- Aug 19, 2019
- 1,210
My configuration for 2021.
I had been tempted to revert to Comodo Internet Security or some of the other free combinations out there. However, after a fair bit of testing and playing around with various options, the best compatible option while still providing very good protection is a system hardened Windows 10 using Hard_Configurator is still what works best for me. There are a lot of options out there that protect people well and this configuration may change depending on my level of paranoia.
Comodo's containment is fantastic but I can't seem to settle on the right configuration for me and I find I'm constantly fiddling with it when I am using it.
Anyway, my browser and uBlock Origin tweaks are below:
Chromium Edge tweaked exploitation protection:
P.S. I'd run this machine with a limited user account but a bit to much hassle with my home setup.
I had been tempted to revert to Comodo Internet Security or some of the other free combinations out there. However, after a fair bit of testing and playing around with various options, the best compatible option while still providing very good protection is a system hardened Windows 10 using Hard_Configurator is still what works best for me. There are a lot of options out there that protect people well and this configuration may change depending on my level of paranoia.
Comodo's containment is fantastic but I can't seem to settle on the right configuration for me and I find I'm constantly fiddling with it when I am using it.
Anyway, my browser and uBlock Origin tweaks are below:
Chromium Edge tweaked exploitation protection:
Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON
uBlock Medium Mode tweaks:
Dynamic rules:
no-large-media: behind-the-scene false
* * 3p-frame block
* * 3p-script block
* com * noop
* gov * noop
* io * noop
* net * noop
* org * noop
* uk * noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop
My filters:
! -----------security
! Block ping (for sending beacons and hyperlink auditing)
||*$ping
! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media
!
! Block downloading executable content from insecure HTTP websites
http://*.exe^$empty
http://*.msi^$empty
http://*.bat^$empty
http://*.dll^$empty
http://*.hta^$empty
http://*.jar^$empty
http://*.msu^$empty
http://*.pif^$empty
http://*.ps1^$empty
http://*.ps2^$empty
http://*.reg^$empty
http://*.scr^$empty
http://*.sys^$empty
http://*.vbe^$empty
http://*.vbs^$empty
http://*.tmp^$empty
!
! Block all on much abused generic TLD's. The TLD is between ||* and ^$, e.g. ||*.BID^$
!
||*.bid^$all
||*.buzz^$all
||*.club^$all
||*.country^$all
||*.date^$all
||*.download^$all
||*.gdn^$all
||*.host^$all
||*.icu^$all
||*.jetz^$all
||*.kim^$all
||*.loan^$all
||*.men^$all
||*.mobi^$all
||*.mom^$all
||*.party^$all
||*.pics^$all
||*.racing^$all
||*.ren^$all
||*.rest^$all
||*.review^$all
||*.ryukyu^$all
||*.science^$all
||*.sex^$all
||*.shop^$all
||*.site^$all
||*.stream^$all
||*.top^$all
||*.trade^$all
||*.vip^$all
||*.wang^$all
||*.win^$all
||*.work^$all
||*.xin^$all
||*.xxx^$all
||*.xyz^$all
@@||email.ionos.co.uk*^$all,domain=ionos.co.uk
!
! Block all on much abused country code TLD's. The TLD is between ||* and ^$, e.g. ||*.AM^$
!
||*.am^$all
||*.cc^$all
||*.cf^$all
||*.cn^$all
||*.fm^$all
||*.ga^$all
||*.gg^$all
||*.ki^$all
||*.kp^$all
||*.la^$all
||*.ml^$all
||*.pw^$all
||*.ru^$all
||*.tk^$all
||*.ua^$all
||*.ug^$all
||*.vn^$all
@@discord.gg^$all,domain=discord.com
!
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON
uBlock Medium Mode tweaks:
Dynamic rules:
no-large-media: behind-the-scene false
* * 3p-frame block
* * 3p-script block
* com * noop
* gov * noop
* io * noop
* net * noop
* org * noop
* uk * noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop
My filters:
! -----------security
! Block ping (for sending beacons and hyperlink auditing)
||*$ping
! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media
!
! Block downloading executable content from insecure HTTP websites
http://*.exe^$empty
http://*.msi^$empty
http://*.bat^$empty
http://*.dll^$empty
http://*.hta^$empty
http://*.jar^$empty
http://*.msu^$empty
http://*.pif^$empty
http://*.ps1^$empty
http://*.ps2^$empty
http://*.reg^$empty
http://*.scr^$empty
http://*.sys^$empty
http://*.vbe^$empty
http://*.vbs^$empty
http://*.tmp^$empty
!
! Block all on much abused generic TLD's. The TLD is between ||* and ^$, e.g. ||*.BID^$
!
||*.bid^$all
||*.buzz^$all
||*.club^$all
||*.country^$all
||*.date^$all
||*.download^$all
||*.gdn^$all
||*.host^$all
||*.icu^$all
||*.jetz^$all
||*.kim^$all
||*.loan^$all
||*.men^$all
||*.mobi^$all
||*.mom^$all
||*.party^$all
||*.pics^$all
||*.racing^$all
||*.ren^$all
||*.rest^$all
||*.review^$all
||*.ryukyu^$all
||*.science^$all
||*.sex^$all
||*.shop^$all
||*.site^$all
||*.stream^$all
||*.top^$all
||*.trade^$all
||*.vip^$all
||*.wang^$all
||*.win^$all
||*.work^$all
||*.xin^$all
||*.xxx^$all
||*.xyz^$all
@@||email.ionos.co.uk*^$all,domain=ionos.co.uk
!
! Block all on much abused country code TLD's. The TLD is between ||* and ^$, e.g. ||*.AM^$
!
||*.am^$all
||*.cc^$all
||*.cf^$all
||*.cn^$all
||*.fm^$all
||*.ga^$all
||*.gg^$all
||*.ki^$all
||*.kp^$all
||*.la^$all
||*.ml^$all
||*.pw^$all
||*.ru^$all
||*.tk^$all
||*.ua^$all
||*.ug^$all
||*.vn^$all
@@discord.gg^$all,domain=discord.com
!
P.S. I'd run this machine with a limited user account but a bit to much hassle with my home setup.
Last edited by a moderator: