Advanced Security oldschool's 2022 laptop configuration

Last updated
Jul 2, 2022
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 11
OS edition
Pro
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Standard user - Limited permissions
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Microsoft Defender configured with Group Policy
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Highest setting with ASR rules enabled:
- block JS/VBS from launching downloaded executable content
- block execution of potentially obfuscated scripts
- block executable content from email client and webmail
- block credential stealing from Windows local security authority subsystem (lasass.exe)
- block process creations originating from PSExe and WMI commands
- use advanced protection from ransomware
- block persistence through WMI event subscription

Controlled Folder Access enabled with added folders:
- C:\Program Data\Microsoft\Windows\Start Menu
- C:\Users\oldshool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
- C:\Users\oldschool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

RunBySmartscreen
Custom exploit protection settings for all apps
Malware testing
No malware samples
Periodic security scanners
EEK | KVRT
Secure DNS
Quad 9
VPN
None
Password manager
Browsers, Search and Addons
Brave Startpage | Brave Adblock | Emsisoft Browser Security
Firefox Startpage | µBO + Kees1958 lists | Emsisoft Browser Security | strict tracking | total cookie protection | Firefox Privacy or: How I Learned to Stop Hardening and Love Strict Tracking Protection
Edge Startpage | µBO + Kees1958 lists | Emsisoft Browser Security | Strict tracking protection
Maintenance and Cleaning
Windows built-in
Personal Files & Photos backup
Copy/Paste
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Wiindows built-in | Aomei Backupper
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Shopping. 
  4. Downloading software. 
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Personal changelog
22-1-9 Added VodooShield Pro v. 7.0
22-1-28 Removed TinyWall | Changed to Ghostery in Edge & Firefox
22-1-31 Removed VoodooShield
22-5-5 Removed VoodooShield
22-6-17 Switched to Bitdefender Free
22-6-23 Replaced Bitdefender with M$ Defender
22-7-1 M$ Defender configured via Group Policy to High + and added one ASR rule.
Feedback Response

General feedback

oldschool

Level 67
Thread author
Verified
Top poster
Well-known
Mar 29, 2018
5,654
New year. Same simple setup.

Edge flags:
1641081536065.png
Exploit protection (thanks to @Umbra). These haven't broken anything yet, e.g. extensions crashing.
Code:
- for Brave, Edge and Firefox:

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

ADD for Edge Chromium only:

Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
 
Last edited:

Gandalf_The_Grey

Level 61
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,054
I had printer issues after making exceptions. I uninstall when I encounter issues like this. Windows built-in = less problems.
Yes, a good decision (y)
Keeping things simple is lost art, but I can understand that on a security forum.
We hear of all those threats and there are so many toys to play with...
 

cliffspab

Level 4
Verified
Well-known
Oct 4, 2019
173
It's just like every Windows before it. It does all the same stuff in pretty much the same way, but you'll tell yourself it's a solid step in the right direction as ultimately everyone will have to upgrade and it's stupid to be the last man standing if you're interested in technology, right?
 

Antimalware18

Level 10
Verified
Well-known
Jan 17, 2014
473
If you dont mind me asking, I've noticed your using Emsisoft's browser protection, I was wondering why as opposed to something like Malwarebytes?
In my admitted limited testing Emsisoft's was good but not quite on the level as Malwarebyte's
But great setup either way (y)(y)
 

oldschool

Level 67
Thread author
Verified
Top poster
Well-known
Mar 29, 2018
5,654
Upgraded to W11. I'm happy with it and see no reason to go back to 10.

And I was one of those put off by the early reports, thinking "W10 till '25"! ;)
There is a principle which is a bar against all information, which is proof against all arguments and which cannot fail to keep a man in everlasting ignorance - that principle is contempt prior to investigation.
- Herbert Spencer