Advanced Plus Security Gandalf_The_Grey's Security Configuration for 2019

Last updated
Dec 1, 2019
Windows Edition
Pro
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Ziggo Safe Online (F-Secure Safe) 17.7 and VoodooShield 5.52 beta
Firewall security
Microsoft Defender Firewall
About custom security
Removed Internet Explorer 11.
Ziggo Safe Online switched off Banking protection.
VoodooShield enabled WhitelistCloud and added the new Edge to web apps
Periodic malware scanners
HitmanPro and AdwCleaner (for the kids)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge Dev with uBlock Origin, F-Secure Browsing Protection, Netcraft Extension, Certificate Info and Bitwarden.
Maintenance tools
O&O ShutUp10, Patch My PC, Autoruns, Bandizip, Driver Easy Pro, CCleaner Pro and Disk Cleanup
File and Photo backup
OneDrive, File History
System recovery
Windows system image
Risk factors
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
    • Working from home
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Acer Aspire VN7-791G-576X
Intel Core i5-4210H
Intel HD Graphics 4600 / NVIDIA GeForce GTX 860M
Kingston 16GB Dual-Channel DDR3 PC3-12800 RAM
Samsung SSD 850 EVO M.2 250GB
Seagate HDD ST1000LM014-1EJ164 1TB
Realtek High Definition Audio

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Windows Defender blocked the safe links feature of outlook.com :mad:
So I'm back to Kaspersky free antivirus with the performance tweaks from @Evjl's Rain and don't decrypt EV certificates.
Keeping the latest Hard Configurator Beta with Windows 10 Recommended Enhanced profile.
Still not decided between CCleaner Pro and PrivaZer Donors version, but slowly using PrivaZer more and more (y)
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Windows Defender blocked the safe links feature of outlook.com :mad:
So I'm back to Kaspersky free antivirus with the performance tweaks from @Evjl's Rain and don't decrypt EV certificates.
Keeping the latest Hard Configurator Beta with Windows 10 Recommended Enhanced profile.
Still not decided between CCleaner Pro and PrivaZer Donors version, but slowly using PrivaZer more and more (y)
213808


:unsure: For me kaspersky does block it, and this is with harlans settings (cloud)
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
I did a reset / clean install on my laptop with windows 10 1903 and I'm going for an almost all Microsoft config.
Office 365 Home installed through the Microsoft Store.
Edge Dev as daily browser with uBlock Origin and LastPass.
Foxit Reader for PDF with Protected View for all files, JavaScript disabled and Safe Reading Mode enabled.
Bandizip for handeling zip files while keeping the mark of the web.
PrivaZer as cleaner. They will support the new Chromium based Edge as soon as there is a stable version.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Hi Gandalf thanks for sharing your config. It looks good! I saw FirewallHardening 1.0.0.0 what is this exactly, but more important, where can you download it?
Hi Mr.Wave Thank you (y)
FirewallHardening is a new toy from @Andy Ful and will probably be integrated in Hard_Configurator.
Info about this tool is on the last 3 pages of the Hard_Configurator thread, starting here: Discuss - Hard_Configurator - Windows Hardening Configurator
You can also download it from here: AndyFul/Hard_Configurator
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
I did a reset / clean install on my laptop with windows 10 1903 and I'm going for an almost all Microsoft config.
Office 365 Home installed through the Microsoft Store.
Edge Dev as daily browser with uBlock Origin and LastPass.
Foxit Reader for PDF with Protected View for all files, JavaScript disabled and Safe Reading Mode enabled.
Bandizip for handeling zip files while keeping the mark of the web.
PrivaZer as cleaner. They will support the new Chromium based Edge as soon as there is a stable version.

Very nice setup. I may have to ditch Wise when Privacy Eraser brings support for Edge Chromium. I had trouble adjusting to its UI, but I may need to give it more time. I wish they'd bring a "clear all browsing data on exit" feature to new Edge. You'd think they would since its in old version.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Thanks Kees @Windows_Security for the mentioning of Exploit Protection for Edge Dev (to be used only if you don't use an Anti-Virus, Anti-Exploit or AdBlocker which injects its code (a DLL) into the browser) (y)

Very nice setup. I may have to ditch Wise when Privacy Eraser brings support for Edge Chromium. I had trouble adjusting to its UI, but I may need to give it more time. I wish they'd bring a "clear all browsing data on exit" feature to new Edge. You'd think they would since its in old version.
Thanks, I sent an email to The PrivaZer Team asking if they would support Edge Dev and they replied:
As soon as there is an official release of Chrome based Edge.
Not sure we will support dev channel.
But I think and hope that other cleaners will do the same.

Is the option "Keep local data only until you quit your browser" not the same as "clear all browsing data on exit"?
 

FrFc1908

Level 20
Verified
Top Poster
Well-known
Jul 28, 2016
950
Hi Mr.Wave Thank you (y)
FirewallHardening is a new toy from @Andy Ful and will probably be integrated in Hard_Configurator.
Info about this tool is on the last 3 pages of the Hard_Configurator thread, starting here: Discuss - Hard_Configurator - Windows Hardening Configurator
You can also download it from here: AndyFul/Hard_Configurator
Graag gedaan landgenoot! And thank you for the links! I guess with all those toys that @Andy Ful created you can feel very safe on a windows native security setup! One more thing to say to the bad guys then ;

You-Shall-Not-Pass-Image.png
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Graag gedaan landgenoot! And thank you for the links! I guess with all those toys that @Andy Ful created you can feel very safe on a windows native security setup! One more thing to say to the bad guys then ;

View attachment 214181
Yes, it's great to have a native windows security setup and being able to not have to rely on third party security programs.
A good security config is a delicate balance, between adding layers and overkill.
Also through participating in those threads, asking questions I learned a lot about windows native security mechanisms.
I can't thank @Andy Ful @Windows_Security (andere landgenoot) @shmu26 and all the other members participating enough.
Still learning every day (y)
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Also through participating in those threads, asking questions I learned a lot about windows native security mechanisms.
I can't thank @Andy Ful @Windows_Security (andere landgenoot) @shmu26 and all the other members participating enough.
Still learning every day (y)

Precisely my experience and the reason for following/participating in that thread. We owe much to those with more experience! (y)
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Re-added O&O ShutUp10 .
Removed LastPass
Added Bitwarden
Bitwarden seems too be more trusted nowadays and trust matters when using a password manager.
Exporting form LastPass and importing in Bitwarden went great with the recommended LastPass Pocket application:
There are known bugs (for years now) with the LastPass exporter regarding special characters such as the ampersand (&), the greater than sign (>), and the less than sign (<). The LastPass exporter may change (HTML encode) these and possibly other special characters in your passwords to their respective HTML encoded values (ex. &amp;, &gt;, and &lt;). If this LastPass bug affects your exported data you should use a text editor (such as Notepad) to find and replace all of these values before importing into Bitwarden. For example, you may want to do a find and replace for &amp; → & and &lt; → <).
Alternatively, you can use the LastPass Pocket application to export your CSV data. The LastPass Pocket application does not appear to be affected by these bugs.
I enabled Windows Defender Sandbox by running:
Code:
setx /M MP_FORCE_USE_SANDBOX 1
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top