Advanced Security oldschool's surfing laptop configuration

Last updated
Nov 20, 2024
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender - Default | ASR rules | Platform & Engine Beta channel updates
All system-wide Exploit Protections enabled, plus these for Edge & Chrome.
Firewall Hardening
RunBySmartscreen
Windows Spy Blocker
Periodic malware scanners
NPE
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Chrome | Privacy Badger | Brave Search
Edge | Privacy Badger | Brave Search | Surf profile & secure profile
Chrome flags | Edge flags
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
Subscriptions
    • None
System recovery
Aomei Backupper Pro Lifetime - Primary
Wiindows Backup & Restore- Secondary image backup
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 16GB RAM 500GB SSD 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
5.7.24 Performed a repair installation via Windows Update. Nice & easy!
6.10.24 Updated to 24H2 OS build 26100.1882
10.10.24 Rolled back to 23H2 due to bugs & performance
16.10.24 Added Chrome browser. Privacy Badger listed as main extension, but I also keep µBO, JShelter and Local CDN installed, not enabled.
What I'm looking for?

Looking for minimum feedback.

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Just for kicks, I'm on the bus to Finland, trialing F-Secure based on all the comments, tests by @upnorth,@Shadowra and others. Extremely easy install, low memory usage, fast web surfing and good for my 8GB RAM 8th Gen Intel i3 laptop. ;) I especially like how easy they make installation of the web extension. Really good for noobs and non-technical, average users. So for now, F-Secure gets the @oldschool simplicity seal of approval. (y):D
Yep, I'd used F-Secure for a few years and really liked it, then last summer when the license expired I decided to see how things went with using Defender. Late last year I started getting itchy feet/developed uncertainties about relying on MS for security (not based on anything in particular, just a long time lack of complete trust of MS). So I went on that same Scandinavian bus ride and installed F-Secure SAFE on this machine and did a detour to add BitDefender Total Security on another similar one. I like both so far, but F-Secure is winning out because it seems to be a bit lighter, surfing hardly seems to be affected by the AV at all. I agree with you, these Upnorth and Shadowra charecters seem to know what they're talking about, thank you my knowledgeable MT friends.

 
F

ForgottenSeer 97327

Let me guess the result, either it'll be turn off in less than 1 day because some legit apps are not signed. I tried twice, doesn't work for me.
Depends, how you are using your PC. I am running ELAM+MAX+WDAC+SRP since 2019 without a problem (I have probably the most restricted PC-config on MT).

Also when playing with ISG I noticed that an unsigned app was first blocked and within 30 minutes allowed by WDAC-ISG (ISG now shares the cloud whitelist backbone of Smartscreen and SAC). Just give it half a year to mature and collect all legit exotic unsigned apps
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Let me guess the result, it'll be turn off in less than 1 day because some legit apps are not signed.
Still on, less than a day.
Refreshed is new install or using the Windows reset option?
Windows reset.
Be aware: Once SAC you will never go BACK :) it will reduce you MT-experience to changing browsers and extensions only
:LOL: Indeed, I'm aware.
Depends, how you are using your PC. I am running ELAM+MAX+WDAC+SRP since 2019 without a problem (I have probably the most restricted PC-config on MT).

Also when playing with ISG I noticed that an unsigned app was first blocked and within 30 minutes allowed by WDAC-ISG (ISG now shares the cloud whitelist backbone of Smartscreen and SAC). Just give it half a year to mature and collect all legit exotic unsigned apps
I have Cleanmem installed, and it's not signed, but it's from 2012. The way it was designed, it should never need updating, as it only interacts with Windows native memory controller.

So, the verdict is out - for now.
 
Last edited:

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
I encountered something of a known issue with Windows "Standard hardware security not supported" message and later, the Device Security "page not available'.
Windows 11 22H2 build 22621 bug shows "hardware security not supported" on supported PCs
After investigation, I discovered that the system32 SecurityHealth folder was empty. I downloaded the appx package but was unable to fix the issue as I wasn't able to take ownership, change permissions to copy and run the appx package.

Reverted to my prior image, so no SAC for now. I don't feel like doing a clean install. Maybe manana. Maybe not. ;)
 
Last edited:

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Performed my very first clean installation of Windows. 😇 Unfortunately, my Windows 7 Pro license was 'lost' in the process. I had previously used it to upgrade my Lenovo with Windows 10 Home, and then to Windows 11. MS has a policy that W7 licenses can't be used directly in W11, only in W10, so I'd have to install W10 and then upgrade to W11 again - if that's even possible. 🤔Any members know the answer to that?

In any case, I'm now keeping a simple setup, using all built-in features with only a couple of 3rd party programs. No 3rd party UI customization, only W11 features. SAC is now in Evaluation Mode. Everything's running smooth and I didn't brick the machine. :LOL::LOL::D
 
Last edited:

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
I'd have to install W10 and then upgrade to W11 again - if that's even possible. 🤔Any members know the answer to that?
Apparently, it is possible. I could re-install W10 and then upgrade to W11 and have my Windows Pro license active again.

