu.com
[*.]infinite-ads.com
[*.]internetfuel.com
[*.]link4ads.com
[*.]linkbuddies.com
[*.]linksynergy.com
[*.]lop.com
[*.]mainentrypoint.com
[*.]marketscore.com
[*.]matchcraft.com
[*.]mediaplex.com
[*.]narrowcastmedia.com
[*.]offshoreclicks.com
[*.]opentracker.com
[*.]overture.com
[*.]oxcash.com
[*.]paycounter.com
[*.]paypopup.com
[*.]pointroll.com
[*.]popupsponsor.com
[*.]popuptraffic.com
[*.]porntrack.com
[*.]porntracker.com
[*.]preferences.com
[*.]pstats.com
[*.]qksrv.com
[*.]questionmarket.com
[*.]radiate.com
[*.]realtracker.com
[*.]res99.com
[*.]roispy.com
[*.]ru4.com
[*.]s005-01-4-11-234545-68181.com
[*.]samz.com
[*.]saoe.com
[*.]sbjr.com
[*.]sbnl.com
[*.]sbnt.com
[*.]sbvr.com
[*.]scbm.com
[*.]sckr.com
[*.]scrk.com
[*.]sdry.com
[*.]seld.com
[*.]sex-in-www.com
[*.]sexlist.com
[*.]sextracker.com
[*.]sfux.com
[*.]sheat.com
[*.]sipo.com
[*.]smartadserver.com
[*.]smartclicks.com
[*.]smds.com
[*.]specificpop.com
[*.]spermatrix.com
[*.]spylog.com
[*.]srib.com
[*.]srox.com
[*.]srsf.com
[*.]ssaw.com
[*.]ssby.com
[*.]surj.com
[*.]targetnet.com
[*.]tbvg.com
[*.]tdak.com
[*.]tdko.com
[*.]tefs.com
[*.]tfil.com
[*.]thko.com
[*.]torc.com
[*.]track-star.com
[*.]tradedoubler.com
[*.]trafficmarketplace.com
[*.]trafficmp.com
[*.]trafficsupport.com
[*.]tribalfusion.com
[*.]utopiad.com
[*.]valuead.com
[*.]valueclick.com
[*.]wbkb.com
[*.]webads.com
[*.]webtrendslive.com
[*.]wegcash.com
[*.]wfix.com
[*.]wflu.com
[*.]xxxcounter.com
[*.]xxxtoolbar.com
[*.]yieldmanager.com
[*.]zedo.com
[*.]adbutler.de
[*.]adtech.de
[*.]falkag.de
[*.]partnercash.de
[*.]realmedia.fr
[*.]valueclick.ne.jp
[*.]2o7.net
[*.]adbutler.net
[*.]admonitor.net
[*.]ads360.net
[*.]adtrak.net
[*.]adviva.net
[*.]bannerbank.net
[*.]centrport.net
[*.]cometcursor.net
[*.]cometcursors.net
[*.]commission-junction.net
[*.]coremetrics.net
[*.]directnetadvertising.net
[*.]doubleclick.net
[*.]fastclick.net
[*.]hyperbanner.net
[*.]mainentrypoint.net
[*.]marketscore.net
[*.]opentracker.net
[*.]qksrv.net
[*.]realtracker.net
[*.]revenue.net
[*.]smartclicks.net
[*.]specificclick.net
[*.]targetnet.net
[*.]trafficvenue.net
[*.]trakkerd.net
[*.]valueclick.net
[*.]wegcash.net
[*.]falkag.org
[*.]hotlog.ru
[*.]doubleclick.co.uk
 
Top