Latest changes
Jun 22, 2020
Daily driver
My primary device
Operating system
Windows 10 Home
OS build or version
2004
System type
64-bit operating system; x64-based processor
Update and Security
Allow all automatic updates
User Access Control
Notify me only when programs try to make changes to my computer
Firewall and Network protection
Microsoft Defender Firewall is active
User permissions
Administrator account
User account
Sign in with Google
Sign-in options
  • No login security
  • Malware exposure
    No malware samples are downloaded
    Real-time Malware protection
    MS Defender w/self-sandbox and PUP det. enabled
    NoVirusThanks OSArmor
    H_C Firewall Hardening Tool by Andy Ful
    Sandboxie 5.33.6 just for funsies
    Modified security settings
    Multiple OSA rules enabled and backed up to file
    System image is password-protected
    Periodic scanners
    HitmanPro subscription--detection and removal
    My Windows ISO on a USB--removal
    MS Defender Quick Scan only
    AdwCleaner (rarely)--detection and removal
    Browser and Extensions
    Edge release: uBlock Origin, Privacy Badger ClearURL
    Vivaldi stable: uBlock Origin, Privacy Badger Sandboxie ClearURL
    Privacy tools and VPN
    AdGuard DNS for speed
    PrivaZer donors' version
    2FA for Steam and utilities
    uBlock Origin, Clear URL and Privacy Badger
    Password manager
    Nope
    Search engine
    DuckDuckGo
    Maintenance tools
    Windows built-in/System Maintenance run weekly
    StartisBack + for decoration
    PrivaZer donors' version
    Jotti for .exe, url and hash analysis
    Photos and Files backup
    Manually to external and enclosed HDD which are then taken offline
    Machine has no internal storage drives
    File Backup schedule
    Once or multiple times per month
    Backup and Restore
    System image on 64 GB NTFS USB via Windows System Backup app
    Image to be replaced as needed
    Backup schedule
    Once or more per year
    Computer Activity
  • Playing computer games
  • Browsing the web and checking emails
  • Regularly installing new software every week
  • Streaming movies, TV shows and music from the Internet
  • Downloading files from different websites
  • Recording and editing video or photos
  • Computer Specifications
    Cpu: Intel i7 6700K 4 GHz @1.165 volts
    Gpu: NVIDIA GTX 1080 Founders Edition
    SSD: Western Digital Black nvm-e 250 GB
    RAM: 16 GB DDR4 @2133 mHz
    Your changelog
    Left the Insiders Fast Ring
    Did not reinstall bootleg GP enabler once 2004 was installed

    plat1098

    Level 19
    Verified
    Ah yes, it's that time again. :giggle:

    Running Insider build 19536.1000 with a "known" issue of a disk-related anomaly. Replaced Macrium as it had problems with prev. Insider builds. Since I need a System image, I used an NTFS-formatted USB and created a System Image using Windows built-in mechanism. It's very slow to compile the image compared to Macrium but whatever. There are Youtube guides to do this--it's not a simple point-and-click procedure but it's not difficult either. I intend to replace this static image by reformatting when major OS changes take place and things are stable.

    If/when Microsoft will just fix this disk bug, I MAY reinstate Macrium. As long as there's a working image that's fairly recent, that's the main thing.

    backup.PNG
     

    oldschool

    Level 52
    Verified
    The reason I asked is because I find it resource intensive. I asked Andy about Windows sandbox and here is one reply:

    "MS admitted that Sandbox is important to prevent exploiting WD. They were very excited about it. So, if it worked flawlessly it would be already implemented by default like for example Tamper Protection. Furthermore, the developer of the application that changes some important WD settings must be cautious, because the application can be easily flagged by MS as a HackTool and quarantined (as ConfigureDefender some time ago). This could a probable scenario if MS would choose to make WD Sandbox a default feature.
    There is no rush for H_C users in the home environment because exploiting WD requires first to bypass H_C restrictions.
    WD Sandbox is most important in enterprises because they usually use vulnerable systems with vulnerable software. After exploiting the vulnerabilities (easy task), the malware can exploit WD, too(y). "

    You may read the rest of the thread here Q&A - Questions: Windows Defender Sandbox and Tamper Protection - Have they now been combined? Will MS include default WD sandboxing?
     

    plat1098

    Level 19
    Verified
    hmmm, interesting. :unsure: Well, your observations of resource-intensiveness probably gyves with the self-sandbox NOT enabled by default. MS makes optimum use of Defender very difficult and obscure. I wish they'd cut that out.

    Haven't noticed anything "off" from when it was enabled before. Reading the link, it seems more of a reason to have H_C (or OSArmor) installed to help deflect any attempts by malware to disable Defender, even for non-Enterprise. For now, it's staying enabled. Most third party have this self-protection enabled themselves, many by default, I think.
     

    Burrito

    Level 23
    This setup seems very well-thought-out to me.

    If I didn't have the various licenses that I do and were building from scratch -- I might have a similar setup.

    "Intel Extreme Tuning Utility." I don't know about this... so I'll check it out.
    For anybody else who does not know about this >> here is a description. I have several computers that this would work for... (y)

    Good Stuff plat1098.

    (y) (y)
     

    plat1098

    Level 19
    Verified
    Thanks, Burrito! It's not all wine and roses, however. I can't get XTU to maintain its voltage profile when waking machine from sleep. So, I've been just shutting off the monitor. If anyone has managed to get XTU or Throttlestop to maintain voltages after waking machine, PLEASE feel free to post your methods! At this point, I found it necessary to create a basic task in Task Scheduler to FORCE XTU to start with Windows. Previously, it would start up maybe 30 % of the time after a restart. (n)

    The benefits still outweigh the annoyances, though. With my -.170 v offset (I can go to -.185 v stably), cpu temp is lowered a full 12-14 deg C with 100% single core use. For laptops, if you follow the procedure correctly, this can make all the difference in the world. I plan to sell this cpu eventually so I'm not overclocking it. But it seems this processor is a silicon lottery winner. (y)
     

    plat1098

    Level 19
    Verified
    Yeah, with claims like that, maybe it's better to upload some proof. First snip is without XTU (uninstalled, 0 v offset). The second is the exact same game but with XTU installed, and around .-170 v offset. This game uses 100% of one cpu core, so it's a decent example of what you can potentially achieve with a stable undervolt. :) In general, one should enjoy an overall reduction of 5 or more deg C with a stable undervolt.

    ror xtu no.PNG

    ror xtu yes.PNG
     

    plat1098

    Level 19
    Verified
    Hello. Installed a new internal drive, a Western Digital black. When I took the older Samsung out of the heatsink, there was distortion of the surface of the drive, so I thought I'd better replace it. The undervolt of -.165 volts is permanent, it's stable and temperatures are nice and cool without XTU on the system. Unfortunately, the undervolt is lost when waking from sleep so the machine's sleep function is disabled.

    Left the Insiders for now because I had to clean-install Windows on the new drive. Windows 1909 runs very, very smoothly and error-free at the moment and the disk optimizing app works. Still looking at the change-logs for the Insider builds--when something comes up that's interesting, I'll rejoin the Fast Ring. (y)

    Here's a performance index of the new Western Digital nvm-e. It runs a bit cooler than the Samsung so it's installed without a heatsink.

    cdm wd.PNG
     

    plat1098

    Level 19
    Verified
    Added Opera browser. Needed a second browser because something wasn't working properly posting-wise and needed a second opinion in a hurry. Tried Firefox first and no webpage would load, only a message saying the connection wasn't secure. Like three websites in a row did this. (n) So I disabled AdGuard but no luck. I don't have the patience to twiddle and fiddle around so picked Opera out of the blue, and bam! Right out of the box working perfectly, AdGuard and all. Not as whisper-fast as Edge but good enough, and better yet: you can customize the home page and use the wallpaper of your choosing, plus eliminate those yucky thumbnail bookmarks, which you can't do on Edge.

    opera cover.PNG
    [/spoilerl]
     

    oldschool

    Level 52
    Verified
    Have you tried Brave? I really like its built-in features, e.g. granular shield control, including JS, straight from the address bar. I don't know if any other browser does it this well, e.g. It's as fast as Edge (guesstimated) but better features except no Smartscreen.
     

    plat1098

    Level 19
    Verified
    Thanks for the suggestion. I'll actually try this, prob. tomorrow. I've heard some positives about it, including from you. I only need two browsers, so Brave or Opera, just one will enjoy the rare and extreme privilege of residing on my machine. :) Stay tuned.
     

    plat1098

    Level 19
    Verified
    Yes, those squares which are the most-visited sites. There's a procedure to disable that, right?-- but those thumbnails are admittedly convenient. It's just not very pretty to look at. What do you call those squares? If not "thumbnail" is there another term for these?

    With Opera, I sacrificed convenience for a clean and pretty homepage. (y)

    Edit: oops, posted at the same time as you, Outpost. Thanks a lot for the quick and easy procedure. (y)
     

    plat1098

    Level 19
    Verified
    Hello.

    Updated to Insiders Build 19569.1000. Have to say: preliminary experience is very positive. So far, it's fast, clean, better than the previous build 19564.1005. Goodbye!

    Windows embedded apps' icons got a makeover. I'll upload a sampling, you can see the calculator, calendar and alarms & clocks are redone. Not a big deal, some look nicer to me than others. But, this is something you can "look forward to" with the upcoming Spring release.

    new icons.png

    Had to X-nay the watermark, as usual, as well as disabling System Restore and redo a host of other undone tweaks and adjustments. But I like this here build. (y)
     

    plat1098

    Level 19
    Verified
    First new bork discovered, actually yesterday, so this is technically thru two Insider builds. Basically, using the parameter "checkhealth" in the dism command results in...nothing. Here's a snip. Searching reveals it's known about and submitted in the Feedback Hub. Some report the tool going to a percentage complete and then ending before 100%. Is this issue present on 1909 or other releases? It's kind of amusing but if one has to use this, I guess use scanhealth parameter instead.



    I run dism and sfc following most new installs, that's how this was uncovered.

    Edit: the image build shone on the cmd window was for 19564.1005, I see. But it was occurring while I had that build as well.
     
    Last edited:

    plat1098

    Level 19
    Verified
    So, Windows 1909 was running beautifully but I wanted to test the revised Sandboxie with Opera on an Insider build. No surprises: Opera runs poorly: opens in 6-7 seconds, sometimes longer, takes longer to open some sites and so on. Without SBIE, it's back to virtually instant performance.

    I'll have to see if SBIE will be revised again to run properly on the upcoming Spring release so this may not be permanent. But once you're used to pretty much instant browser performance, this was simply not acceptable.

    I added about 10 exploit guards to Opera without hampering its performance. At least two guards prevented Opera from launching, these being Arbitrary code guard and Disable Win32k system calls. I added 2 more ASR rules and verified that .jar files could not be opened via AMTSO tools. So, it's basically fortified Defender plus OSArmor and H_C Firewall Hardener. Runs well.
     
    Top