SECURITY: Complete Gandalf_The_Grey's Security Config 2021

Last updated
Nov 18, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 11
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
Microsoft Defender Antivirus
DefenderUI Free 1.00
VoodooShield Pro 6.76 beta
HomeCare by Trend Micro on TP-Link Archer AX6000 router
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Microsoft Defender Antivirus
DefenderUI Free
recommended profile
VoodooShield Pro in AutoPilot Mode and WhitelistCloud disabled
O&O ShutUp10++ at almost all recommended settings...
Foxit PDF Reader 11.1.0.52543
Protected View for all files, Safe Reading Mode enabled, JavaScript disabled
Malware testing
No malware samples
Periodic security scanners
HitmanPro and AdwCleaner (for the kids)
Secure DNS
From ISP (Ziggo)
VPN
AdGuard VPN (seldom used)
Password manager
Bitwarden extension
Browsers, Search and Addons
Microsoft Edge using Google search with uBlock Origin, Bitdefender TrafficLight, Bitwarden and Microsoft Editor as extensions
Maintenance and Cleaning
Autoruns, CCleaner, Disk Cleanup, PatchMyPC and SUMo
Personal Files & Photos backup
Windows File History on external drive (weekly)
OneDrive with Microsoft 365 ransomware protection (always on sync)
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Windows system image
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Multimedia. 
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio
Personal changelog
2020.12.29 Filled the new fields
2020.12.30 installed Ziggo Safe Online
2021.01.04 back to Microsoft Defender with Hard_Configurator and added SpywareBlaster
2021.01.06 removed SpywareBlaster and went with stronger H_C -setup
2021.02.01 back to simpler setup with ConfigureDefender and Simple Windows hardening. Added Process Lasso
2021.02.08 Filled the new fields, no changes to config
2021.02.12 Microsoft Defender caused problems, back to KSCF and removed Process Lasso
2021.03.03 Update Kaspersky Security Cloud Free to the latest version, removed HitmanPro and enabled Microsoft Defender periodic scanning.
2021.03.28 back to Microsoft Defender Antivirus
2021.04.25 back to Ziggo Safe Online
2021.05.03 back to Microsoft Defender Antivirus
2021.05.07 switched from the uBlock Origin to the AdGuard extension
2021.10.04 back to Ziggo Safe Online and uBlock Origin
2021.10.05 back to the AdGuard extension
2021.10.13 upgraded to Windows 11 and back to uBlock Origin
2021.10.24 back to Microsoft Defender enhanced by DefenderUI Pro
2021.10.26 back to Kaspersky Security Cloud Free and Simple Windows Hardening
2021.11.06 back to Ziggo Safe Online by F-Secure
2021.11.10 removed Simple Windows Hardening and added VoodooShield
2021.11.16 testing DefenderUI Free with the latest Voodooshield beta
Feedback Response

Most critical feedback

ErzCrz

Level 10
Verified
Aug 19, 2019
458
2,614
Google was driving me nuts with consent popups and YouTube video pauses.
ublock Origin while using AdGuard's annoyances filter didn't block/solve that.
With the AdGuard extension no more Google annoyances (y)

In the test discussed here: Q&A - Evaluate your content blocker with Ad Block Tester AdGuard (with optimized filters didn't get 100%.
Enabling the EasyPrivacy filter took care of that and in the filter logs you can clearly see it doing its work.

I have the following eight filters enabled:

By using optimized filters, I have now 70106 rules.
Simple fix for blocking those consents is to add the following to uBO:

google.*##^script:has-text(consentCookiePayload)

and then for youtube, just add consent.youtube.com to cookie exceptions Block as described here:

Here is the easiest way to get rid of Google's "Before you continue to YouTube" prompt - gHacks Tech News

Works for me :)

Erzcrz
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
Having loads of work and little free time now I changed my setup (again) to something that just works and is friendly on resources and doesn't require a lot of maintenance.
Ziggo Safe Online by F-Secure 18.0 (soon to be upgraded to 18.1 according to Ziggo staff on Twitter).
uBlock Origin
Protection and privacy are enhanced by the latest Simple Windows Hardening 1.0.1.0 beta and the latest O&O ShutUp10++ 1.9.1424.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
Changed from uBlock Origin to AdGuard for personal reasons.
Didn't like the latest posts from Mr. Hill on Twitter.
You have a great extension, why keep on bashing the competition (and don't have your facts straight)?

