SECURE Ctrlz's Security Config

Discussion in 'PC Security Configuration' started by ctrlz, Mar 20, 2017.

  1. ctrlz

    ctrlz Level 2

    Mar 20, 2017
    54
    126
    italy
    #1 ctrlz, Mar 20, 2017
    Last edited: Mar 21, 2017
    Most recent changes:
    21/03/2017
    Operating System:
    • Windows 10
    OS Edition:
    Pro
    OS Architecture:
    64-bit
    User Access Control:
    Always Notfiy
    Firewall:
    3rd Party Firewall
    OS Security Updates:
    Automatic Updates
    OS File Reputation:
    • SmartScreen for Windows 10
    Type of User Account:
    Local Account
    Recent Malware Attacks:
    No
    Testing AV's with Malware Samples:
    Inside a Virtual Machine
    Real-time Malware Protection:
    CIS
    On-demand Scanners:
    Emsisoft Emergency Kit
    Security Product Settings:
    Custom
    Browsers and Extensions:
    Chrome, HTTPS Everywhere
    Preferred Search Engine:
    DuckDuckGo
    Password Manager:
    LastPass
    Content Blocker (Ads, Scripts, Trackers):
    uBlock, Avira Browser Safety
    Frequently used System Utilities:
    Ccleaner
    Frequency of Data Backups:
    Custom Backups
    Data Backup Software:
    AOMEI backupper
    Frequency of System Image Backups:
    Manual / On-demand Backups
    System Image Backup Software:
    AOMEI backupper
    Hi,
    I'm looking for a safe, quick, free and easy-to-mantain security configuration.
    Actually I'm using CIS, it seems a good balance between easy-to-use and all-in-one product, even if I find it very different from what I remember (version 5 or so).
    Whitelisting and sandboxing make hips, imho the main suite power, almost useless:
    • if an app is trusted, can do almost everything -> no alert
    • if an app is untrusted, it is sandboxed -> no alert
    Open to any suggestion or alternative configuration
     
  2. Exterminator

    Exterminator Super Moderator
    Staff Member

    Oct 23, 2012
    12,111
    44,849
    USA
    Windows 10
    Kaspersky
    I would consider some type of system/data backup solution.
    Both Macrium Reflect & AOMEI backupper offer good free solutions.
    Consider an additional on demand scanner(s).
    You might consider enabling Smartscreen.
    Other than the lack of a backup solution your config looks good.
    Thanks for sharing it with us :)
     
  3. Arequire

    Arequire Level 17

    Feb 10, 2017
    805
    2,448
    United Kingdom
    Windows 7
    Default-Deny
    A few improvements I feel can be made:
    • Set UAC to Always Notify.
    • Turn on Smartscreen.
    • Consider ditching CIS and using Comodo Firewall instead. It can be used on its own if it's configured properly or with a supplementary third-party AV. Whether you decide to switch or not, I strongly suggest using these settings that come highly recommended by our resident Comodo expert, @cruelsister.
    • Add a secondary on-demand scanner. Zemana Antimalware is my preferred one.
    • Add HTTPS Everywhere and Avira Browser Safety to Chrome.
    • You haven't listed a backup solution, so if you're in need of one I personally use AOMEI Backupper for both data and image backups. Others will recommend Macrium Reflect for image backups.
    Besides the points listed your config looks solid. Thanks for sharing. :)
     
  4. Rengar

    Rengar Level 11

    Jan 6, 2017
    526
    3,027
    Greece
    Windows 8.1
    Isolation
    Set User Access Control to max, HTTPS Everywhere for browser and a good backup utility( look @Exterminator), you can also add Zemana Antimalware to on demand scanners.
     
  5. ctrlz

    ctrlz Level 2

    Mar 20, 2017
    54
    126
    italy
    #5 ctrlz, Mar 21, 2017
    Last edited: Mar 21, 2017
    Hi, thanks for the replies.
    • I use Rollback Rx free for daily OS and data snapshots, anyway my main data are also synched with dropbox/gdrive so I don't feel the need of a new backup system. Anyway I'll read about suggested products (never used)
    • I used Comodo Fw alone long time ago, but now I'm using CIS because i feel that an Av (even if not the best) can be useful. Currently using an aggressive custom configuration, based from the proactive one. BTW I'll give a try to the suggested config guide
    • I'm going to apply other suggestions :)
    Thanks
    Ctrlz

    Edit:
    I've seen the configuration video, I never noticed that CIS does not virtualize some directories in proactive mode, so I immediately changed that checkbox. Thanks :cool:
    For other settings, I usually prefer to see alerts instead of autoblock and/or restrict: Comodo whitelist isn't so large, and that auto-restriction level of unrecognized files will cause more problems than benefits (what application would be able to work properly?)
     
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    16,608
    26,234
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Enable Smartcreen. There is no valid reason not to use it.
     
    Sunshine-boy and Rengar like this.
  7. ctrlz

    ctrlz Level 2

    Mar 20, 2017
    54
    126
    italy
    • Enabled SmartScreen
    • Set UAC to max level
    • Installed Zemana antimalware
    • Added Avira Browser Safety and HTTPS Everywhere extensions
     
    frogboy, ZeroDay and Rengar like this.
  8. JM Security

    JM Security Level 27
    Trusted

    Apr 12, 2015
    1,638
    13,144
    CEO @ SecureMyBit
    Unknown
    If you added HTTPS Everywhere, please update the thread fields (under "Browser and Extensions").

