Advanced Security oldschool's cheapo laptop configuration

Last updated
Feb 4, 2026
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender | Platform & Engine Beta channel updates
Cloud Protection Level - Block
ASR rules
Exploit Protection Settings
Firewall Hardening Tool
Controlled Folder Access - Added Start Menu, Start Menu > Programs, and Quick Launch folders.
RunBySmartscreen

Windows Security - A Github page by a former MT member with links to relevant MS documentation.
Periodic malware scanners
NPE, Sophos Scan & Clean, Eset Online Scanner
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Ungoogled Chromium | Privacy Badger | UBOL* | McAfee Web Advsior | Brave Search | Chrome Web Store
* I use Privacy Badger on all websites and UBOL "On click" via browser's menu access control.
Ungoogled Chromium flags

Firefox | µBO | Brave Search

Edge | µBO | GPC Enabler | Brave Search
Edge flags
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Little black book + brain.exe + GRC's Password Haystacks: How Well Hidden is Your Needle?
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
Subscriptions
    • None
System recovery
Aomei Backupper Pro Lifetime - Primary
Wiindows Backup & Restore- Secondary image backup
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 16GB RAM 500GB SSD 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
26.2.2 Replaced Chrome with Ungoogled Chromium
26.2.2
9.25 Updated to 25H2 via Enablement package.
5.7.24 Performed a repair installation via Windows Update. Nice & easy!
6.10.24 Updated to 24H2 OS build 26100.1882
10.10.24 Rolled back to 23H2 due to bugs & performance
16.10.24 Added Chrome browser with Privacy Badger
5.1.25 Reset PC and enabled Smart App Control
2.4.26 Ungoogled Chromium as default browser
What I'm looking for?

Looking for minimum feedback.

Adding to the above post, here are my LibreWolf filter lists.
1693676427284.png1693676486702.png
 
  • Like
Reactions: Nevi, brambedkar59, silversurfer and 4 others
oldschool said:
Upgraded to Windows Pro via Ghacks deal $39.95 US. Good for 3 devices. It's worth it to simplify dealing with MS bloatware.
Click to expand...
I upgraded to pro last year just so that I can use Gpedit, worth the cheap license key. Tried cmd hack (for using GPedit on home version) earlier but it stopped working for me for some reason.
 
  • Like
Reactions: Nevi, simmerskool, Jonny Quest and 5 others
Replaced Librewolf with Firefox after fixing streaming video issue by adjusting Exploit Protection. The new settings for FF are:
Code: 
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
 
  • Like
  • +Reputation
Reactions: silversurfer, harlan4096, brambedkar59 and 9 others
oldschool said:
Removed SRP as policies don't appear to work properly in 22H2. Nothing was blocked at all. @Andy Ful

Cleaned up some config details. BTW, I really like Mem Reduct. Way better than CleanMem. Works like a charm with my 8GB RAM.
Click to expand...
You are correct it appears Windows 11 22H2 put an end to Software Restriction Policies. Still supported in Windows 10 though. Looks as if they redirect windows 11 users to App Locker instead.
 
  • Like
Reactions: Nevi, simmerskool, silversurfer and 3 others
Last edited:
  • Like
Reactions: Nevi, simmerskool, silversurfer and 4 others
Moonhorse said:
Is SAC worked without problems on your laptop?
Click to expand...
Yes except for one unsigned app I need to execute via RunBySmartscreen, otherwise it's blocked periodically without it. Using RBS this way may be useful to SAC users as SS is integrated with ISG in SAC. You can read here New Update - Smart App Control - Windows 11 22H2 feature promises significant protection from malware But please know that I use very few 3rd party apps. Almost none. This is mainly a surfing laptop. Most folks can't operate like I do.

3rd party apps:

Mindfulness at the computer (not signed)
Mem Reduct (signed from Henry++ GitHub)
Nanzip (MS Store)
iTunes (MS Store)
Aomei Backupper
Epson printer softs

Edit: One thing to remember is that when SAC blocks part of an app it may well still be fully functional for all practical purposes. e.g. some Aomei dll's or even some Windows processes, in much the same way as Controlled Folder Access blocks.
 
Last edited:
  • Like
  • Applause
Reactions: CyberTech, Nevi, Moonhorse and 3 others

You may also like...