Latest Changes
Oct 19, 2018
Operating System
Windows 10
Windows Edition
Education
Build
1803
System Architecture
64-bit OS
Security Updates
Automatic Updates - All security and feature updates
User Access Control
Always Notify
Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Windows Defender SmartScreen (Windows 10)
User Account
Standard - User has some control over the settings
Recent Security Incidents
No malware or privacy issues
Malware Testing
None - No Malware on host PC or VM
Real-time Web & Malware Protection
HMPA
SRP
Windows Firewall Control
Custom Settings For Real-Time Protection
Custom - Major changes for Better Performance
Virus and Malware Removal Tools
Zemana Portable
HMPA
Browsers and Extensions
Google Chrome
- HTTPS Everywhere
- Bitwarden
- AdGuard
Web Privacy
Windscibe
Password Management
BitWarden
Default Web Search
DuckDuckGo
System Utilities
Privacy Eraser
Data Backup
MEGA, OneDrive + HDD, SSD, USB
Frequency of Data backups
Monthly
System Backup
Macrium Reflect
Frequency of System backups
Occasionally

Thales

Level 4
So I tried to make a minimalist but secure config here

  • Only a few installed apps mostly because there is no portable version or the shell integration is important
  • They don't start automatically. I turned them off!
Performance
  • Uninstalled some windows features (IE, xboxlive, onenote, games, etc.)
  • Black Viper’s Windows 10 Service Configurations
  • Windows Defender is off
  • I disabled the auto start of all unnecessary programs and services
    • The system consumes 1,3 GB RAM after the login.
Security
  • Basic security tweaks (autoplay disabled, smartscreen, UAC max etc.)
  • Security software tweaks: SRP, Windows 10 Shut up
  • Firewall: Inbound and outbound connections that do not match the rule are blocked
  • Only a few programs have Internet access
  • Windows Firewall Control is the only program that allowed to change the Firewall rules
- I prefer redundant backup, so this way the chance to lose my data is extremely small

System Backup
  • I can restore the whole system within 5 minutes with Macrium Reflect
  • The image file is uploaded to the cloud too
Online Backup
  • MEGA (paid): sensitive files are encrypted with 7zip.
  • Non-sensitive files are not encrypted.
  • Mobile and PC sync.
  • OneDrive free
Offline backup
  • 2 different SSD and 1 USB drive
  • Sensitive files are unencrypted but the whole partition/drive/usb is protected by Bitlocker
Passwords
  • Bitwarden online password manager (browser extension)
  • My passwords have 2 backup. Physical and digital. The digital one is protected with cascade encryption and uploaded to the cloud.
  • I do not think the real privacy is achievable , so I don't really care. I am not a criminal and I focus on security instead of paying for placebo services. I protect my whole life from cyber stalkers.
  • VPN because I use sometimes open WIFI and I don't like my ISP.
  • I do not share any info or photos on the social networks anymore. I use a lookalike photo!
 
Last edited:

n0k0m3

Level 1
Either SecureAPlus or REHIPS, you don't need both

Instead of WFC try to config ESET in training mode with safe browsing behavior for 2 weeks then swap back to interactive mode. IMO properly configured ESET is better than Windows Firewall alone

Also you atm you can disable ESET HIPS as well
 

Prorootect

Level 53
Verified
Add some extensions/add-ons:

Privacy Defense (both)
BehindTheOverlay (both)
Redirect Control (FF)
BitBlock (FF)
Restart (FF)
Alert Control (Chrome)
Dark Background and Light Text (FF)
High Contrast (Chrome, tick Increased Contrast...)
... and I use
Disable WebRTC (FF)
Modal Remover (Chrome)
 
Last edited:

MeltdownEnemy

Level 6
Verified
Either SecureAPlus or REHIPS, you don't need both

Instead of WFC try to config ESET in training mode with safe browsing behavior for 2 weeks then swap back to interactive mode. IMO properly configured ESET is better than Windows Firewall alone

Also you atm you can disable ESET HIPS as well
IMO, ATM, TUK, TAK, PIK, PAK, (FF) I.D.O.N.T....K.N.O.W.N...W.H.A.T...Y.O.U..S.A.Y about of your initials. Lol what meaning is that? The websites should to learn to be humble and avoid this.
 
Last edited:

Thales

Level 4
- Removed everything unnecessary to assure my PC stays fast and efficient. No need sanboxie, noscript, ReHips, SecureAplus and similar stuff.
- NoVirusThanks sysHardener is important part of my system. Also only a few programs have access to the Web.
- No need anything else just my AV (Eset) and Voodooshield.

If everything goes wrong (this has very little chance) I can restore my Pc completely within minutes.
 
