SECURITY: Complete Serious Hoax's Security Configuration 2020

Last updated
Dec 19, 2020
About
Personal, primary device
Desktop OS
Windows 10
Login security
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Security updates
Default - allow security updates
Windows UAC
Maximum - always notify
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
1. ConfigureDefender with Protection Level set to High + some additional changes including Cloud Protection Level set to "Block", Cloud Check Timeout to "60s", "Block process creations originating from PSExec and WMI commands" set to "On".

2. Hard_Configurator with "Windows_10_MT_Windows_Security_hardening" profile + few custom changes.

3. Firewall Hardening with all LOLBins blocked.
Malware testing
Periodic security scanners
Emsisoft Emergency Kit
Norton Power Eraser
Browsers, Search and Addons
Browser:
Firefox (Primary)
Microsoft Edge (Rarely)

uBlock Origin Hard mode with custom changes
ClearURLs
Cookie AutoDelete
Bitwarden - Free Password Manager
Checker Plus for Gmail
Enhancer for YouTube
Minimal Scrollbar (Edge only)
TrafficLight (Occasional)
Maintenance and Cleaning
Ccleaner portable
Personal Files & Photos backup
Mega.nz
Google Drive
Google Photos
Personal backup routine
Device recovery & backup
Macrium Reflect Free
Device backup routine
PC activity
  1. Browsing the web. 
  2. Working from home. 
  3. PC and cloud gaming. 
  4. Streaming. 
  5. Malware samples. 
Computer specs
Motherboard: Gigabyte B450M S2H ULTRA Durable
CPU: AMD Ryzen 5 3400G with RX Vega 11 Graphics
Ram: Team Dark Z 2x8 GB = 16 GB DDR4 3200MHz Gaming Ram
Storage: Transcend 110S 512GB M.2 2280 NVMe SSD, 500 GB Hitachi HDD
Personal changelog
11.10.2020: Replaced motherboard "ASRock B450M-HDV R4.0" with "Gigabyte B450M S2H ULTRA Durable"
21.10.20: Upgraded to Windows 10 20H2
23.10.20: Replaced Microsoft Defender and related tools Configure_Defender, Firewall Hardening with ESET Internet Security 14.0.21.0
24.10.20: Replaced ESET IS with Microsoft Defender
27.10.20: Replaced Microsoft Defender with Kaspersky Free
30.10.20: Back to Microsoft Defender, Added Adguard Home for DNS over QUIC
01.11.20: Disabled Adguard Home
19.12.20: Freshly installed Windows 10 Enterprise 20H2

plat1098

Level 25
Verified
Sep 13, 2018
1,417
I kept losing space on my C drive, not sure why.

Same also. Why, where does it go? It's not even due to a cumulative update, though yesterday for Insiders build 19042.610, Disk Cleanup claimed 4.27 GB of space could be recovered but ultimately only got back 3 GB. Still out the same amt total as you: 4GB and TreeSize doesn't yield a clue this time.

:"System Reserved" which is usually around 7 GB was deleted long ago.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
Same also. Why, where does it go? It's not even due to a cumulative update, though yesterday for Insiders build 19042.610, Disk Cleanup claimed 4.27 GB of space could be recovered but ultimately only got back 3 GB. Still out the same amt total as you: 4GB and TreeSize doesn't yield a clue this time.

:"System Reserved" which is usually around 7 GB was deleted long ago.
What's going on! I disabled system reserved on mine as Windows keeps this space so that the system don't run out of space while updating but I always have more than 25 gb free on drive C so I don't need it.
Same here on disk cleanup. It cleans less than it actually shows it's capable of. This is probably true on every system. But where's the rest is going! Who's eating that! :cautious:
 
F

ForgottenSeer 85179

What's going on! I disabled system reserved on mine as Windows keeps this space so that the system don't run out of space while updating but I always have more than 25 gb free on drive C so I don't need it.
Same here on disk cleanup. It cleans less than it actually shows it's capable of. This is probably true on every system. But where's the rest is going! Who's eating that! :cautious:
Funny how nowadays people care about such things. Did that really matter?
In my opinion it isn't until the system run stable.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
Funny how nowadays people care about such things. Did that really matter?
In my opinion it isn't until the system run stable.
It matters because, even though I have enough space on drive C, some other users may not. I have system reserved storage disabled but if that was enabled I would have a red mark on C drive now in File explorer which is not something I would like to see daily. There must be some explanation what Windows is doing with that space so it's worth investigating.
 

plat1098

Level 25
Verified
Sep 13, 2018
1,417
Funny how nowadays people care about such things. Did that really matter?

Well....I look at it this way: if you had five dollars in your pocket and then went to take the money out and you discovered you only had four dollars and fifty cents, wouldn't you seriously wonder about that? :D

It's not that one can't spare those GBs of space, it's more like: hey wait, where are my GBs, Microsoft? Give them back, you didn't have my permission!
 
F

ForgottenSeer 85179

Well....I look at it this way: if you had five dollars in your pocket and then went to take the money out and you discovered you only had four dollars and fifty cents, wouldn't you seriously wonder about that? :D

It's not that one can't spare those GBs of space, it's more like: hey wait, where are my GBs, Microsoft? Give them back, you didn't have my permission!
How much GB space use your Windows ?
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
You can be the sleuth, it’s not like M$ has a clue where that space is going. I have had this issue before. For some inexplicable reason space evaporates.
First of all thanks for teaching me a new word. I didn't know the meaning of sleuth. Turns out there's even a 1972 movie with the name with 96% rating on rotten tomatoes starring My Cocaine oops! I mean Michael Caine.
I haven't managed to find what's causing this yet. Maybe it's dark matter. We can only feel its present but can't detect 👀
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
Final update of 2020.
Freshly installed Windows and installed Windows 10 Enterprise this time and Set "Allow Telemetry" to "0 - Security" from Group Policy which only works in Windows 10 Enterprise edition.
Local Group Policy Editor > Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Allow Telemetry.
1.PNG
Because of it I haven't use any third party tools to minimize telemetry this time and used the built-in Privacy Settings to modify some things. Uninstalled most of the pre-installed crapware from disk using O&O AppBuster and HiBit Uninstaller.
 

geminis3

Level 18
Verified
Sep 10, 2015
859
Final update of 2020.
Freshly installed Windows and installed Windows 10 Enterprise this time and Set "Allow Telemetry" to "0 - Security" from Group Policy which only works in Windows 10 Enterprise edition.
Local Group Policy Editor > Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > Allow Telemetry.
View attachment 251469
Because of it I haven't use any third party tools to minimize telemetry this time and used the built-in Privacy Settings to modify some things. Uninstalled most of the pre-installed crapware from disk using O&O AppBuster and HiBit Uninstaller.
Nice config but consider using a standard user account because max UAC as administrator it's not enough to prevent the most sophisticated bypasses.
 

SeriousHoax

Level 37
Verified
Mar 16, 2019
2,655
Nice config but consider using a standard user account because max UAC as administrator it's not enough to prevent the most sophisticated bypasses.
You're right. But I'm used to using Administrator Account so not switching to standard. Besides, I'm knowledgeable enough to keep myself away from getting infected and as you can see other hardened solutions are already applied to the system. So, I feel safe with this config.
 
Top