SECURITY: Complete Protomartyr's ThinkPad Security Config 2020

Last updated
Dec 3, 2020
About device
Primary device
Operating system
Windows 10
Sign-in identity
Sign-in with Local account
Log-in security
    • Account password
Permissions
Administrator user account
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Malware samples
No - malware is not downloaded
Firewall protection
Microsoft Defender Firewall
Real-time malware protection
Windows Defender
RTP & OS hardening settings
Hard_Configurator (recommended settings)
ConfigureDefender (max)
Firewall Hardening (recommended rules)
Cloudfare DNS (Malware Blocking)
Periodic scanning
[URL='https://secure2.sophos.com/en-us/products/free-tools/hitmanpro.aspx']HitmanPro Free[/URL]
[URL='https://www.malwarebytes.com/premium/']Malwarebytes Premium[/URL] (lifetime license)
Browsers
Chrome:
Edge:
  • Tracking Protection set to 'Balanced'
  • uBlock Origin (default settings)
Optimisation apps
My Files & Photos backup
SyncToy with External HDD
My Files backup schedule
Manual - specific days to the cloud, or local attached storage
Device recovery & settings
Device backup schedule
Manual - backups are made in my own time to local attached storage
Computer specifications
ThinkPad S1 Yoga
Intel Core i5-4200U
Intel HD Graphics
8GB RAM
128 GB SSD (System)
256 GB SSD (Documents & Media)
Device activity usage
  1. Generic web browsing
  2. Financial and sensitive documents
  3. Downloading files from unfamiliar sites
  4. Working from home
  5. Streaming audio and video content from the Internet
Your changelog
Jan 16, 2020 - Disabled 'Encrypt All Sites Eligible' option in HTTPS Everywhere Chrome extension
Jan 16, 2020 - Removed Firefox
Feb 1, 2020 - Added Macrium Reflect Free
Feb 1, 2020 - Added Microsoft Edge (Chromium)
Feb 1, 2020 - Removed Spybot Anti-Beacon
Mar 8, 2020 - Removed Privacy Badger
Apr 2, 2020 - Switched from CleanBrowsing DNS to Cloudfare DNS (Malware Blocking)
May 1, 2020 - Added Bitdefender TrafficLight to Edge
May 1, 2020 - Added uBlock Origin to Edge
May 1, 2020 - Removed Netcraft Extension
May 12, 2020 - Removed Auto-lock computer when idle (registry tweak)
May 13, 2020 - Malwarebytes Premium - Disabled Malware and Ransomware real-time protection modules
May 21, 2020 - Malwarebytes Premium - Disabled Web Protection module
June 2, 2020 - Malwarebytes Premium - All real-time protection modules disabled
Sep 23, 2020 - Removed Bitdefender TrafficLight from Edge
Oct 2, 2020 - Removed Emsisoft Emergency Kit
Dec 3, 2020 - Updated to Windows Version 20H2

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Updated:
- HTTPS Everywhere - Disabled the 'Encrypt All Sites Eligible' option

Removed:
- Firefox

The behavior of 'Encrypt All Sites Eligible' in the HTTPS Everywhere Chrome extension auto blocks an HTTP site with no option to add it as an exception. This contrasts to how it behaves in Firefox where it gives you an option to open the HTTP site temporarily or add it as an exception permanently.

I removed Firefox as I will be switching to Chromium Edge once it comes through Windows Update.
 
Last edited:

Gandalf_The_Grey

Level 42
Verified
Trusted
Content Creator
Apr 24, 2016
3,111
Updated:
- HTTPS Everywhere - Disabled the 'Encrypt All Sites Eligible' option

Removed:
- Firefox

The behavior of 'Encrypt All Sites Eligible' in the HTTPS Everywhere Chrome extension auto blocks an HTTP site with no option to add it as an exception. This contrasts to how it behaves in Firefox where it gives you an option to open the HTTP site temporarily or add it as an exception permanently.

