SECURITY: Complete Joyous Daughter's Laptop configuration 2021

Last updated
May 14, 2021
About
Owned by a family member
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Standard user - Limited permissions
Other users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
Defender with Comodo firewall ( Cs setting with locked down file rating), Adguard , Firewall on Mikrotik Hap Ac
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
Windows defender with configure (at high) defender and Comodo firewall at CS setting along with following changes.
1. Hips enabled.
2.password protected.
3. Firewall with block all incoming connections, enabled block loopback traffic, fragmented traffic, anti arp traffic, filter ipv6 and enabled protocol analysis.
4. Containment setting " don't show privilege elevation alerts" run inside container- enabled and all CS settings.
5.File rating> Vendor List> Removed all vendors> Kept only the ones which is installed in system.
6.Advanced Protection> Script analysis> Embedded code detection enabled for java, cmd and powershell.
7.Website filter disabled
Malware testing
No malware samples
Periodic security scanners
Norton power eraser. EEK, Hitman pro
Secure DNS
NextDns DoH at router level.
VPN
none
Password manager
Bitwarden with Authy for 2Fa
Browsers, Search and Addons
Ms Edge Chrome
Maintenance and Cleaning
Regorganizer
Personal Files & Photos backup
one drive and google drive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
windows image recovery, Macrium Reflect incremental backup
Device backup routine
Automatic (scheduled)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Multimedia. 
  4. Streaming. 
Computer specs
Dell Inspiron 15, 3000 series. AMD Ryzen™ 3 3250U, Integrated graphics with AMD APU, 48GB, 2x4GB, DDR4, 2400MHz, 256GB M.2 PCIe NVMe Solid State Drive (Boot) + 1TB 5400 rpm 2.5" SATA Hard Drive Storage.
Personal changelog
1.Installed new os on 14/05/2021
2. all changed made on above day.
Feedback Response

Most critical feedback

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
582
This is my daughter's New laptop. She is using it for her educational purpose, She is only 12 years old so I decided to go with a locked down configuration with the help of Comodo firewall. All unknown files are automatically contained and run with "limited " privileges. To make it a locked down system I have removed all vendors certificates from Vendor List and kept only the ones which is installed in system ( about 30 or so digital certificates) and disabled " cloud Lookup" in File rating. Now what this does is, any file, if it is not in the vendor list, will be executed -be it digitally signed or not- will run inside the "containment". So she can not install anything knowingly or unknowingly with out my permission.
How to easily populate vendors list for a locked down configuration;
1. Enable CS settings in containment.
2. Enable cloud lookup in file rating.
3. select all vendor certificates in vendor list by ticking Vendor Tab.
Untitled-1.jpg
4. remove all and click "OK"
5. Now run all the apps you have installed one by one, the vendor list will get auto populated as you run those applications. Restart the pc and keep the "cloud lookup" feature in file rating for a few days.
6. Disable the cloud lookup in file rating.
7. If you need to install anything just enable the cloud lookup in file rating for it and disable the same after installation.
 
Last edited:
Top