SECURITY: Complete Protomartyr's ThinkPad Security Config 2020

Last updated
Dec 3, 2020
About device
Primary device
Operating system
Windows 10
Sign-in identity
Sign-in with Local account
Log-in security
    • Account password
Permissions
Administrator user account
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Malware samples
No - malware is not downloaded
Firewall protection
Microsoft Defender Firewall
Real-time malware protection
Windows Defender
RTP & OS hardening settings
Hard_Configurator (recommended settings)
ConfigureDefender (max)
Firewall Hardening (recommended rules)
Cloudfare DNS (Malware Blocking)
Periodic scanning
[URL='https://secure2.sophos.com/en-us/products/free-tools/hitmanpro.aspx']HitmanPro Free[/URL]
[URL='https://www.malwarebytes.com/premium/']Malwarebytes Premium[/URL] (lifetime license)
Browsers
Chrome:
Edge:
  • Tracking Protection set to 'Balanced'
  • uBlock Origin (default settings)
Optimisation apps
My Files & Photos backup
SyncToy with External HDD
My Files backup schedule
Manual - specific days to the cloud, or local attached storage
Device recovery & settings
Device backup schedule
Manual - backups are made in my own time to local attached storage
Computer specifications
ThinkPad S1 Yoga
Intel Core i5-4200U
Intel HD Graphics
8GB RAM
128 GB SSD (System)
256 GB SSD (Documents & Media)
Device activity usage
  1. Generic web browsing
  2. Financial and sensitive documents
  3. Downloading files from unfamiliar sites
  4. Working from home
  5. Streaming audio and video content from the Internet
Your changelog
Jan 16, 2020 - Disabled 'Encrypt All Sites Eligible' option in HTTPS Everywhere Chrome extension
Jan 16, 2020 - Removed Firefox
Feb 1, 2020 - Added Macrium Reflect Free
Feb 1, 2020 - Added Microsoft Edge (Chromium)
Feb 1, 2020 - Removed Spybot Anti-Beacon
Mar 8, 2020 - Removed Privacy Badger
Apr 2, 2020 - Switched from CleanBrowsing DNS to Cloudfare DNS (Malware Blocking)
May 1, 2020 - Added Bitdefender TrafficLight to Edge
May 1, 2020 - Added uBlock Origin to Edge
May 1, 2020 - Removed Netcraft Extension
May 12, 2020 - Removed Auto-lock computer when idle (registry tweak)
May 13, 2020 - Malwarebytes Premium - Disabled Malware and Ransomware real-time protection modules
May 21, 2020 - Malwarebytes Premium - Disabled Web Protection module
June 2, 2020 - Malwarebytes Premium - All real-time protection modules disabled
Sep 23, 2020 - Removed Bitdefender TrafficLight from Edge
Oct 2, 2020 - Removed Emsisoft Emergency Kit
Dec 3, 2020 - Updated to Windows Version 20H2

Vitali Ortzi

Level 21
Verified
Dec 12, 2016
1,000
Updated:
- Malwarebytes Premium - Disabled Malware and Ransomware real-time protection modules

Testing to see if it impacts system performance. With just Web Protection and Exploit Protection enabled, the system does seem lighter.
My suggestion use Malwarebytes on demand.
Use my SEP config for firewall and host exploit mitigation only(this config is very light because it has no signatures in memory or proactive protection running or installed) .
And if you want Malwarebytes web protection run the extension .
For exploit protection H_C has many options to reduce the attack surface and block payloads.
If you really want extra protection twaek exploit guard and better if you can move to windows store apps.
 
Last edited:

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Updated:
- Malwarebytes Premium - Disabled Web Protection module

I was recently experiencing connection issues when trying to visit sites. It would take 20-30 seconds to resolve hosts no matter what browser I used. The Web Protection module of Malwarebytes Premium was the culprit. Disabled the module and can now browse with no issues.

The only protection module I have enabled now is the Exploit Protection. It's probably not really needed as I have Hard_Configurator. Malwarebytes Premium is now removed from 'Real-time Web & Malware Protection' category to 'Virus and Malware Removal Tools'.
 

blackice

Level 28
Verified
Apr 1, 2019
1,754
Updated:
- Malwarebytes Premium - Disabled Web Protection module

I was recently experiencing connection issues when trying to visit sites. It would take 20-30 seconds to resolve hosts no matter what browser I used. The Web Protection module of Malwarebytes Premium was the culprit. Disabled the module and can now browse with no issues.

The only protection module I have enabled now is the Exploit Protection. It's probably not really needed as I have Hard_Configurator. Malwarebytes Premium is now removed from 'Real-time Web & Malware Protection' category to 'Virus and Malware Removal Tools'.
It seems that just as Malwarebytes was improving 4.0 has caused a lot of performance issue not in 3.0.
 
Last edited:

blackice

Level 28
Verified
Apr 1, 2019
1,754
Updated:
- Malwarebytes Premium - All real-time protection modules disabled

For some reason, Malwarebytes refused to open/launch. Did a reinstall and have decided to just keep all modules turned off.
I had a lot of trouble installing it as a second opinion scanner today. It crashed when I tried disabling real time scanners. I think they broke something.
 
  • Like
Reactions: Protomartyr

Protomartyr

Level 7
Verified
Sep 23, 2019
327
I had a lot of trouble installing it as a second opinion scanner today. It crashed when I tried disabling real time scanners. I think they broke something.
Same here. Their removal tool is really easy to work with though so I'm glad for that.

I also noticed that activating Premium automatically registers itself as the main AV by default without any prompt that it's doing so. I wish they wouldn't do this as default behavior. At least notify the user so they can decide whether or not they want to keep Defender as the primary AV.
 
  • Like
Reactions: blackice

blackice

Level 28
Verified
Apr 1, 2019
1,754
Same here. Their removal tool is really easy to work with though so I'm glad for that.

I also noticed that activating Premium automatically registers itself as the main AV by default without any prompt that it's doing so. I wish they wouldn't do this as default behavior. At least notify the user so they can decide whether or not they want to keep Defender as the primary AV.
Especially when installing the free version without a key.
 
  • Like
Reactions: Protomartyr

JoyousBudweiser

Level 10
Verified
Aug 22, 2013
476
@ Protomartyr Since you are using Chrome/ Chrome based browser in conjunction with cloudflare dns you can enable DOH in its settings for added security.
(To enable DoH in Chrome, start by typing or copy-pasting “chrome://flags/#dns-over-https” into the address bar and press Enter.


Open the drop-down menu to the right of “Secure DNS Lookups” and select “Enabled."
and restart chrome.)
Try the new firefox it is as fast as chrome now.
 

Protomartyr

Level 7
Verified
Sep 23, 2019
327
Removed:
- Emsisoft Emergency Kit

Was doing scans with AV + second opinion scanners before I made my monthly system image backup. For some reason EEK refused to update. Didn't feel like troubleshooting so I removed it. I still have HitmanPro and Malwarebytes so I'm good.

EEK is still a great second opinion scanner that I'd recommend to anyone.
 
Top