Basic Security Pr0ph3cy's Security Configuration 2021

Last updated
May 20, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
Linux distro
n/a
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
    • Hardware security key
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Other users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
ESET Endpoint Security for Windows w/ ESET Dynamic Threat Defense (Cloud sandbox analysis) enabled
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
· Data Execution Prevention (DEP) enforced to "AlwaysOn"
· Random Arrangement for Images (Mandatory ASLR) enabled
· Core Isolation (HVCI) enabled

Built-in policies for ESET Endpoint Security:
· Antivirus - Maximum security (Taking advantage of machine learning, deep behavioral inspection and SSL filtering. Detection of potentially unsafe, unwanted and suspicious applications are affected.)
· Cloud-based reputation and feedback system (Enables ESET LiveGrid cloud-based reputation as well as feedback system to improve detection of latest threats and help sharing malicious or unknown potential threats for further analysis.)
· Enable ESET Dynamic Threat Defense, Submitting files for analysis in ESET Dynamic Threat Defense.
Malware testing
Periodic security scanners
Norton Power Eraser, Microsoft Defender
Secure DNS
ISP-issued
VPN
AS9833 - BLINKLOAD
Password manager
1Password
Browsers, Search and Addons
Microsoft Edge based on Chromium w/ 1Password, AdGuard, Internet Download Manager
Maintenance and Cleaning
Process Explorer, Autoruns
Personal Files & Photos backup
OneDrive
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Windows system restore point
Device backup routine
Manual (maintained by self)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Shopping. 
  4. Banking. 
  5. Downloading software. 
  6. PC and cloud gaming. 
  7. Streaming. 
  8. Malware samples. 
Computer specs
OMEN by HP 873-078rcn Desktop PC
Edoras motherboard
Intel Core i7-9700F
Memory 16 GB
NVIDIA GeForce RTX 2070 SUPER (8 GB)
256 GB PCIe NVMe TLC M.2 Solid State
Personal changelog
21 May, First Release
23 May, Adjust OS settings and PC maintenance (Thanks Thiagoo, SecurityNightmares)
Feedback Response

General feedback

Thiagoo

Level 3
May 10, 2021
94
Here's some changes that i would do:
- Add some maintenance tools like CCleaner (get the portable version so you don't need to get the annoying popups), Process Explorer and Autoruns by Sysinternals is also always good to have
- uBlock Origin instead of Adguard
- Add a backup software because Windows backup is not 100% good as programs like Macrium Reflect and AOMEI Backupper (i would choose Macrium)

And i have a question, why a endpoint solution when it's your personal PC (i think) and you don't share it with anyone?

Quick edit: I'm not recommending stuff like CCleaner anymore.
 
Last edited:
F

ForgottenSeer 85179

Here's some changes that i would do:
- Add some maintenance tools like CCleaner (get the portable version so you don't need to get the annoying popups)
Such tools aren't needed nowadays, will break the system and even Microsoft recommend not using these.
Process Explorer and Autoruns by Sysinternals is also always good to have
(y)
- uBlock Origin instead of Adguard
Doesn't matter. Adguard have also a better gui and stronger backend
- Add a backup software because Windows backup is not 100% good as programs like Macrium Reflect and AOMEI Backupper (i would choose Macrium)
To be fair: I use only windows internal one and doesn't see and problems yet.
 

Thiagoo

Level 3
May 10, 2021
94
Such tools aren't needed nowadays, will break the system and even Microsoft recommend not using these.

(y)

Doesn't matter. Adguard have also a better gui and stronger backend

To be fair: I use only windows internal one and doesn't see and problems yet.
CCleaner won't necessarily break the system, i just find it better because it can clean some stuff that WIndows Disk Cleanup can't clear (like the browser cache, and it's easier)
Just don't go full crazy by installing every kind of maintenance software and crapware (like registry optimizers, a lot of people was saying CCleaner was on a kind of "blacklist", but this is only because CCleaner has a registry cleaner option, and that's useless, you don't need to use it + the risk of messing things up) and you're good.

Anyways, you can use Disk Cleanup if you don't want to install any third party software.

About Adguard and uBO, this is just my personal preference, i just choose uBO over Adguard because it's simple to use and not heavy

I've seen a lot of people complaining about Windows native backup and it's reliability, so i just use Macrium Reflect which is much better in my opinion.
 
F

ForgottenSeer 85179

like the browser cache
Every browser support that natively and in an automatic way.
Don't make stuff more complicated.

For non-pro / home user, Windows internal disk cleanup / storage sense is more then enough and they're don't care anyway.
Pro user know how to do that manually if necessary.
I also wonder why cleaning disk is a topic anyway nowadays. In my opinion it doesn't make sense cleaning some KB or MB of temporary files. Just uninstall programs which aren't used and done.
 

Thiagoo

Level 3
May 10, 2021
94
Every browser support that natively and in an automatic way.
Don't make stuff more complicated.

For non-pro / home user, Windows internal disk cleanup / storage sense is more then enough and they're don't care anyway.
Pro user know how to do that manually if necessary.
I also wonder why cleaning disk is a topic anyway nowadays. In my opinion it doesn't make sense cleaning some KB or MB of temporary files. Just uninstall programs which aren't used and done.
I'm not making stuff complicated - it's just a question of doing things easier, especially if you work with multiple browsers, and the average user will probably opt to use something that makes it simple instead of going on every browser to clean it, hence that's why i recommend CCleaner.

And it's important to clean up your PC after some time, because Windows and apps can generate a lot of logs, caches, Windows Update files and other stuff that if it's not maintained can get up to a lot of wasted storage (surprisingly some temporary folders can get up to GBs). Just a note that you don't need to be paranoid about cleaning your PC everytime, it really takes some time to start accumulating "junk"

Anyways, i guess i'll stop replying here because i don't want to spam, and i don't know if this is the right place for this discussion (y)
 
Last edited:

Archentrope

Level 1
Thread author
Oct 10, 2020
20
Here's some changes that i would do:
- Add some maintenance tools like CCleaner (get the portable version so you don't need to get the annoying popups), Process Explorer and Autoruns by Sysinternals is also always good to have
- uBlock Origin instead of Adguard
- Add a backup software because Windows backup is not 100% good as programs like Macrium Reflect and AOMEI Backupper (i would choose Macrium)

And i have a question, why a endpoint solution when it's your personal PC (i think) and you don't share it with anyone?
Hi, Thank you for your advice. Because I want to manage computers of my family members (including me) in one place. With ESET endpoint solution, I can distribute security policies through cloud, which is a great relief for me. Moreover, cloud sandbox (EDTD) is very helpful for me to do some malware analysis.