At-Risk geminis3's Security Config 2022

Last updated
Jun 1, 2022
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 11
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
Microsoft Defender
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
  • PUP detection
  • Memory Integrity (HVCI)
Malware testing
No malware samples
Periodic security scanners
MBAM, NPE and HitmanPro
Secure DNS
Cloudflare, Adguard (unfiltered) and NextDNS (unfiltered) on Adguard Home (malware protection enabled) at my RPi 4 (network-wide)
VPN
Windscribe and ProtonVPN
Password manager
Bitwarden
Browsers, Search and Addons
Microsoft Edge, Google Chrome and Firefox with uBO and Bitwarden
Maintenance and Cleaning
CCleaner and Cleanmgr+
Personal Files & Photos backup
Google Drive and local backups on external drives
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Macrium Reflect Free
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. PC and cloud gaming. 
  7. App developer. 
Computer specs
  • Acer Predator G3-571
  • i7-7700HQ
  • GTX 1060
  • 16GB DDR4
  • 1TB NVMe
Personal changelog
Windows 11 22H2 (Insiders)
Microsoft Defender only
Feedback Response

General feedback

geminis3

Level 19
Thread author
Verified
Top poster
Well-known
Sep 10, 2015
907
Hoping you guys had a wonderful holiday, this is my security config for 2022. I have Windows 11 Pro installed along with Fedora Workstation 35.

Windows Defender can become very CPU and I/O consuming specially when copying large folders such as node_modules so I ended up buying an Emsisoft Anti-Malware license because it's the less intrusive solution I found (I don't want SSL MITM or bloated suites just a simple AV to replace WD).

1641246297253.png

This year I'm going to replace my current laptop but I'm still not sure wheter to go with a MacBook Pro (M1 Pro) or an Alder Lake based laptop (preferably a ThinkPad but as long as the RAM/NVMe is upgradeable and it doesn't has Nvidia nor hardware that doesn't work properly on Linux I'm fine).

Stay safe!
 
Last edited by a moderator:

Vitali Ortzi

Level 22
Verified
Top poster
Well-known
Dec 12, 2016
1,114
just use Linux you will have more control of what takes your IO
anyway since m1 has unlocked boot-loader its really nice and efficiency is unheared of in any other mobile as long as you dont need x86 or certain applications i think mac is a really nice
unforntaly thinkpads are dead im writing this in a t400 and its dam good except ##### speakers ##### screen and slow ass p8700 cpu
if i had this exact laptop with micro led ,arm ,nice speakers and modern ports it would have been my fav laptop
but ibm design is long dead :(
 

geminis3

Level 19
Thread author
Verified
Top poster
Well-known
Sep 10, 2015
907
Since Linux runs so bad on Nvidia Optimus laptops currently I'm only using Windows 10 LTSC 2021 on this machine, had to ditch Windows 11 since it blocks MSR writes required for CPU undervolting when running VBS (WSL2).

I'm also using EIS since it's more lightweight and doesn't has FP issues unlike EAM (behavior-blocked quarantined my PostgreSQL installation whilst performing a backup routine 🤣).

1648515919841.png


PD: Now I'm waiting for the M2 powered MBP to come out since development will be moving forward to ARMv9 in the next years.
PD2: Asahi Linux is making eyes at me.
 

geminis3

Level 19
Thread author
Verified
Top poster
Well-known
Sep 10, 2015
907
I went back to Windows 11 but now I'm using 22H2 (Insiders Beta channel), protection wise I'm sticking to Microsoft Defender on default settings (only PUP and HVCI are enabled).

1654093354166.png


PD: no MacBook for me (as a software developer I need to work with the customer's legacy technology stack) so I'm getting a Lenovo Legion laptop (Ryzen) in the next months.
 

SeriousHoax

Level 42
Verified
Top poster
Well-known
Mar 16, 2019
3,196
I went back to Windows 11 but now I'm using 22H2 (Insiders Beta channel), protection wise I'm sticking to Microsoft Defender on default settings (only PUP and HVCI are enabled).

View attachment 267158

PD: no MacBook for me (as a software developer I need to work with the customer's legacy technology stack) so I'm getting a Lenovo Legion laptop (Ryzen) in the next months.
It's also better not to try third party AVs on this build. ESET and Bitdefender failed to properly turn off Microsoft Defender on this build. These are the only two that I tested so maybe it's an issue for other products too because even using Group Policy to turn off Defender didn't work. Windows Security shows third party AV is active yet Defender service kept running. So it's a bug of this build I guess. So stick to Microsoft Defender.