SECURITY: Complete Minimalist's security configuration 2021

Last updated
Apr 30, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS License Type
Pro
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary account rights
Administrator permissions
Other accounts rights
N/A - Single user account
Security updates
Manual - check for updates, but do not install
Windows UAC
Maximum - always notify
Network firewall
Personal router w/ firewall & filtering
Real-time protection
Emsisoft Anti-Malware
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Emsisoft: Behavior Blocker and File Guard set to Alert
Macrium: enabled and configured Macrium Image Guardian
Malware research
No - malware samples are not downloaded
Periodic scanners
HitmanPro, Norton Power Eraser
DNS
Quad9 (9.9.9.9)
CloudFlare (1.1.1.2)
VPN
Mullvad
Password manager
KeePass
Browsers, Search and Addons
Firefox & uBlock Origin
PC maintenance
ShutUp10
CCleaner
Personal Files & Photos backup
Daily - synchronization on internal disks using batch file and scheduler.
Daily - Macrium Incremental file backup for important data.
Weekly - manually copying data to external disks.
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Macrium Reflect
Device backup routine
Automatic (scheduled)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Emails. 
  4. Shopping. 
  5. Banking. 
  6. Remote assistance. 
  7. Streaming. 
Computer specs
HP EliteDesk 800 G5 TWR
• Intel Core i7-9700 CPU @ 3.00GHz
• Intel UHD Graphics 630
• DDR4 32 GB @ 2667 MHz
• 2x 500 GB SSD + 4TB HDD
Personal changelog
24.12.2020 - original post.
29.12.2020 - added information for new data entries.
30.12.2020 - added information about password manager.
1.1.2021 - set Quad9 for DNS server.
15.1.2021 - added CloudFlare to DNS servers list.
19.1.2021 - changed updates to manual.
24.1.2021 - enabled Macrium Image Guard.
31.1.2021 - added info about network firewall.
15.2.2021 - installed Trend Micro as real-time antimalware solution.
27.2.2021 - Installed Kaspersky Internet Security and enabled Trend Micro protections included in router.
7.3.2021 - replaced Kaspersky Internet Security with Emsisoft Anti-Malware.
26.4.2021 - installed KIS in "minimal" mode.
30.4.2021 - replaced KIS with Emsisoft Anti-Malware
Feedback Response

General feedback

Minimalist

Level 5
Oct 2, 2020
217
After years of using either Kaspersky, ESET or Emsisoft I found another one that I like - Trend Micro. I found it thanks to @McMcbrad (y)

I love it's design and so far don't feel any slowdowns. I'll give it a try and see if I can stick with it for longer period. Will post an update when I come back to forums in April after Lent is over.
 

Minimalist

Level 5
Oct 2, 2020
217
hi, can you give some more details on this please.

I have succeeded in running the macrium rescue media iso in virtualbox but can't load the system image because I can't navigate to it.

thanks
I usually do it the long way: I create VHD file in Disk management, attach that VHD file and restore Macrium image of my system to it. After restore I detach VHD and run Virtual Machine that uses that VHD file.

There is also an option to use viBoot, but so far I didn't try it: Macrium viBoot - KnowledgeBase v7 - Macrium Reflect Knowledgebase - KnowledgeBase v7 - Macrium Reflect Knowledgebase
 

Minimalist

Level 5
Oct 2, 2020
217

Minimalist

Level 5
Oct 2, 2020
217
Today I reinstalled Kaspersky. This time I'll go with "minimal" setup, disabling everything I think that I don't need.

Here is the list of changes I made:
- uninstalled Kaspersky VPN
- for all scans action was set to Notify, for Full scan I disabled scan of archives
- General: I disabled Perform recommended action automatically
- File Anti-Virus: action set to Ask user; Scan mode set to On execution
- Web Anti-Virus: action set to Ask user; disabled URL advisor
- Mail Anti-Virus: action set to Ask user; disabled Attachment filter
- Firewall: I changed network type for my network from Trusted to Local
- Application Control: disabled Digitally signed applications;
- System Watcher: left everything to Ask user
- disabled KSN feedback system
- Software Updater: disabled
- Application Manager: disabled
- Private Browsing: disabled
- Safe Money: disabled
- Network Settings: disable Inject script into web traffic; disabled scan of encrypted connections
- disabled News notifications and Promotional materials
- disabled On-Screen Keyboard, disabled secure keyboard imput
- set all heuristic analysis to Light scan
- disabled dump writing (debug information)

EDIT (29.4.2021): I reenabled Perform recommended actions automatically

Will see how it goes.
 
Last edited:
Top