Plus, Lenovo offers its Lenovo Digital Download Recovery Service so users can create a OEM Recovery Key. One feature I lost with the clean install was HDR video playback, so using Lenovo's recovery service I would get all the original features back again, along with the bloatware, e.g. 3 mo. McAfee Live Safe subscription.

The question is: Would any of this be worth the trouble? Any advice from others would help . Suggestions welcome.
 

razorfancy

Level 4
Verified
Well-known
Nov 27, 2016
168
Performed my very first clean installation of Windows. 😇 Unfortunately, my Windows 7 Pro license was 'lost' in the process. I had previously used it to upgrade my Lenovo with Windows 10 Home, and then to Windows 11. MS has a policy that W7 licenses can't be used directly in W11, only in W10, so I'd have to install W10 and then upgrade to W11 again - if that's even possible. 🤔Any members know the answer to that?

In any case, I'm now keeping a simple setup, using all built-in features with only a couple of 3rd party programs. No 3rd party UI customization, only W11 features. SAC is now in Evaluation Mode. Everything's running smooth and I didn't brick the machine. :LOL::LOL::D
You should be able to clean install Windows 11 if you upgraded your Windows 7 to Windows 11 prior to trying to clean install Windows 11
At least that works for my pc that came with Windows 8, when I clean install Windows 11 it will not detect the Windows key during the installation process but it activates Windows 11 when I connect to internet(you may need to reboot your pc once after you connect to internet).
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
You should be able to clean install Windows 11 if you upgraded your Windows 7 to Windows 11 prior to trying to clean install Windows 11
At least that works for my pc that came with Windows 8, when I clean install Windows 11 it will not detect the Windows key during the installation process but it activates Windows 11 when I connect to internet(you may need to reboot your pc once after you connect to internet).
Windows wouldn't accept the license after the clean install. I used my W7 Pro key on a new W10 laptop, and no problem. And no problem after upgrading to W11. The problem was after the clean install.
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Windows wouldn't accept the license after the clean install. I used my W7 Pro key on a new W10 laptop, and no problem. And no problem after upgrading to W11. The problem was after the clean install.
One reason I'm hesitant to do a fresh install. Had similar issue with old laptop and ended up getting a OEM copy of Win 7 just to get the upgrade. Anyway, hope you get it resolved soon
 

razorfancy

Level 4
Verified
Well-known
Nov 27, 2016
168
Windows wouldn't accept the license after the clean install. I used my W7 Pro key on a new W10 laptop, and no problem. And no problem after upgrading to W11. The problem was after the clean install.
My pc came with Windows 8 I upgraded to Windows 10 then to Windows 11 but when I bought my SSD I did a clean install of Windows 11, it didnt detect my Windows key during the installation process so I skip the part where you can insert the Windows key then after Windows 11 finish to install I connected my pc to internet(*1) then my Windows activated automatically(I didnt need to insert my key).

*1 - You may need to reboot your pc once after you connect to internet for Windows be able to activate.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,870
Performed my very first clean installation of Windows. 😇 Unfortunately, my Windows 7 Pro license was 'lost' in the process. I had previously used it to upgrade my Lenovo with Windows 10 Home, and then to Windows 11. MS has a policy that W7 licenses can't be used directly in W11, only in W10, so I'd have to install W10 and then upgrade to W11 again - if that's even possible. 🤔Any members know the answer to that?
Since you have the key, have you tried this?
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
Since you have the key, have you tried this?
No, but it appears not to apply to me. Mine is a Windows 7 key.
I recently have a clean install of windows 11 on my computer. I have one windows 7 home basic and one windows 7 professional product key. I tried activated it with the windows 7 pro key but it didn't work, while retry with the windows 7 home basic key did activate the installation. It was strange when I could use the windows 7 pro product key to activate windows 10 last year without any problems until I replaced the hard drive and clean install windows 11 (see above). I used a third party checker and both keys are valid.

I tried many methods, such as
  • slui 4: tried many workarounds to enter the activate by phone wizard, but it didn't showed anything
  • slgmr.vbs returned with invalid

As far as I know Microsoft does offer activation for windows 11 with windows 7 product keys

The error when entering the windows 7 professional key:
Image

Jaspreet.Singh_050.


Hello DucNguyen_03,
I am Jaspreet Singh an independent advisor.
You cannot directly use windows 7 key on windows 11. You will need to install windows 10 first and then activate it after that windows 11 can be installed as an upgrade onto it.
Redirecting
The only Pro feature I use is Group Policy, and not much else. So, what else am I missing?
 

oldschool

Level 85
Thread author
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
My pc came with Windows 8 I upgraded to Windows 10 then to Windows 11 but when I bought my SSD I did a clean install of Windows 11, it didnt detect my Windows key during the installation process so I skip the part where you can insert the Windows key then after Windows 11 finish to install I connected my pc to internet(*1) then my Windows activated automatically(I didnt need to insert my key).
I believe MS finally closed the door on using W7 keys directly in W11. All the posts are over 1 yr old. It doesn't work for me.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top