    You are protected.

    Thanks for sharing.
     
    Rengar, Sunshine-boy, frogboy and 2 others like this.
  9. ctrlz

    ctrlz Level 2

    Mar 20, 2017
    54
    126
    italy
    I had problems with Rollback RX.
    After a startup defrag my system was unbootable (I have an SSD), so I installed ubuntu to reinstall windows, and now I have a dual boot system. I like the way Rollback works, with just a few seconds you can take full-system images and restore them, when it doesn't break everything.

    Are there free alternatives to Rollback rx? With the same easy and strengths points.
    Thanks
     
    Rengar and TerrakionSmash like this.
  10. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,115
    62,396
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
    I would like to suggest a backup solution such as Macrium Reflect or Aomei Backupper both have good free and reliable version. ;)
     
  11. maanastr

    maanastr Level 3

    Mar 1, 2013
    134
    229
    India
    More addition to this: Try CCleaner or Privazer to clean junk files. Emsisoft emergency kit is great option you can use as on demand scanner. If you want to use paid av then I can say Eset or Kaspersky are good option over CIS. Overall config is good
     
  12. ctrlz

    ctrlz Level 2

    Mar 20, 2017
    54
    126
    italy
    #12 ctrlz, Apr 8, 2017
    Last edited: Apr 8, 2017
    Removed ubuntu, removed grub fixing the windows bootloader.
    Moved windows partition left to use the unallocated space (that wasn't contiguous on the right), then re-fixed the bootloader.
    After 3 hours, finally installed AOMEI backupper :D

    Edit: also replaced Zemana with Emsisoft Emergency Kit, it feels good and it is portable
     
    maanastr likes this.
  13. maanastr

    maanastr Level 3

    Mar 1, 2013
    134
    229
    India
    #13 maanastr, Apr 8, 2017
    Last edited: Apr 8, 2017
    No need to replace Zemena as both not interfer with each other. Even you can add Malwarebyet too in your on demand scanner list
    Also regularly clean your pc with Ccleaner. Do dfreagmentation once in a month by windows default defragment tool or you can use third party software like Auslogics Disk Defrag (personally I am using this and found fast n secure ) or Defraggler or Puran Defrag..
     
    ctrlz likes this.
  14. ctrlz

    ctrlz Level 2

    Mar 20, 2017
    54
    126
    italy
    I'm evaluating a switch from CIS to CFW + AV.
    What AV do you recommend? I tried Avira but it slows down the pc :(
     
  15. inuyasha

    inuyasha Level 4

    Apr 9, 2017
    165
    649
    Canada
    Windows 10
    Microsoft
    Windows Defender :)
     
    Rengar and shmu26 like this.
  16. brod56

    brod56 Level 10

    Feb 13, 2017
    496
    1,377
    Studant
    Portugal
    Windows 10
    Default-Deny
    Windows Defender+Comodo Firewall (cruelsister's settings) is all you will ever need.
     
    Rengar likes this.
  17. _CyberGhosT_

    _CyberGhosT_ Level 50
    Trusted

    Aug 2, 2015
    3,989
    26,169
    Retired
    Central US
    Linux Mint
    Default-Deny
    + 1 :p
    And welcome to the best damn site on the planet :)
     
    Rengar, shmu26 and frogboy like this.
  18. shmu26

    shmu26 Level 47

    Jul 3, 2015
    3,601
    10,845
    East Mediterranean
    Windows 10
    #18 shmu26, Apr 30, 2017
    Last edited: Apr 30, 2017
    Qihoo 360 is a popular AV for use with CFW, because it gives you strong BB, and Avira and/or Bitdefender engines. I don't use it, but others do.

    Right now, I am trying out CFW + Voodooshield + Windows Defender. So far, so good.

    I must admit that I have spent plenty of time complaining about both CFW and VS. I guess I have a love-hate relationship with these softs.
     
    Rengar, Sunshine-boy, ctrlz and 3 others like this.
  19. maanastr

    maanastr Level 3

    Mar 1, 2013
    134
    229
    India
    If you want to use non chinese free, then Pand free will be a option for you. Otherwise Qihoo 360 is good ( only the thing awefull in qihoo is FP. So you need to take care about it).
     
    Rengar and ctrlz like this.
  20. Arequire

    Arequire Level 17

    Feb 10, 2017
    805
    2,448
    United Kingdom
    Windows 7
    Default-Deny
    #20 Arequire, Apr 30, 2017
    Last edited: Apr 30, 2017
    Any free AV will do honestly. Adaware, Avast, AVG, Avira, Bitdefender, Fortinet, Microsoft, Panda, Sophos, Qihoo. Each has different features and I'd suggest giving them all a try and see which you prefer using. The AV is only there to catch any known threats and lessen the work of Comodo's sandbox; it won't add much to the overall protection anyway so the choice is entirely up to you.
     
    frogboy and ctrlz like this.
Loading...
Similar Threads Forum Date
Attackers Start Scans for SSH Keys After Report on Lack of SSH Security Controls Security News Today at 8:11 AM
Update Comodo Internet Security v10.0.2.6350 - BETA2 Comodo Today at 5:32 AM
Update Comodo Internet Security v10.0.2.6350 - BETA2 Comodo Today at 5:29 AM