Last edited:

Thales

Level 4
Removed
- Eset
- SysHardener

NEW
- OsArmor
- FortiClient

Switched to portable Apps to make my Os even lighter. I do not like unnecessary services!

About SUA
Unfortunatelly I can't use SUA because Microsoft messed up the last updates and the start menu or anything else connected to the start menu (notifications, search, wifi clock etc) don't work anymore. My admin account is old but updated, so it works however if I make a new SUA account it won't work properly.
Maybe later I will wipe everything and make a fresh install but right now I don't have patient to do that. :(

Like always any feedback would be appreciated!
 
  • Like
Reactions: harlan4096

Thales

Level 4
still have my ESET license. It also light and efficient and I'm using it on my mobile device for a good reason.
I wanna see how my system responds. For example opening the FortiClient window (console) is very slow compared to the ESET.
Need more test but we will see :)
 
  • Like
Reactions: Moonhorse

Thales

Level 4
Now it's time to test "Amanda" Experimental build I.

Most important changes:
- Only a few programs installed
- Everything else is portable and up to date
- Most useless windows features are uninstalled
- SUA works but still have the start menu problem. Whatever, I know how to handle the system without it. at least for now...

What to do in this build:
- Tweak the system to use less memory and turn off some useless services
- Wait for Microsoft to fix the Start Menu issue :mad:


 
Last edited:
  • Like
Reactions: harlan4096

Moonhorse

Level 25
Content Creator
Verified
Dont you notice any ping issues with forticlient? It filters throught their own proxy and you cant even conf it, decreasin network speed
 

Thales

Level 4
Yes I did. I still don't know if it is really the forticlient or something else.
Sometimes everything is fine but sometimes I can't do anything that requires Internet access.
 

Moonhorse

Level 25
Content Creator
Verified
Yes I did. I still don't know if it is really the forticlient or something else.
Just disable web filtering for while and you see. It really does affect only browser not like in games or anything else, but i just find it annoying even you cant see any delay while browsing web

If you care about web filtering, you should try k9 and disable forticlients own

Or just go with eset + k9
 

Thales

Level 4
Now after a lot of work and test I have a new Experimental build (No2). It works like charm, super FAST and LIGHT and also secure.
I fixed a lot of problems and reverted some changes that didn't work. I still need to fix and improve some major and minor features but the system is ready to use as it is. The codename is "Amanda" and she looks gorgeous. I wish I could show the log-in screen too!
Here is the complete change list.

"Amanda" Experimental build 1
Performance
- Uninstalled some windows features (IE, xboxlive, OneNote, games, etc.)
- Nvidia control panel is tweaked and game ready
- Windows Defender is disabled
- Most of my apps are portable
- The system can be restored completely within 4-5 min

Security
- Basic security tweaks (autoplay disabled, smartscreen, UAC max etc.)
- Installed security software: FortiClient + OSArmor + Voodooshield
- Firewall: Inbound and outbound connections that do not match the rule are blocked
- Only a few programs have Internet access
- On-demand scanner: Hitman pro

Problems to improve and fix (2Dos)
* Untouched, default inbound connections
* SUA is not working properly. The start menu works only with the admin account
* Using the admin account is not safe even if I know what I'm doing
* The system is not lightweight enough
* Portable qBittorrent is very very sloooooooowwwwwww
* High latency problem

"Amanda" Experimental build 2
Performance
- Uninstalled some windows features (IE, xboxlive, onenote, games, etrc.)
- Nvidia control panel is tweaked and game ready
- Most of my apps are portable
- The system can be restored completely within 4-5 min
- Black Viper’s Windows 10 Service Configurations

Security
- Basic security tweaks (autoplay disabled, smartscreen, UAC max etc.)
- Security software: Windows Defender + OSArmor + Voodooshield
- Firewall: Inbound and outbound connections that do not match the rule are blocked
- Only a few programs have Internet access
- Inbound connection is extremely limited (system update only)
- On-demand scanner: Hitman pro + Norton Power Eraser
- Windows Firewall Control (the only program that allowed to change the Firewall rules)
- SRP installed and works properly

SUM Fixes and important changes
- THE SYSTEM NOW IS SUPER LIGHTWEIGHT AND FAST
- FortiClient replaced with the Built-In Windows Defender
- SUA works properly and I use it
- Revo Uninstaller portable (Geek Uninstaller portable deleted)
- Using Black Viper’s Windows 10 Service Configurations
- Another on-Demand scanner: Norton power Eraser portable
- Latency problem fixed
- Installed qBittorrent and deleted the portable version

Problems to improve and fix (2Dos)
* Need to test the portable VPN client to avoid connection drops
* OSArmor GUI doesn't start (This is just the GUI, the tweaks are still work)
* More light system and security tweaks