Advanced Security oldschool's surfing laptop configuration

Last updated
Mar 27, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Block all unknown executables | ASR rules | Platform & Engine Beta channel updates
Smart App Control
Exploit Protection settings
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
KVRT
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Firefox I µBO | Brave Search I
Brave | Brave Search | My settings
Edge | Privacy Badger | JShelter | Bing
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
Mem Reduct
File and Photo backup
Copy/Paste
Active subscriptions
    • None
System recovery
Wiindows built-in | Aomei Backupper Pro Lifetime
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 8.00 GB RAM 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
What I'm looking for?

Looking for minimum feedback.

oldschool

Level 81
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
I'm using Brave more since they fixed the side panel feature to show bookmarks. Previously it only showed saved reading list. Brave is incredibly fast too.

Using Material Theme Dark [blue-grey] as it's the easiest on my eyes.

Also sticking with the default MS Defender + VoodooShield setup because it's simple and problem-free.
 
Last edited:

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Said goodbye to VoodooShield. Fying solo with M$ Defender.

Also using the just released Alpha 10 version of Mindfulness at the computer. NIce, simple reminder to keep breathing!
Still being mindful at default with MD?

Edit: never mind just saw the change in your config. Looks good and simple.
 
Last edited:

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Said goodbye to VoodooShield. Fying solo with M$ Defender.

Also using the just released Alpha 10 version of Mindfulness at the computer. NIce, simple reminder to keep breathing!
Always a inspiration for a simpler secure config. I still run uBO in a tweaked hard mode no matter which protection setup I'm using though I may revert to the older nooped medium mode for less hassle. Anyway, really considering going back to a simpler MD H_C config.

P.S. Mindful thing looks interesting.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Defender at default is not too bad. My PC runs more smoothly in default settings than configured to high. But PUP protection should be enabled which I guess you have and I prefer setting extended cloud timeout to 60 seconds to make sure something unknown gets enough time to be checked by the cloud AI.
Do you use gpedit for that?
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Do you use gpedit for that?
No, I use Configure Defender for this or use this codes.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpBafsExtendedTimeout" /t REG_DWORD /d "50" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates" /v "UpdateOnStartUp" /t REG_DWORD /d "1" /f
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "ThreatFileHashLogging" /t REG_DWORD /d "1" /f
I have a bat file that contains many Windows related changes that I want to make after installing fresh Windows. It allows me to make all changes at one go without going through the settings menu. The above code is part of that, but as you can see it can be used manually too of course. These are my default MD related changes that is a must for me. If I want to enable other advanced feature, then I always have the easy to use Configure Defender.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
No, I use Configure Defender for this or use this codes.

I have a bat file that contains many Windows related changes that I want to make after installing fresh Windows. It allows me to make all changes at one go without going through the settings menu. The above code is part of that, but as you can see it can be used manually too of course. These are my default MD related changes that is a must for me. If I want to enable other advanced feature, then I always have the easy to use Configure Defender.
So you leave the cloud “level of protection” at default and just raise the timeout?

What do you think is causing you slowdown?
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
So you leave the cloud “level of protection” at default and just raise the timeout?

What do you think is causing you slowdown?
Yeah, default at the moment. Might raise it to high a few days later to try to notice the difference in impact. I think setting cloud level to Highest aka High+ causes the most impact. MS's official documents clearly states that this will impact performance and may increase false positives. But have to say even MS at default is not as light as ESET followed closely by Norton and Kaspersky on my system excluding web page loading speed. MD's caching isn't as good (Probably intentionally due to its high cloud reliance).
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,730
Yeah, default at the moment. Might raise it to high a few days later to try to notice the difference in impact. I think setting cloud level to Highest aka High+ causes the most impact. MS's official documents clearly states that this will impact performance and may increase false positives. But have to say even MS at default is not as light as ESET followed closely by Norton and Kaspersky on my system excluding web page loading speed. MD's caching isn't as good (Probably intentionally due to its high cloud reliance).
Interesting, I’ve been considering running at just default and enabling PUA stuff in the GUI. It’s probably plenty for me, and if it improves performance then what the heck. I do have OSA to cover some extras, and it has zero impact, other than false positives.
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Maybe a better name would be "Default deluxe" or "Default + ASR"

Maybe a better name would be... "The MT Living Legend's Optimized Security Masterpiece."

As a Level 66 MalwareTips Living Legend that we all look up to... we seek your wisdom and guidance.

I don't make a single security move without checking in to see what ole' Oldschool recommends.

So when you are out vacationing the world... some of us are stuck in security decision paralysis.

That is all.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top