My settings for the AdGuard extension:
General: all three disabled
Filters:
Ad Blocking: AdGuard Base filter
Privacy: AdGuard Tracking Protection filter, AdGuard URL Tracking filter, EasyPrivacy, Fanboy's Anti-Facebook List
Social Widgets: AdGuard Social Media filter
Annoyances: AdGuard Annoyances filter
Language-specific: AdGuard Dutch filter
Stealth Mode: off
Miscellaneous: Use optimized filters on and Send statistics of ad filters usage and Show information on the AdGuard full version off

With those filters and the optimized filters setting the filter rules count = 79578.
Memory used (Edge Task Manager) = 42.756k
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
Why don't you enable Stealth Mode?
It makes AdGuard a little "heavier" and is not adding much to my config:
Hide your search queries is covered by AdGuard URL Tracking filter
Send websites signals not to track you is controversial and can be done by the browser
Self-destruction of third-party cookies gave me issues with logins and payments and is covered by blocking third-party cookies in the browser (with adding some needed exceptions).
Hide Referrer from third-parties and Remove tracking parameters are covered by AdGuard URL Tracking filter
Block WebRTC is not needed in most browsers: Remove WebRTC leak prevention · Issue #1723 · uBlockOrigin/uBlock-issues
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
Have you tweaked F-secure deep inspection/system guard (i forgot how it is called)?
No, there are no settings to tweak for DeepGuard.
You can only add folders to its ransomware protection.
Media folders were automatically added after the first reboot when you install F-Secure Safe/Ziggo Safe Online.
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
What is teh Ziggo Safe Online? Can you upload pictures about this AV? Thank you. :)
Ziggo Safe Online is an ISP branded version of F-Secure Safe.
In The Netherlands the other big ISP is KPN and they have KPN Veilig (also F-Secure Safe).

Here is a picture form an older version:
Ziggo-Safe-Online-versus-F-Secure-Safe-800x271.png


Exactly the same but in the orange colors of Ziggo :D

 

Plag

Level 2
Apr 15, 2020
83
268
Ziggo Safe Online is an ISP branded version of F-Secure Safe.
In The Netherlands the other big ISP is KPN and they have KPN Veilig (also F-Secure Safe).

Here is a picture form an older version:
View attachment 261065

Exactly the same but in the orange colors of Ziggo :D

Thank you for your answer. And you like this AV?Are you satisfied?
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
Thank you for your answer. And you like this AV?Are you satisfied?
Yes, I like it.
The pros and cons that I can think of just now:

Pros:
Low resource use
Decent protection
No root certificate
No useless extras, just an AV.
Mikko Hyppönen
@upnorth uses it ;)
"Free" from my ISP (Ziggo)

Cons:
Weak on java-based malware (covered by installing Simple Windows Hardening).
Weak self-protection on administrator accounts, but they are working on that in version 18.2.
ISP branded version is always behind on the official version (version 18.1 is coming soon... but not yet).
 

Kees1958

Level 4
Verified
Sep 5, 2021
159
867
It makes AdGuard a little "heavier" and is not adding much to my config:
Hide your search queries is covered by AdGuard URL Tracking filter
Send websites signals not to track you is controversial and can be done by the browser
Self-destruction of third-party cookies gave me issues with logins and payments and is covered by blocking third-party cookies in the browser (with adding some needed exceptions).
Hide Referrer from third-parties and Remove tracking parameters are covered by AdGuard URL Tracking filter
Block WebRTC is not needed in most browsers: Remove WebRTC leak prevention · Issue #1723 · uBlockOrigin/uBlock-issues
Thanks for sharing. I noticed you use Microsoft Edge. When you have configured it to delete stuff when closing the browser and have Anti-Tracking on default (than it only blocks access to cryptominers and fingerprinting and storage of advertising and social LINK), you could also allow third-party cookies to prevent any usability issues.

Third-party cookie tracking is phased out by Google, because of Apple's and Firefox intelligent/advanced tracking protection and Microsoft Edge's anti-tracking (although Microsoft's Disconnect based anti-tracking can be roughly described in layman's terms as the previous Disconnect anti-tracking version of Firefox). But when you already have set all the exceptions, completely blocking third-party cookies is better.

I like Adguard also and run it in a similar setup on my wife's laptop (with optimized filters option enables for ads, trackers and social).
 
Last edited:

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,210
40,935
After reading the latest post in Windows 11 - First look I too installed Windows 11 on an unsupported system.
Enjoying the change and the search for (new) settings :D
The only thing I really dislike is the big taskbar.
Tried the reg fixes that are posted on the net, but small looks horrible with cut off icons in the taskbar.
And I changed from AdGuard to uBlock Origin again, both are great, I just like uBO more.
Just don't follow Mr. Hill on Twitter...
 
Last edited:
Top