SECURITY: Basic spguru security config 2021

Last updated
Sep 2, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Default - notify when programs attempt to make changes
Network firewall
Third-party router
Real-time protection
Emsisoft Business Security
Software firewall
Windows Firewall (for Windows 8.1 or older)
Custom RTP, Firewall and OS settings
None
Malware testing
No malware samples
Periodic security scanners
None
Secure DNS
None
VPN
Mulvad
Password manager
Roboform
Browsers, Search and Addons
Microsoft Edge, Google Chrome
Maintenance and Cleaning
None
Personal Files & Photos backup
OneDrive, Google Drive, iCloud, DropBox
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Acronis True Image
Device backup routine
Automatic (scheduled)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Shopping. 
  4. Banking. 
  5. Downloading software. 
  6. PC and cloud gaming. 
  7. Multimedia. 
  8. Streaming. 
  9. App developer. 
Computer specs
Custom Build

OS Name Microsoft Windows 10 Pro
Version 10.0.19043 Build 19043
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name KINESYS-DESKTOP
System Manufacturer Micro-Star International Co., Ltd.
System Model MS-7C75
System Type x64-based PC
System SKU Default string
Processor Intel(R) Core(TM) i9-10900K CPU @ 3.70GHz, 3696 Mhz, 10 Core(s), 20 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 2.50, 11/23/2020
SMBIOS Version 3.2
Embedded Controller Version 255.255
BIOS Mode UEFI
BaseBoard Manufacturer Micro-Star International Co., Ltd.
BaseBoard Product Z490-A PRO (MS-7C75)
BaseBoard Version 1.0
Platform Role Desktop
Secure Boot State Off
PCR7 Configuration Binding Not Possible
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume3
Locale United States
Hardware Abstraction Layer Version = "10.0.19041.1151"
User Name AzureAD\MattYoungstrom
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 64.0 GB
Total Physical Memory 63.9 GB
Available Physical Memory 48.4 GB
Total Virtual Memory 86.9 GB
Available Virtual Memory 68.6 GB
Page File Space 23.0 GB
Page File C:\pagefile.sys
Kernel DMA Protection Off
Virtualization-based security Not enabled
Device Encryption Support Reasons for failed automatic device encryption: TPM is not usable, PCR7 binding is not supported, Hardware Security Test Interface failed and device is not Modern Standby, Un-allowed DMA capable bus/device(s) detected, TPM is not usable
Hyper-V - VM Monitor Mode Extensions Yes
Hyper-V - Second Level Address Translation Extensions Yes
Hyper-V - Virtualization Enabled in Firmware Yes
Hyper-V - Data Execution Protection Yes
Feedback Response

Most critical feedback

SecureKongo

Level 23
Verified
Feb 25, 2017
1,228
8,507
Config for custom build PC.
Basic but nice config. Still there are some things worth considering:

1. Set UAC to "Always notify"
2. Use an encrypted DNS provider like NextDNS or Quad9 which can also block malicious websites, trackers and ads (Many more options out there)
3. Use second opinion scanners than can detect potential threats that your antivirus could have missed. I personally recommend HitmanPro, Norton Power Eraser, AdwCleaner (for adware) and Kaspersky Virus Removal Tool.

Also, are you using any extensions in either Chrome or Edge?
 

spguru

New Member
Mar 13, 2019
4
19
Basic but nice config. Still there are some things worth considering:

1. Set UAC to "Always notify"
2. Use an encrypted DNS provider like NextDNS or Quad9 which can also block malicious websites, trackers and ads (Many more options out there)
3. Use second opinion scanners than can detect potential threats that your antivirus could have missed. I personally recommend HitmanPro, Norton Power Eraser, AdwCleaner (for adware) and Kaspersky Virus Removal Tool.

Also, are you using any extensions in either Chrome or Edge?
Extensions for Edge:
Amazon Assistant
Dark Reader
Emsisoft Browser Security
Enhancer for YouTube
HTTPS Everywhere
Honey
JSON-Handle
Microsoft Editor: Spelling & Grammar Checker
Microsoft Power Automate
Microsoft Shopping Assistant
Office
OneNote Web Clipper
Roboform Password Manager

Extensions for Chrome:
Adobe Acrobat
Application Launcher for Drive
AwardWallet
Boomerang - SOAP & REST Client
Checker Plus for Gmail
Earny
Emsisoft Browser Security
Guru
Honey
Microsoft Power Automate
Roboform Password Manager
Safari Books Download
Scener
 

spguru

New Member
Mar 13, 2019
4
19
Basic but nice config. Still there are some things worth considering:

1. Set UAC to "Always notify"
2. Use an encrypted DNS provider like NextDNS or Quad9 which can also block malicious websites, trackers and ads (Many more options out there)
3. Use second opinion scanners than can detect potential threats that your antivirus could have missed. I personally recommend HitmanPro, Norton Power Eraser, AdwCleaner (for adware) and Kaspersky Virus Removal Tool.

Also, are you using any extensions in either Chrome or Edge
3. Use second opinion scanners than can detect potential threats that your antivirus could have missed. I personally recommend HitmanPro, Norton Power Eraser, AdwCleaner (for adware) and Kaspersky Virus Removal Tool.

Do I need to have all of these and purchase them as well? Are there any concerns with contention with my Emsisoft instance running?
 

SecureKongo

Level 23
Verified
Feb 25, 2017
1,228
8,507
3. Use second opinion scanners than can detect potential threats that your antivirus could have missed. I personally recommend HitmanPro, Norton Power Eraser, AdwCleaner (for adware) and Kaspersky Virus Removal Tool.

Do I need to have all of these and purchase them as well? Are there any concerns with contention with my Emsisoft instance running?
You don't have to use all of them. I personally think that HitmanPro + AdwCleaner would be a nice choice. HitmanPro is a paid product but can be used for free too. The scanning for malware itself is free, just the removal would cost money. If you know what you're doing you can just navigate to the folder where the malware was found and delete it manually in case malware was found on your system. AdwCleaner is a free tool and is great to remove adware and PUA's (potential unwanted applications)

And no, they wouldn't conflict with your antivirus as they are not scanning your system in real-time. You can manually scan your system once a week with those scanners to make sure that it's clean. :)
 
Top