SECURITY: Complete Yanick's Security Configuration 2021

Last updated
Jun 16, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
Linux distro
Few VM's i use are ubuntu and CentOs, but need more practice on that front.
OS edition
Pro
Login security
    • Password-less (PIN, Biometric, Face)
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Standard user - Limited permissions
Other users
Other accounts are Admin users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
Third-party router
Real-time protection
Hardware firewall OpnSense & PfSense (not in same house) added adblocking which is why i'm not using adblocker browser addon.
Symantec Endpoint Protection Firewall & IPS max settings (many thanks for Vitali Ortzi for SPEM)
Emsisoft Anti-Malware
SpyShelter Premium for HIPS functionality, disabled keylogger shield and didn't install the driver
Added Applocker
TinyWatcher monitors all changes registry, processes, file deletion creation, startup in windows and automatically shows what has been changed or added since last log in.
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
-TPM active
-Added Windows Hello authentication
-Symantec Endpoint Protection Firewall & IPS max settings
-Applocker,
-Full BitLocker encrypted system partition.
-BIOS: passworded,
-AMD HW Virtualization enabled
-Hyper-V enabled

I use hardware firewall's OpnSense and PfSense, not at same time. In 2 different places.
Malware testing
No malware samples
Periodic security scanners
Malwarebytes Anti-malware, HitmanPro, RogueKiller, Adlice Diag.
Secure DNS
I use my own DNS service from my firewall OpnSense & Pfsense.
VPN
If i need access to firewall i use Ipsec Ikev2 or OpenVpn.
From external providers i use ProtonVPN.
Password manager
KeePass.
Browsers, Search and Addons
Edge, Firefox all have Emsisoft Browser Security. No other addons/extensions.
Browsers and additional applications run restricted in SpyShelter's restricted apps list.
Maintenance and Cleaning
Internal windows 10 maintenance runs automatically about 4 times a week. I think it has been sufficient.
Personal Files & Photos backup
Using Nextcloud client to send all personal files to Local & second Truenas.
Personal backup routine
Automatic (scheduled)
Device recovery & backup
Easeus Todo Backup Free, full backup once a week and daily incremental images to Local Truenas and backups to my relatives house where my second Truenas is.
Device backup routine
Automatic (scheduled)
PC activity
  1. Browsing the web. 
  2. Emails. 
  3. Shopping. 
  4. Downloading software. 
  5. File sharing and torrents. 
  6. Remote assistance. 
  7. PC and cloud gaming. 
  8. Multimedia. 
Personal changelog
16/06/2021 - Added Windows Hello authentication
17/06/2021 - Added TPM
17/06/2021 - Added ReHIPS
17/06/2021 - Removed Chrome
17/06/2021 - Removed HitmanPro.Alert Free
17/06/2021 - Forgot to add hardware firewall's adblocker to list which is why i don't use ublock origin for example.
18/06/2021 - Removed ReHIPS and Added SpyShelter Premium
21/06/2021 - AMD HW Virtualization was active but badly written in the list
29/06/2021 - Removed Hard_Configurator and added Applocker

My security insanity knows no bounds 😅
Feedback Response

Most critical feedback

Staff Notes
  1. This setup may cause performance issues, system instability or conflicts between programs, and can hinder the effectiveness of the installed antivirus products.

Yanick

Level 1
Jun 14, 2021
28
Hey all,

I am looking forward for hearing any negatives and positives in my setup, think it's important to have more varied perspective than just my own. Feel free to melt me =D

Been thinking if it would be worth to add something that restricts programs like SpyShelter has restricted apps, something similar. What do you guys thing?
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,296
Symantec Endpoint Protection Firewall & IPS max settings
Emsisoft Anti-Malware
HitmanPro.Alert Free (Safe Browsing, Exploit Mitigations, webcam & keylogger protection, USB-vaccination).
SRP provided by AndyFul's Hard_Configurator
TinyWatcher monitors all changes registry, processes, file deletion creation, startup in windows and automatically shows what has been changed or added since last log in.
Very complete config, but in real-time I would say it's overkill... so many products running 🤔 probably some of them are not needed...

Thanks for sharing :)
 

Yanick

Level 1
Jun 14, 2021
28
Very complete config, but in real-time I would say it's overkill... so many products running 🤔 probably some of them are not needed...

Thanks for sharing :)
Hehe, i believe you =D
Since 2011 i've been bitten by wildersecurity forum overkill bug =D

Sure, i think it's good way for everyone to show all of us how we configure our pc's and learn something new everytime =)
 

Yanick

Level 1
Jun 14, 2021
28
Top