SECURITY: Complete Threadripper's Computer Security Configuration 2019

Last updated
Sep 25, 2019
Windows Edition
Home
Login security
    • Password (Aa-Zz, 0-9, Symbols)
    • Hardware security key
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Real-time protection
Windows Security (including Virtualization Security/Core Isolation) & ConfigureDefender
Malwarebytes Anti-Malware Premium
SysHardener
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
Windscribe Pro ROBERT is like a server-side Pi-Hole blocking tens of millions of crap domains (malware, phishing, ads, cryptominers, etc.)
Malware testing
No malware samples
Periodic security scanners
HitmanPro
Emsisoft Emergency Kit
Browsers, Search and Addons
Hardened Firefox w/ Bitwarden, Windscribe, Malwarebytes Browser Guard, Dark Reader & HTTPS Everywhere.
Maintenance and Cleaning
Bleachbit, VeraCrypt & PatchMyPC scheduled to run daily.
Personal Files & Photos backup
Limited personal data on PC, recovery codes and such encrypted w/ VeraCrypt and copied to a HDD as a precaution
iCloud used on multiple devices for photos, etc.
Personal backup routine
Automatic (scheduled)
Device recovery & backup
None
Device backup routine
None
PC activity
  1. PC and cloud gaming. 
  2. Banking. 
  3. Browsing the web. 
  4. Streaming. 
Computer specs
HP OMEN PC
Ryzen 5 2600 (6 cores, 12 threads @ 4.2GHz)
NVIDIA GeForce GTX 1050 2GB
8GB DDR4
128GB Samsung M.2 (OS + Software)
1TB Toshiba HDD (Games, Large Files, etc.)

LDogg

Level 33
Verified
May 4, 2018
2,196
All 4 layers are covered:
  • Realtime etc: Eset
  • Firewall: Eset
  • Web browser: via Pihole, HTTPS Everywhere
  • Backup: Aomei

My advice:
  • Consider adding Scriptsafe to your web browser
  • As long as you know which settings to use when both Syshardener and H-C are active you should be fine
  • I'd out down the exact version of ESET in the Real Time section

Thanks for sharing your config.

~LDogg
 

Raiden

Level 19
Verified
Content Creator
May 7, 2018
915
Is H_C compatible with SysHardener? :giggle:

It's a bit of a yes/no. I run both of them, but the vast majority of settings within Syshardener are disabled (since H_C covers them already) except the firewall rules and a few that @Andy Ful suggested I keep on. I did ask him this exact question, so he walked me through it, but I think going forward H_C will have some of those features, so at some point Syshardener will not be needed at all, but @Andy Ful can clarify this better than I can.(y)
 
Last edited:

bribon77

Level 34
Verified
Jul 6, 2017
2,386
It's a bit of a yes/no. I run both of them, but the vast majority of settings within Syshardener are disabled (since H_C covers them already) except the firewall rules and a few that @Andy Ful suggested I keep on. I did ask him this exact question, so he walked me through it, but I think going forward H_C will have some of those features moving forward I believe, so at some point Syshardener will not be needed at all, but @Andy Ful can clarify this better than I can.(y)
Thank you @Raiden. I've been thinking about that combo for a few days, that's why I asked.:giggle:
 

Threadripper

Level 9
Feb 24, 2019
414
Regarding SysHardener and Hard_Configurator I make sure to run the latter last, as it detects the current settings. SysHardener does most with some really tight settings and H_C tidies up some loose ends, both amazing pieces of software.

All 4 layers are covered:
  • Realtime etc: Eset
  • Firewall: Eset
  • Web browser: via Pihole, HTTPS Everywhere
  • Backup: Aomei
My advice:
  • Consider adding Scriptsafe to your web browser
  • As long as you know which settings to use when both Syshardener and H-C are active you should be fine
  • I'd out down the exact version of ESET in the Real Time section
Thanks for sharing your config.

~LDogg

Thanks for your recommendations but I tend to avoid NoScript/ScriptSafe/similar because you spend half your time making websites work and half your time doing what you actually set out to do. If anything happens in my browser, no history is ever stored and first party cookies last until I close the window.
 

Threadripper

Level 9
Feb 24, 2019
414
Hi @Threadripper , you can add ZAM Free to your configuration for Virus and Malware Removal tools, the new Beta version is full of new powerful features to defeat threats.

Thanks for sharing.
Thanks for your recommendation, my on-demand scanners are all portable and I don't feel like installing the beta version of a program which has no portable version. Should a portable version be released I may reconsider this.
 
  • Like
Reactions: bribon77

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,300
I think ZAM 3 beta still is not stable and finished enough to use in a standard system, also lacks of many customize settings (specific folders) to scan, and I have been performing tests with it and ignores the scanning for malware in many risky system folders, so I don't recommend it for now...
 

JM Safe

Level 38
Verified
Apr 12, 2015
2,870

JM Safe

Level 38
Verified
Apr 12, 2015
2,870
I think ZAM 3 beta still is not stable and finished enough to use in a standard system, also lacks of many customize settings (specific folders) to scan, and I have been performing tests with it and ignores the scanning for malware in many risky system folders, so I don't recommend it for now...
Hey harlan (and all users),

ZAM 3.0 Beta right now can detect running processes and processes which have potential to run, not files that sit on the disk, like on desktop or appdata. ZAM 3.0 Beta can detect processes, drivers, startup directories, registry autostart, browser hijackers that could spoil browser searching etc.

Guys, if you want to test ZAM 3.0 Beta (obviously in a secure and isolated VM with VPN and all security measures to prevent infections on your real machine) you can for example download some fresh EXE malware samples or for example malware that create registry autostart locations and then you can start with Smart Scan and test it. Thank you guys! :)
 

Threadripper

Level 9
Feb 24, 2019
414
Removed VoodooShield: Slowed down the opening of task manager and I have a bit of a love and hate relationship with it.

Added Blackbird: Hands down the best Windows debloater, everything is fast.

Switched from GeForce Experience to TinyNVIDIAUpdateChecker: Experience's graphic setting recommendations were insanely high or low and never ran well, I also avoid a large chunk of telemetry this way.
 
  • Like
Reactions: harlan4096

Threadripper

Level 9
Feb 24, 2019
414
Do you have a link to this Blackbird program?

~LDogg
Blackbird

Make sure you create a restore point if not a full backup, it's rather aggressive. You can also backup settings in the program itself and it can revert everything it changed back to what it was before if you have issues. I'd also recommend letting it "scan" so you can see options and things it will disable, just to be on the safe side.
 

Threadripper

Level 9
Feb 24, 2019
414
Added VoodooShield Pro back, that slowdown occurs when you add a VoodooShield password and try to open task manager or the other apps it protects with that password and it displays the prompt before/after UAC. Haven't added a password this time, Aggressive AutoPilot working well.
 

LDogg

Level 33
Verified
May 4, 2018
2,196
Added VoodooShield Pro back, that slowdown occurs when you add a VoodooShield password and try to open task manager or the other apps it protects with that password and it displays the prompt before/after UAC. Haven't added a password this time, Aggressive AutoPilot working well.
Great addition for your computer! It's very light on the system as well!

~LDogg
 
  • Like
Reactions: Threadripper
Top