Advanced Security oldschool's cheapo laptop configuration

Last updated
Feb 4, 2026
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
Windows Pro
On-device encryption
N/A
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
On
Network firewall
Enabled
About WiFi router
Provided by ISP
Real-time security
Windows Security
Firewall security
Microsoft Defender Firewall
About custom security
MS Defender | Platform & Engine Beta channel updates
Cloud Protection Level - Block
ASR rules
Exploit Protection Settings
Firewall Hardening Tool
Controlled Folder Access - Added Start Menu, Start Menu > Programs, and Quick Launch folders.
RunBySmartscreen

Windows Security - A Github page by a former MT member with links to relevant MS documentation.
Periodic malware scanners
NPE, Sophos Scan & Clean, Eset Online Scanner
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Ungoogled Chromium | Privacy Badger | UBOL* | McAfee Web Advsior | Brave Search | Chrome Web Store
* I use Privacy Badger on all websites and UBOL "On click" via browser's menu access control.
Ungoogled Chromium flags

Firefox | µBO | Brave Search

Edge | µBO | GPC Enabler | Brave Search
Edge flags
Secure DNS
Quad9 DNS
Desktop VPN
None
Password manager
Little black book + brain.exe + GRC's Password Haystacks: How Well Hidden is Your Needle?
Maintenance tools
Windows built-in
File and Photo backup
Copy/Paste
Subscriptions
    • None
System recovery
Aomei Backupper Pro Lifetime - Primary
Wiindows Backup & Restore- Secondary image backup
Risk factors
    • Browsing to popular websites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Lenovo L340 Intel(R) Core(TM) i3-8145U CPU @ 2.10GHz 2.30 GHz 16GB RAM 500GB SSD 1TB HDD
Notable changes
22-12-5 Reverted to MS Defender.
23-1-21 Refreshed Windows with SAC in evaluation mode.
23-2-2 Clean Windows installation
23-2-18 SAC user-enabled on
27-2-23 Added Chrome for the lack of 'feature' bloat.
28-2-23 Changed default browser to Chrome
24.2.24 Refreshed Windows and re-enabled Smart App Control
26.2.2 Replaced Chrome with Ungoogled Chromium
26.2.2
9.25 Updated to 25H2 via Enablement package.
5.7.24 Performed a repair installation via Windows Update. Nice & easy!
6.10.24 Updated to 24H2 OS build 26100.1882
10.10.24 Rolled back to 23H2 due to bugs & performance
16.10.24 Added Chrome browser with Privacy Badger
5.1.25 Reset PC and enabled Smart App Control
2.4.26 Ungoogled Chromium as default browser
What I'm looking for?

Looking for minimum feedback.

oldschool said:
Taking Kaspersky Free for a test drive.
Click to expand...
Don't forget to disable Kaspersky news, it keeps popping from time to time if you don't.
1709861120197.png
forum.kaspersky.com

How do I disable the News notifications in Kaspersky Free?

A green envelope appears in my Windows 7 system tray and it won't go away until I've clicked on it and read the news. The news items are things unrelated to my Kaspersky Free installation so I have no interest in it. The support article below tells me how to disable the news but it's referring to...
forum.kaspersky.com forum.kaspersky.com
 
  • Like
  • +Reputation
Reactions: Nevi, Moonhorse, harlan4096 and 3 others
brambedkar59 said:
Don't forget to disable Kaspersky news, it keeps popping from time to time if you don't.
Click to expand...
I don't need to, the reason being that I tried to disable web scanning and the UI froze and locked my machine. One of the shortest test drives ever. What was I thinking? o_O :rolleyes: Bye bye Kaspersky, hello MS Defender.
 
  • HaHa
  • Like
  • Wow
Reactions: Pat MacKnife, Nevi, Moonhorse and 4 others
oldschool said:
Switched to Bing in Edge after hearing @mlnevese 's report of improved search results.
Click to expand...
Biggest issue with bing is you search for something; you scroll down and click a link and guess what. When you go back at search you are not at the spot you clicked but at the top of the page. People even made scripts for it, but MS is still sleeping on a fix. I bet they say it's a feature and not a bug.
 
  • Like
Reactions: Nevi, brambedkar59, cryogent and 2 others
oldschool said:
Installed the Moment 5 feature update without issue.

Edited security configuration for accuracy.
Click to expand...
When I recall right (at least I thought I have read that, so apologize when wrong) you used to set software restriction policies and defender settings through Group Policy. In your current setup it is not mentioned, so either I am wrong or you have not mentioned that anymore?
 
  • Like
Reactions: Nevi and oldschool
LennyFox said:
When I recall right (at least I thought I have read that, so apologize when wrong) you used to set software restriction policies and defender settings through Group Policy. In your current setup it is not mentioned, so either I am wrong or you have not mentioned that anymore?
Click to expand...
Yes, I use GPO to configure MS Defender. I had SRP configured but it didn't seem to work, i.e. I didn't have to whitelist anything, so I'm not using it.

Edited configuration details to include above info plus Cloudfare Malware DNS and Brave Search in Edge.
 
  • Like
Reactions: Nevi and ForgottenSeer
oldschool said:
Yes, I use GPO to configure MS Defender. I had SRP configured but it didn't seem to work, i.e. I didn't have to whitelist anything, so I'm not using it.

Edited configuration details to include above info plus Cloudfare Malware DNS and Brave Search in Edge.
Click to expand...
Windows 11 no longer supports SRP.
 
LennyFox said:
There is a setting you can change to enable it again. Found it here on MT. I am running SRP on Windows 11

@oldschool better ask Andy Ful when you want to know what setting to change
Click to expand...
Interesting because last I knew MS was no longer developing SRP in group policy but instead using applocker or WDAC.
 
  • Like
Reactions: ErzCrz
LennyFox said:
I think I found it: Software Restriction Policies (SAFER) still possible under Windows 11 22H2 …

View attachment 282665
Click to expand...

There is this of course, right from the horses mouth. Although I have read that not only is it depreciated but gutted as well.

The Kanthak correction to restore SRP functionality on Windows 11 ver. 22H2, works only when Smart App Control is OFF. If it is in Evaluate or ON mode, then the invalid registry values are automatically restored after restarting Windows.
To restore SRP on all SAC modes, one should not delete registry values but simply set the "RuleCount" value to 0:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]
"RuleCount"=dword:00000000

Windows restart is required.

Regards:
@Andy Ful (developer of Hard_Configurator)
Click to expand...
 
  • Like
Reactions: Nevi, Trident, Andy Ful and 2 others
  • Like
Reactions: Andy Ful
oldschool said:
@Andy Ful

Windows Security is broken with my SRP setup. I whitelisted as below without success.

Where to add path * wildcards you mention below?
Click to expand...
I am not sure what you want to whitelist and if you want to use H_C for something?
In H_C the below path is whitelisted:
\\?\C:\WINDOWS\system32
 
Last edited:
  • Like
Reactions: oldschool

You may also like...