SECURE Ctrlz's Security Config

Discussion in 'Security Configuration Wizard' started by ctrlz, Mar 20, 2017 at 4:51 PM.

  1. ctrlz

    ctrlz Level 1

    Joined:
    Monday
    Messages:
    6
    Likes Received:
    21
    Most recent changes:
    21/03/2017
    Operating System:
    • Windows 10
    OS Edition:
    Pro
    OS Architecture:
    64-bit
    User Access Control:
    Always Notfiy
    Firewall:
    3rd Party Firewall
    OS Security Updates:
    Automatic Updates
    OS File Reputation:
    • Smartscreen for Windows 10
    Type of User Account:
    Local Account
    Recent Malware Attacks:
    No
    Testing AV's with Malware Samples:
    Inside a Virtual Machine
    Real-time Malware Protection:
    CIS
    On-demand Scanners:
    MalwareBytes, Zemana Antimalware
    Security Product Settings:
    Custom
    Browsers and Extensions:
    Chrome
    Preferred Search Engine:
    DuckDuckGo
    Password Manager:
    LastPass
    Content Blocker (Ads, Scripts, Trackers):
    uBlock, Avira Browser Safety
    Frequently used System Utilities:
    Ccleaner
    Frequency of Data Backups:
    Daily Backups
    Data Backup Software:
    Rollback RX
    Frequency of System Image Backups:
    Automatic / Scheduled Backups
    System Image Backup Software:
    Rollback RX
    Hi,
    I'm looking for a safe, quick, free and easy-to-mantain security configuration.
    Actually I'm using CIS, it seems a good balance between easy-to-use and all-in-one product, even if I find it very different from what I remember (version 5 or so).
    Whitelisting and sandboxing make hips, imho the main suite power, almost useless:
    • if an app is trusted, can do almost everything -> no alert
    • if an app is untrusted, it is sandboxed -> no alert
    Open to any suggestion or alternative configuration
     
    #1 ctrlz, Mar 20, 2017 at 4:51 PM
    Last edited: Mar 21, 2017 at 10:57 AM
    ZeroDay, LanDude and Daniel Hidalgo like this.
  2. Exterminator

    Exterminator Super Moderator
    Staff Member

    Joined:
    Oct 23, 2012
    Messages:
    11,402
    Likes Received:
    37,997
    OS:
    Windows 10
    AV:
    Kaspersky
    I would consider some type of system/data backup solution.
    Both Macrium Reflect & AOMEI backupper offer good free solutions.
    Consider an additional on demand scanner(s).
    You might consider enabling Smartscreen.
    Other than the lack of a backup solution your config looks good.
    Thanks for sharing it with us :)
     
    Umbra, LanDude and Daniel Hidalgo like this.
  3. Arequire

    Arequire Level 5

    Joined:
    Feb 10, 2017
    Messages:
    221
    Likes Received:
    541
    OS:
    Windows 7
    AV:
    Avast
    A few improvements I feel can be made:
    • Set UAC to Always Notify.
    • Turn on Smartscreen.
    • Consider ditching CIS and using Comodo Firewall instead. It can be used on its own if it's configured properly or with a supplementary third-party AV. Whether you decide to switch or not, I strongly suggest using these settings that come highly recommended by our resident Comodo expert, @cruelsister.
    • Add a secondary on-demand scanner. Zemana Antimalware is my preferred one.
    • Add HTTPS Everywhere and Avira Browser Safety to Chrome.
    • You haven't listed a backup solution, so if you're in need of one I personally use AOMEI Backupper for both data and image backups. Others will recommend Macrium Reflect for image backups.
    Besides the points listed your config looks solid. Thanks for sharing. :)
     
    LanDude likes this.
  4. LanDude

    LanDude Level 5

    Joined:
    Jan 6, 2017
    Messages:
    247
    Likes Received:
    696
    OS:
    Windows 8
    AV:
    Default-Deny
    Set User Access Control to max, HTTPS Everywhere for browser and a good backup utility( look @Exterminator), you can also add Zemana Antimalware to on demand scanners.
     
  5. ctrlz

    ctrlz Level 1

    Joined:
    Monday
    Messages:
    6
    Likes Received:
    21
    Hi, thanks for the replies.
    • I use Rollback Rx free for daily OS and data snapshots, anyway my main data are also synched with dropbox/gdrive so I don't feel the need of a new backup system. Anyway I'll read about suggested products (never used)
    • I used Comodo Fw alone long time ago, but now I'm using CIS because i feel that an Av (even if not the best) can be useful. Currently using an aggressive custom configuration, based from the proactive one. BTW I'll give a try to the suggested config guide
    • I'm going to apply other suggestions :)
    Thanks
    Ctrlz

    Edit:
    I've seen the configuration video, I never noticed that CIS does not virtualize some directories in proactive mode, so I immediately changed that checkbox. Thanks :cool:
    For other settings, I usually prefer to see alerts instead of autoblock and/or restrict: Comodo whitelist isn't so large, and that auto-restriction level of unrecognized files will cause more problems than benefits (what application would be able to work properly?)
     
    #5 ctrlz, Mar 21, 2017 at 1:50 AM
    Last edited: Mar 21, 2017 at 7:55 AM
    LanDude likes this.
  6. Umbra

    Umbra Moderator
    Staff Member

    Joined:
    May 16, 2011
    Messages:
    14,924
    Likes Received:
    18,196
    OS:
    Windows 10
    AV:
    Default-Deny
    Enable Smartcreen. There is no valid reason not to use it.
     
    LanDude likes this.
  7. ctrlz

    ctrlz Level 1

    Joined:
    Monday
    Messages:
    6
    Likes Received:
    21
    • Enabled SmartScreen
    • Set UAC to max level
    • Installed Zemana antimalware
    • Added Avira Browser Safety and HTTPS Everywhere extensions
     
    ZeroDay and LanDude like this.
Loading...
Other threads that you may like Forum Date
Update Emsisoft Anti-Malware & Emsisoft Internet Security 2017.3.0.7318 Emsisoft Yesterday at 10:13 PM
RISKY nsm0220 updated Security Configuration for 2017 Security Configuration Wizard Yesterday at 3:13 PM
Avast Online Security trouble Avast Yesterday at 10:16 AM