SECURITY: Complete Serious Hoax's Security Configuration 2020

Last updated
Dec 19, 2020
About
Personal, primary device
Desktop OS
Windows 10
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
1. ConfigureDefender with Protection Level set to High + some additional changes including Cloud Protection Level set to "Block", Cloud Check Timeout to "60s", "Block process creations originating from PSExec and WMI commands" set to "On".

2. Hard_Configurator with "Windows_10_MT_Windows_Security_hardening" profile + few custom changes.

3. Firewall Hardening with all LOLBins blocked.
Malware testing
Periodic security scanners
Emsisoft Emergency Kit
Norton Power Eraser
Browsers, Search and Addons
Browser:
Firefox (Primary)
Microsoft Edge (Rarely)

uBlock Origin Hard mode with custom changes
ClearURLs
Cookie AutoDelete
Bitwarden - Free Password Manager
Checker Plus for Gmail
Enhancer for YouTube
Minimal Scrollbar (Edge only)
TrafficLight (Occasional)
Maintenance and Cleaning
Ccleaner portable
Personal Files & Photos backup
Mega.nz
Google Drive
Google Photos
Personal backup routine
Device recovery & backup
Macrium Reflect Free
Device backup routine
PC activity
  1. Browsing the web. 
  2. Working from home. 
  3. PC and cloud gaming. 
  4. Streaming. 
  5. Malware samples. 
Computer specs
Motherboard: Gigabyte B450M S2H ULTRA Durable
CPU: AMD Ryzen 5 3400G with RX Vega 11 Graphics
Ram: Team Dark Z 2x8 GB = 16 GB DDR4 3200MHz Gaming Ram
Storage: Transcend 110S 512GB M.2 2280 NVMe SSD, 500 GB Hitachi HDD
Personal changelog
11.10.2020: Replaced motherboard "ASRock B450M-HDV R4.0" with "Gigabyte B450M S2H ULTRA Durable"
21.10.20: Upgraded to Windows 10 20H2
23.10.20: Replaced Microsoft Defender and related tools Configure_Defender, Firewall Hardening with ESET Internet Security 14.0.21.0
24.10.20: Replaced ESET IS with Microsoft Defender
27.10.20: Replaced Microsoft Defender with Kaspersky Free
30.10.20: Back to Microsoft Defender, Added Adguard Home for DNS over QUIC
01.11.20: Disabled Adguard Home
19.12.20: Freshly installed Windows 10 Enterprise 20H2

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,770
as far as i know, you can use AV1 to SD
you can toggle that on youtube options (granted you are signed in)

Choosing to stream AV1 in SD will use AV1 up to 480p, and VP9 for higher formats.

I have that enabled on my son's acc and works fine.
chrome_ou3NhxkZGG.png
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
I'm such a bad boy. I was nice and happy and my PC was pretty much snappy with Microsoft Defender but then ESET released the new version 14 and my soft spot for ESET kicks in again so here I am after replacing MD/WD with ESET Internet Security 14.0.21.0 😶
 
Last edited:

Soulbound

Moderator
Verified
Staff member
Jan 14, 2015
1,770
I'm such a bad boy. I was nice and happy and my PC was pretty much snappy with Microsoft Defender but then ESET released the new version 14 and my soft spot for ESET kicks in again so here I am after replacing MD/WD with ESET Internet Security 14.0.21.0 😶
running ESET on 2 of my systems, so far seems fine, not much has been noticed compared to previous build.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
running ESET on 2 of my systems, so far seems fine, not much has been noticed compared to previous build.
Yes, no noticeable change really, it's all under the hood. Besides, ESET is one of those AV which doesn't wait a year for new features to be implemented. They do so when it's ready so this version upgrade every year is kind of the traditional way of announcing a new version like most AV used to do.
 

blackice

Level 33
Verified
Apr 1, 2019
2,198
East or West, Windows Internal Security is the best 😁
Back to Microsoft Defender after having problems with ESET 😒
View attachment 247867View attachment 247868
Thanks to @amirr for pointing this out to me. Otherwise I wouldn't have noticed this.
Interesting, I run WD on my main desktop. On my laptop that's mostly for playing around I still have ESET. I'm not seeing this issue, but I would recommend WD over all to most everyone. Too many hooks and issues even with well behaved AVs.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
Windows Defender just works. No muss, no fuss. Other than the Network Inspection bug awhile back.
You're right. It just works and the AV with least problems/bugs I think. Since switching SSD it's performance has improved greatly also. Though still three apps on my device opens slower the first time after turning on the PC (Bandizip, Everything, Telegram). I put this three exe into exclusion and it solved it.
Interesting, I run WD on my main desktop. On my laptop that's mostly for playing around I still have ESET. I'm not seeing this issue, but I would recommend WD over all to most everyone. Too many hooks and issues even with well behaved AVs.
Hmm not everyone is having the CPU usage bug but WMI crash is there for everybody if you choose to scan the newly implemented WMI scanner. This is not good from ESET because this issue is more than 4 moths old. Anyway, everything is alright with Defender.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
You can use Unigram from Windows Store which is a unofficial Telegram port, build as AppContainer
Few months ago there were news about an unofficial telegram app leaked user data or something like that. So, I'm not willing to leave the official app.
 
  • Like
Reactions: Cortex
F

ForgottenSeer 85179

Few months ago there were news about an unofficial telegram app leaked user data or something like that. So, I'm not willing to leave the official app.
Did you have the news?
I don't read anything like that about Unigram.

Unigram is also much safer then official client which even try to install itself into %AppData% by default!
 
  • Like
Reactions: KonradPL and Cortex

ErzCrz

Level 9
Verified
Aug 19, 2019
448
I'm such a bad boy. I was nice and happy and my PC was pretty much snappy with Microsoft Defender but then ESET released the new version 14 and my soft spot for ESET kicks in again so here I am after replacing MD/WD with ESET Internet Security 14.0.21.0 😶
We all have our favourites. I still have weakness for Comodo, eagerly awaiting next release.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
Ok so one circumstance made me change the AV from Microsoft Defender to Kaspersky Free at the moment.
Though I'm not a happy clicker, I often need to visit some not so trustable free live streaming sites to watch English Premier League and Champions League football (The real football of course ;)) matches. Those sites most of the time tries to load some third party malicious/adware related scripts which usually don't get detected by any uBlock Origin/Adguard filters. I found two of those scripts somehow ended up on my disk while using Microsoft Defender. The script itself didn't cause any harm on my system but the fact that it ended up on disk really bothered me. This is not the first time it happened, it also happened couple of times few months ago. This is the latest one that I found on the disk:

VirusTotal

As you can see, this is not detected by many engines. Bitdefender, Kaspersky and McAfee have signatures for it.
Kaspersky have HTTPS scanning by default and when enabled it's directly blocking those scripts from loading in the browser in the first place so not possible for that to drop any script or malicious files on the system. ESET completely blocks access to these sites which is problematic for me but Kaspersky is much more flexible as it only blocks the third party script from loading. My view on HTTPS scanning is still kind of 50/50 but this is the kind of benefit you get from HTTPS scanning. Very useful from time to time.
Kaspersky log:
1.PNG2.PNG
Submitted the script to Microsoft. No verdict yet:
z.PNG
 
Top