Advanced Plus Security geekwithlens Security Configuration 2020

  • Thread starter Thread starter ForgottenSeer 77207
  • Start date Start date
Last updated
Apr 7, 2020
Operating system
macOS 15 Sequoia
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Kaspersky Internet Security.
Firewall security
About custom security
Check my configuration here. Q&A - Kaspersky Internet Security 2020 Extremist Configuration
Periodic malware scanners
MBAM (Set to auto scan every week in Setting) + Emsisoft Emergency Kit (Set it to auto scan every week using Task Scheduler)
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge with LastPass. I am like this new Microsoft Corporation more. Microsoft is already tracking you. Why let another company (Google) track you? Chromium based Edge is as good, fast & secure as Google Chrome.
Maintenance tools
None. I have Storage Sense enabled with default Windows defragmentation. I clear browser caching files and temporary files once every year manually.
File and Photo backup
I use Google Drive and Onedrive on this system. Using Task Scheduler to start Google Drive & OneDrive once a week and close it after 2 hours of activity.
System recovery
Mcrium Reflect + AOMEI Backupper Professional
Risk factors
    • Gaming
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
    • Working from home
Computer specs
Custom built.
Intel i7 6700K (Skylake Architecture)
Gigabyte 980 Ti Extreme Windforce
GSkill Ripjaws V 16 GB (8x2) DDR4 RAM. Don't remember the memory clock speeds.
Sandisk Extreme Pro 480GB.
I guess nothing else matters apart from the above specifications.
Notable changes
06 April 2020 - Added Emisoft Emergency Kit & MBAM as Second Opinion Scanner, UAC changed to Always Notify from Never Notify.

07 April 2020 - Switched to Microsoft Edge Browser, Switched to Weekly Backup from Always On Sync, Removed Remote Fingerprint Unlock, Switched to Ethernet from WIFI for better stability.
Enable UAC, at least, at Default, but I would set it to Always Notify...

In Virus and Malware Removal Tools, You may add MalWareBytes Free and/or EmsiSoft Emergengy Kit.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
 
  • Like
  • +Reputation
Reactions: Nevi, toto_10, oldschool and 4 others
Interesting setup in regards to replacing uBlock Origin in favor of NextDNS for network-wide ad blocking. It's something that I have also considered previously.
Are there any situations you've encountered where uBlock Origin would have been better? Or does NextDNS basically cover all your needs?

Some features of uBlock Origin that I have come to use a lot include the element picker and cosmetic filtering. Does NextDNS cover this?
 
  • Like
Reactions: Nevi, stefanos, harlan4096 and 3 others
harlan4096 said:
Enable UAC, at least, at Default, but I would set it to Always Notify...

In Virus and Malware Removal Tools, You may add MalWareBytes Free and/or EmsiSoft Emergengy Kit.

Please kindly reflect Your changes editing Your config, and announcing them here, thanks for sharing :)
Click to expand...

I was not much aware what UAC used to do apart from disturbing with so many notifications. I have read about it. I have set UAC to Always Notify.

I had added Hitman Pro yesterday but it gave a lot of false positives due to it's Behavior Blocker. I have now added Emsisoft as my second opinion scanner. I do have Malwarebytes multi-year license. I don't install it as it starts up with Windows even if I keep real-time protection disabled & disable it's startup. I think there is some MB service which makes this happen. What is your thoughts on MB vs Emsisoft?

Thank you for all your help. I really appreciate it. :)
 
  • Like
Reactions: Protomartyr, toto_10, Nevi and 1 other person
Protomartyr said:
Interesting setup in regards to replacing uBlock Origin in favor of NextDNS for network-wide ad blocking. It's something that I have also considered previously.
Are there any situations you've encountered where uBlock Origin would have been better? Or does NextDNS basically cover all your needs?

Some features of uBlock Origin that I have come to use a lot include the element picker and cosmetic filtering. Does NextDNS cover this?
Click to expand...

You can't do element picking and cosmetic filtering with a DNS based ad-blocker. I cannot block Youtube ads with NextDNS. I think uBlock Origin is better but I am worried about the upcoming changes from Google where blockers like uBlock may not be effective.

I will update you if I make any further changes in this department. I am still experimenting here.
 
  • Like
  • Thanks
Reactions: Protomartyr, toto_10, stefanos and 1 other person
geekwithlens said:
Do I really need to switch to a standard user account? I have UAC enabled now and I am also using Trusted Application Mode of Kaspersky which won't allow any unverified app to execute.
Click to expand...

Your system is really locked down with your extremist configuration so the choice is yours. It depends on how (in)convenient it would be for your type of PC usage. I simply think it's good practice to use SUA.
 
  • Like
Reactions: Protomartyr, toto_10, Nevi and 3 others
oldschool said:
Your system is really locked down with your extremist configuration so the choice is yours. It depends on how (in)convenient it would be for your type of PC usage. I simply think it's good practice to use SUA.
Click to expand...

Thank you very much. I have decided to stick with admin account for now. I will be looking at fine tuning Kaspersky Application Control to make it more harder for malware to get access to the system.
 
  • Like
Reactions: Protomartyr, toto_10 and harlan4096
I do have Malwarebytes multi-year license. I don't install it as it starts up with Windows even if I keep real-time protection disabled & disable it's startup. I think there is some MB service which makes this happen. What is your thoughts on MB vs Emsisoft?
Click to expand...
You do mean MWB <> EmsiSoft as real-time security products or as Second Opinion / Virus and Malware Removal Tools ?
 
  • Like
Reactions: Protomartyr, toto_10, Nevi and 1 other person
Zero Knowledge said:
I would not use an android app for windows. That's just me though. The only bio-metric applications I would trust are in built ones from Microsoft and Apple.
Click to expand...

You have highlighted a important aspect of my setup. I did look for options to replace it. I couldn't find something suiting my needs. Microsoft Hello requires you to have a external device for fingerprint unlock. Another alternative from a reputed provider is Duo. We use Duo for our clients. It is very secure. I like Duo but it requires to enter password before prompting for 2FA. My Current Solution (Remote Fingerprint Unlock) allows me to get into my PC without entering any credentials. I click on the app in my mobile and authenticate my fingerprint. It also helps me to wake my PC over WLAN.

App says:
"Be sure to allow incoming and outgoing traffic (both TCP and UDP) in your firewall for the LogonUI.exe process found in C:\Windows\System32. You will be asked at the installation if you want this done automatically for you if you are using Windows Firewall."

I have not noticed any external connection from the desktop app. I need to check for the android app.
 
  • Like
Reactions: Protomartyr, toto_10 and harlan4096
You must log in or register to reply here.

You may also like...