I removed Firefox as I will be switching to Chromium Edge once it comes through Windows Update.
You can download it yourself, no need to wait :cool:
 

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Added:
- Macrium Reflect Free
- Microsoft Edge (Chromium)

Removed:
- Spybot Anti-Beacon

Windows Backup and Restore stopped working when I tried to make my monthly system image backup today. Decided to finally make the switch to Macrium Reflect Free. I've made my rescue media and done my first full image backup. Later this week, I might try to restore from today's image to become more familiar with the restoration process.

Microsoft Edge (Chromium) is my backup browser and I quite like it. I haven't installed any extensions just in case I have trouble viewing websites in Chrome that has all my extensions enabled.

Spybot Anti-Beacon stopped re-immunizing at restarts. Decided to remove it.
 

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Decided to restore from the full image backup I made with Macrium Reflect Free a couple days ago. Everything went smoothly.
How-To Geek has an easy to follow guide which is what I used to become familiar with the backup/restore process.
Some thoughts I had during the process:
  • The interface for Macrium Reflect took a bit getting used to.
  • My computer has two SSDs (one reserved for the system; the other for documents and media). Both Windows Backup and Restore and Macrium Reflect save the full image backup containing both drives as a single file. However, when restoring from the image in Macrium Reflect you are only able to restore one drive at a time. Windows Backup and Restore is able to restore both drives in one go. It's not a problem. Just something that I thought was odd. Macrium Reflect's ability to differentiate drives in a full image backup and giving you the option of restoring individual drives does add more flexibility since with Windows Backup and Restore it's either all or nothing.
  • The backup and restore process took about the same time as it did when I was using Windows Backup and Restore. Keep in mind that I only do full image backups. It's a lot faster when doing differential/incremental backups.
  • Macrium Reflect allows you to add a Macrium Reflect System Recovery menu option to the boot menu. By doing this you can restore an image without the need of rescue media. See 'Adding a Boot Menu option for system Image recovery' for more info.
Overall I'm liking Macrium Reflect and I am glad I finally made the switch.
 

koloveli

Level 2
Sep 13, 2012
90
In browsers: https everywhere, noscript;
in Secure PC: Comodo internet security and keyscrambler (keyscrambler windows 10 insider problem in updates);
Browser: firefox, icedragon, chrome, comodo dragon and vivaldi;
backup: I don't take it so seriously :p
Do not share your passwords:unsure:

Sorry, I think we shouldn't take life so seriously
 

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Cleaned up the original post and added links to the programs I use.

Added the following programs to System Utilities but will not add them to the changelog. I had these programs on my computer but forgot to add them in initially.
  • NetSpeedMonitor - runs silently in the systray detailing your current download and upload speeds. I use it to monitor fluctuations in my network.
  • WifiInfoView - scans the wireless networks in your area and displays extensive information about them. Helpful to find hidden networks. Used it to gain access to the IP cameras that were installed by the previous owners of the house I moved in to.
  • Wireless Network Watcher - small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.
 

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Removed:
- Auto-lock computer when idle (registry tweak)

Protomartyr said:
I'm usually pretty good at making sure I lock my laptop when I leave to do something but I've been forgetting lately. Decided to set my computer to auto-lock after being idle for 10 minutes. You can do this on Windows 10 Pro edition but not on the Home edition since there's no access to the Local Security Policy feature. To get around this, I just had to add a new DWORD value named InactivityTimeoutSecs and set it to 600 seconds. Got the job done! (y)

Sadly it seems this isn't working anymore. No idea why.
 

CyberTech

Level 32
Verified
Nov 10, 2017
2,120
actually thats story of my life when i leave home i was like ''did i lock the PC ? um should i go back to home? ughh* lol i know i always lock the PC by Win+L when i left PC im sure its always lock, when i leave but me worry that i forget to lock it what if someone check my PC haha you just posted that remind me of the auto-lock thanks (y)
 
Top