SECURITY: Complete nefty1029 Work Laptop Security Config 2020

Last updated
Aug 17, 2020
About
Provided by workplace
Desktop OS
Login security
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Real-time protection
  1. Microsoft Defender
  2. Comodo Firewall
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Microsoft Defender:
  1. Configure Defender at High Settings
  2. Hard_Configurator using Windows_10_MT_Windows_Security_hardening profile.
  3. Firewall Hardening using recommended values
  4. Run by Smartscreen installed
Comodo Firewall
  1. Using Cruel Sister settings
  2. Chrome and Firefox Sandboxed (Sandboxing Edge causes errors)
Malware testing
No malware samples
Periodic security scanners
Malwarebytes Free (On Demand)
Hitman Pro Free (On Demand)
Kaspersky Virus Removal tool (Monthly)
Browsers, Search and Addons
Secure: Edge Browser using a modified banking profile based on this thread with enabled Flags and anti-exploit settings.
  1. Adguard Extension with additional rules from here and here.

Main : Chrome
  1. Birdefender TrafficLight
  2. Netcraft Extension
  3. Adguard extension
  4. Microsoft Defender Browser Protection
Backup: Firefox
  1. Birdefender TrafficLight
  2. Netcraft Extension
  3. Adguard extension
Edge is used to access banking and government related sites. Chrome is used for regular browsing and Firefox is used for backup. Both Firefox nd Chrome are sandboxed by Comodo based on Cruel Sister's guide.
Maintenance and Cleaning
  • Windows Disk Cleaner
  • PatchmyPC
  • Revo Uninstaller Free
Personal Files & Photos backup
Onedrive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Aomei Backupper
Device backup routine
PC activity
  1. Banking. 
  2. Browsing the web. 
  3. Working from home. 
Computer specs
13" Macbook Pro (early 2015 model)
  • CPU: Intel Core i5-5257U.
  • GPU: Intel Iris Graphics 6100.
  • Storage: 256GB SSD.
  • RAM: 8GB
Personal changelog
17 August
  • Changed Hitman Pro scans from Daily to Ondemand.
  • Changed Malwarebytes scans from Weekly to Ondemand.

nefty1029

Level 1
Mar 13, 2018
24
Here is the configuration for my work laptop. Compared to my main laptop, my work laptop is much more locked down and with minimal software installations. The only other major software installed that is Office 365.
This is mainly used to type documents and edit spreadsheets, as well as access banking and government related websites.
I have also made a standard user account just in case my family wants to use the PC.
 

SecurityNightmares

Level 40
Verified
Jan 9, 2020
2,946
"Hitman Pro Free (Daily)"
With your setup this isn't needed. Same for weekly scans.

"Secure: Edge Browser using a modified banking profile based on this thread with enabled Flags and anti-exploit settings."
(y) :emoji_beer:
With the profile based Edge setup you don't need other browsers ;)

"KeePass XC"
Under Windows I recommend the original KeePass which is audited and provide secure desktop mode and plugins like for Windows Hello
 
  • Like
Reactions: Protomartyr

nefty1029

Level 1
Mar 13, 2018
24
"Hitman Pro Free (Daily)"
With your setup this isn't needed. Same for weekly scans.
Changed Hitman Pro scanning from daily to ondemand. Same with Malwarebytes.
"Secure: Edge Browser using a modified banking profile based on this thread with enabled Flags and anti-exploit settings."
(y) :emoji_beer:
With the profile based Edge setup you don't need other browsers ;)
True but I like separate my work from casual browsing and having a different browser is much easier for me than using multiple Edge profiles.

"KeePass XC"
Under Windows I recommend the original KeePass which is audited and provide secure desktop mode and plugins like for Windows Hello
I actually used Keepass for some time before importing my database to KeepassXC. I still prefer the UI of KeepassXC.
 
Top