Latest Changes
Oct 15, 2019
Operating System
  • Windows 10
  • Windows Edition
    Enterprise
    Version or Build no.
    LTSC 2019 (1809)
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Always Notify
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Administrator
    Sign-in Accounts
    None
    Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    • Kaspersky Internet Security 2020
    RTP - Custom security settings
  • Minor changes for Increased security
  • RTP - Details of Custom security settings
    • Check URLs for legitimate apps that can be used by criminals
    • Block camera acess for all aplications
    • Disable animations (for smoother experience)
    Virus and Malware Removal Tools
    • Malwarebytes Free
    • Emsisoft Emergency Kit
    Browsers and Extensions
    Chrome & Firefox:
    • Bitwarden browser extension
    Privacy-focused Apps and Extensions
    • F-Secure Freedome VPN
    • Windscribe VPN
    • Quad9 DNS (router level)
    Password Managers
  • Bitwarden
  • Web Search
  • Google
  • System Utilities
    • PatchMyPC
    • ProcessExplorer
    • AutoRuns
    • CCleaner Portable
    • CPU-Z
    • HWMonitor
    • HWINFO64
    • Bandizip
    Data Backup
    • Google Drive
    Frequency of Data backups
    Always-on Sync
    System Backup
    • Macrium Reflect Free
    Frequency of System backups
    Regularly
    Computer Activity
  • PC Gaming
  • Browsing web and email
  • Watch movies and other entertainment content on the Internet
  • Download files from different sources
  • Office and work related tasks
  • Video or photography editing
  • Programming
  • Computer Specifications
    Acer Predator Helios 300 (G3-571-77QK):

    • i7-7700HQ
    • GTX 1060 6GB
    • 16GB DDR4
    • 256GB SSD
    • 1TB HDD

    geminis3

    Level 3
    Verified
    Looks good to me. Have you applied any OS hardening of any kind? (y)

    One suggestion, if you are not already aware of it, is Hard_Configurator. It is a GUI to apply hardening via SRP. It was created and is maintained by @Andy Ful for W10 Home, but you may use it on Pro. You may find it here:

    AndyFul/Hard_Configurator
    I can't go default deny because I use my laptop for programming but I've tweaked Windows Defender using Group Policy Editor.
     

    LDogg

    Level 30
    Verified
    So I'd state from this config you only have 2/3 layers of security done, maybe 1 as Macrium Reflect could be a better source of backing up files to that in comparison of Google Drive, but I believe this is merely personal opinion and not fact.

    You have a Firewall which is the default from Microsoft, you have a backup solution in the form of GD, however I believe you have inadequate web protection. I'd recommend Scriptsafe & Emsisoft Browser Security for your web browser and maybe twin Windows Defender with Configure Defender or OSArmor/VoodooShield. Most attack areas now revolve around email and web.

    Take the advice as you will, thanks for sharing.

    ~LDogg
     

    geminis3

    Level 3
    Verified
    Update 5/7/2019

    Avast was causing me a very strange behaviour when I open a website , first it looks like there's no internet for less than 2 seconds and then the website loads correctly, it didn't happened all time but I prefer to stay 100 KM away from Avast/AVG products.
    • Rolled back to a previous non Avast image and installed Bitdefender Free AV
     

    geminis3

    Level 3
    Verified
    Let us know how it goes with BD. (y) It had some bugs when I used it 6 months ago.

    This is kind of funny though: "Default - Settings are balanced for security and performance" since that's all there is to it. :)
    It started freezing my laptop when I'm on battery so I rolled back and went with Panda Dome Free, I can't even feel that it's running in the background.
     

    Evjl's Rain

    Level 44
    Verified
    Trusted
    Content Creator
    Malware Hunter
    I don't know what your archiver is but please consider using Bandizip or bandizip portable
    It will save you from a lot of infections because Panda free is in a weaker sode compared to other well-known AVs

    also please consider installing Windows defender browser protection extension for chrome since panda has a virtually useless webfilter
     

    geminis3

    Level 3
    Verified
    I don't know what your archiver is but please consider using Bandizip or bandizip portable
    It will save you from a lot of infections because Panda free is in a weaker sode compared to other well-known AVs
    I always use 7-Zip
    also please consider installing Windows defender browser protection extension for chrome since panda has a virtually useless webfilter
    BitDefender Traffic Light is way better than WDBP also I use CleanBrowsing DNS.
     

    geminis3

    Level 3
    Verified
    Update
    14/7/2019
    • Replaced Panda Free with F-Secure Safe
    • Added F-Secure Browsing Protection Addon
    The last time I used F-Secure was when they used BD engine (Aquarius), now with Avira (Capricorn) engine it feels lighter (not as Panda but lighter than BD or WD) also it's DeepGuard (behavior blocker) and Advanced Network Protection makes it a better option over standalone Avira product which only relies on cloud and signatures.

    Another thing which I appreciate is that it doesn't snoops on HTTPS connections (like most AVs nowadays). Looks like I'm going to stick with this config a long time :geek:

    Edit (I forgot to list those changes)

    • Removed Panda CloudCleaner, OS Armor
    • Replaced 7-zip with Bandizip
    • Added ProcessExplorer, AutoRuns,


    F-Secure Resource Usage on my laptop

    216731
     
    Last edited:

    geminis3

    Level 3
    Verified
    Update 7/8/2019

    • Switched from CleanBrowsing DNS to Quad9 (better performance in my case).
    • My router is now running DD-WRT and fowarding DNS queries to a non standard port using built-in dnsmasq, also it removes insecure WPS function and fixes the bufferbloat problem :cool:

    Greetings,
    Geminis3.
     

    geminis3

    Level 3
    Verified
    Update 15/10/2019

    I reimaged my laptop with Windows 10 LTSC 2019 (based on v1809) so I reworked almost my entire config (check the summary tab ;))

    Some highlights:
    • KSC Free as main protection layer
    • PatchMyPC Home to install and update software updates automatically
    • CCleaner Portable to keep my PC tidy (manual run every month)
    • Nano Adblocker + Nano Defender instead of uBlock (it can bypass some anti-adblocking techniques)
    PD: I attached a screenshot of my previous config if you want to compare it.

    Greetings,
    Geminis3
     

    Attachments