Advanced Security oldschool's 2022 laptop configuration

Last updated
Jun 23, 2022
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 11
OS edition
Pro
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Standard user - Limited permissions
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Default with ASR rules enabled:
- block JS/VBS from launching downloaded executable content
- block execution of potentially obfuscated scripts
- block executable content from email client and webmail
- block process creations originating from PSExe and WMI commands
- use advanced protection from ransomware
- block persistence through WMI event subscription

Controlled Folder Access enabled with added folders:
- C:\Program Data\Microsoft\Windows\Start Menu
- C:\Users\oldshool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
- C:\Users\oldschool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

RunBySmartscreen
Custom exploit protection settings for all apps
Malware testing
No malware samples
Periodic security scanners
EEK | KVRT
Secure DNS
Quad 9
VPN
None
Password manager
Browsers, Search and Addons
Brave Startpage | Brave Adblock | Emsisoft Browser Security
Firefox Startpage | µBO + Kees1958 lists | Emsisoft Browser Security | strict tracking | total cookie protection | Firefox Privacy or: How I Learned to Stop Hardening and Love Strict Tracking Protection
Edge Startpage | µBO + Kees1958 lists | Emsisoft Browser Security | Strict tracking protection
Maintenance and Cleaning
Windows built-in
Personal Files & Photos backup
Copy/Paste
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Wiindows built-in | Aomei Backupper
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Shopping. 
  4. Downloading software. 
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Personal changelog
22-1-9 Added VodooShield Pro v. 7.0
22-1-28 Removed TinyWall | Changed to Ghostery in Edge & Firefox
22-1-31 Removed VoodooShield
22-5-5 Removed VoodooShield
22-6-17 Switched to Bitdefender Free
22-6-23 Replaced Bitdefender with M$ Defender
Feedback Response

General feedback

oldschool

Level 67
Thread author
Verified
Top poster
Well-known
Mar 29, 2018
5,644
I'm using Brave more since they fixed the side panel feature to show bookmarks. Previously it only showed saved reading list. Brave is incredibly fast too.

Using Material Theme Dark [blue-grey] as it's the easiest on my eyes.

Also sticking with the default MS Defender + VoodooShield setup because it's simple and problem-free.
 
Last edited:

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,565
Said goodbye to VoodooShield. Fying solo with M$ Defender.

Also using the just released Alpha 10 version of Mindfulness at the computer. NIce, simple reminder to keep breathing!
Still being mindful at default with MD?

Edit: never mind just saw the change in your config. Looks good and simple.
 
Last edited:

ErzCrz

Level 12
Verified
Top poster
Well-known
Aug 19, 2019
556
Said goodbye to VoodooShield. Fying solo with M$ Defender.

Also using the just released Alpha 10 version of Mindfulness at the computer. NIce, simple reminder to keep breathing!
Always a inspiration for a simpler secure config. I still run uBO in a tweaked hard mode no matter which protection setup I'm using though I may revert to the older nooped medium mode for less hassle. Anyway, really considering going back to a simpler MD H_C config.

P.S. Mindful thing looks interesting.
 

SeriousHoax

Level 42
Verified
Top poster
Well-known
Mar 16, 2019
3,182
Defender @ default
Defender at default is not too bad. My PC runs more smoothly in default settings than configured to high. But PUP protection should be enabled which I guess you have and I prefer setting extended cloud timeout to 60 seconds to make sure something unknown gets enough time to be checked by the cloud AI.
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,565
Defender at default is not too bad. My PC runs more smoothly in default settings than configured to high. But PUP protection should be enabled which I guess you have and I prefer setting extended cloud timeout to 60 seconds to make sure something unknown gets enough time to be checked by the cloud AI.
Do you use gpedit for that?
 

SeriousHoax

Level 42
Verified
Top poster
Well-known
Mar 16, 2019
3,182
Do you use gpedit for that?
No, I use Configure Defender for this or use this codes.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "50" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ThreatFileHashLogging" /t REG_DWORD /d "1" /f
I have a bat file that contains many Windows related changes that I want to make after installing fresh Windows. It allows me to make all changes at one go without going through the settings menu. The above code is part of that, but as you can see it can be used manually too of course. These are my default MD related changes that is a must for me. If I want to enable other advanced feature, then I always have the easy to use Configure Defender.
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,565
No, I use Configure Defender for this or use this codes.

I have a bat file that contains many Windows related changes that I want to make after installing fresh Windows. It allows me to make all changes at one go without going through the settings menu. The above code is part of that, but as you can see it can be used manually too of course. These are my default MD related changes that is a must for me. If I want to enable other advanced feature, then I always have the easy to use Configure Defender.
So you leave the cloud “level of protection” at default and just raise the timeout?

What do you think is causing you slowdown?
 

SeriousHoax

Level 42
Verified
Top poster
Well-known
Mar 16, 2019
3,182
So you leave the cloud “level of protection” at default and just raise the timeout?

What do you think is causing you slowdown?
Yeah, default at the moment. Might raise it to high a few days later to try to notice the difference in impact. I think setting cloud level to Highest aka High+ causes the most impact. MS's official documents clearly states that this will impact performance and may increase false positives. But have to say even MS at default is not as light as ESET followed closely by Norton and Kaspersky on my system excluding web page loading speed. MD's caching isn't as good (Probably intentionally due to its high cloud reliance).
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,565
Yeah, default at the moment. Might raise it to high a few days later to try to notice the difference in impact. I think setting cloud level to Highest aka High+ causes the most impact. MS's official documents clearly states that this will impact performance and may increase false positives. But have to say even MS at default is not as light as ESET followed closely by Norton and Kaspersky on my system excluding web page loading speed. MD's caching isn't as good (Probably intentionally due to its high cloud reliance).
Interesting, I’ve been considering running at just default and enabling PUA stuff in the GUI. It’s probably plenty for me, and if it improves performance then what the heck. I do have OSA to cover some extras, and it has zero impact, other than false positives.
 

Burrito

Level 24
Verified
Top poster
Well-known
May 16, 2018
1,381
Maybe a better name would be "Default deluxe" or "Default + ASR"

Maybe a better name would be... "The MT Living Legend's Optimized Security Masterpiece."

As a Level 66 MalwareTips Living Legend that we all look up to... we seek your wisdom and guidance.

I don't make a single security move without checking in to see what ole' Oldschool recommends.

So when you are out vacationing the world... some of us are stuck in security decision paralysis.

That is all.