SECURITY: Complete ErzCrz config 2021

[ErzCrz]

Ever the indecisive, experimenting again with Comodo and Chrome original. I think I missed chrome though I know chromium edge is safer in some ways. System just seems to be a more responsive. Nothing set in stone just trialing a few things out to keep my sanity while I'm furloughed.

 

[ErzCrz]

Finished with that experiment and back to WD +H_C. Although some things loaded quicker in Chrome and the system felt more responsive it was using about the same resources when it came down to system load and in case of full screen games I noticed more lag hiccups or sound distortion with Comodo and Chrome.

Anyway, that was useful...

 

[ErzCrz]

Switched to Thunderbird for email. Just a lot faster and more features. I was playing around with Firefox as I like the containers but with MD as my protection it's best using Chromium Edge.

I am noticing all new MD stuff going to 365 office subscribers which has me considering 3rd party options like BD free but what I have still works

 

[ErzCrz]

I use Edge Chromium and Thunderbird and reviewing the exploit protection settings. What's the current good setting for both? There's a couple linked in and I want to ensure trouble free but better protected browsing/emailing.

Q&A - Maximum Anti-Exploit protection settings for your program

Anyone play more with settings for Chromium-Edge ? here also another good thread about: https://malwaretips.com/threads/guide-to-tweak-of-built-in-exploit-protection-in-windows-security.97768/

malwaretips.com

I'm also reviewing my ublock setup. Finding the odd page freezing or scrolling not working from time to time.

 

[ForgottenSeer 85179]

I use Edge Chromium and Thunderbird and reviewing the exploit protection settings. What's the current good setting for both? There's a couple linked in and I want to ensure trouble free but better protected browsing/emailing.

You can use my setup without hassle

 

[ErzCrz]

You can use my setup without hassle

Thanks, was just looking at yours and commented

 

[ErzCrz]

Looked at enabling memory integrity but I've got a few incompatible drivers.

This laptop did upgrade from Win 8 to 10 years ago and it being an older machine, no newer drivers available so far in my searches. /shrug

 

[Divine_Barakah]

OneDrive backup of documents weekly.

Why not always-on-sync?

 

[ForgottenSeer 85179]

Looked at enabling memory integrity but I've got a few incompatible drivers.

This laptop did upgrade from Win 8 to 10 years ago and it being an older machine, no newer drivers available so far in my searches. /shrug

A fresh Windows installation should fix that.

 

[ErzCrz]

Why not always-on-sync?

Seems to slow down my machine and tries to re-upload some 3 gig of photos. Looking at fresh install options.

 

[ErzCrz]

Been playing around with Comodo, FF and Thunderbird email client but as usual, back to my normal setup with a few changes.

Minor changes:

06.04.2021 - Back to Windows Mail, @SecurityNightmares Maximum Exploit settings enabled. MD running in it's own Sandbox, Controlled Folder Access enabled. Removed BD Traffic Light and using HTTPS Everywhere in Strict mode.

Thinking about using ClearURLs again at some point.

 

[ErzCrz]

I still find myself bouncing between configurations.

MD H_C configuration with Edge and MS Mail works okay but MS Mail lacks features and I've had some random Edge crashes when I load a page with a lot of stuff on it. The only addon is uBlock with my medium mode settings. MD uses about 150 meg as standard and the additional 60meg if I run it sandboxed.

Comodo IS in Proactive with Firefox and Thunderbird. CIS uses about 50meg, Firefox take a little bit to load initially but just as fast as edge when it is running. Thunderbird is far more productive and quicker than MS Mail though takes maybe 10 seconds to load.

Such a long history with me and Comodo I keep going back to it. Indecisive as always, I just need to try and stick with one for a bit longer and adapt/change as needed.

uBO rules are simplified:

Advanced User

My Filters:

! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media

My rules:
no-csp-reports: * true
no-large-media: behind-the-scene false
* * 3p-frame block
* * 3p-script block
* com * noop
* gov * noop
* io * noop
* net * noop
* org * noop
* uk * noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

Yes there's other blockers but I prefer uBO really.

 

[ErzCrz]

Decided on a simple solution, carry on with what I started with though reviewing CFA I just need to watch a tutorial to know what's safe to allow etc. Should I try audit only initially? I'll see what's blocked with default settings and try and work it out.

Anyway but convenience over excessive tweaking is proving to be a priority.

P.S. Added the consent.youtube.com to blocked cookies including 3rd party as described in the ghacks article.

I've also amended the uBO My filters to the following to stop the Youtube Sign-in pop-up and Google Consent messages.

! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media
! Google Consent / Sign-in
google.*##^script:has-text(consentCookiePayload)
www.youtube.com###dialog
www.youtube.com##.opened

Things on the up and up with me in a lot of things in the coming months.

Keep safe

ErzCrz

 

[ErzCrz]

Got my update for KB4052623 today which I think got delayed or because I have a Home version I didn't get it until now. Microsoft Update Catalog which fixes some folder issue from what I read.

Anyway, just checking for updates while I can't sleep. Got to be up in a few hours.

 

[ErzCrz]

I go through phases with these things but I've gone back to Comodo Internet Security. I've just found computer runs slower with Microsoft Defender and some gaming became juddery for full screen games.

Runing CIS in Proactive mode defaults with auto-containment tweaks to "Restricted" mode and required ICMP rules for IPv6 filtering. Browser changed back to Firefox and email to Thunderbird. Still using uBO in tweaked Medium Mode and recently re-added ClearURLs.

Comodo occasionally has had it's issues but it's got a place in my heart so I decided to go back to it. Controversial I know but we use what works best for us. That and it's ransomware proection from Containment is amazing.

 

[ErzCrz]

Returned to Microsoft Defender and Hard_Configurator setup. Just resulting in a smoother running system.

 

[Thiagoo]

Solid configuration, but I'd add another second opinion scanner like HitmanPro or/and KVRT along with EEK

 

[ErzCrz]

Solid configuration, but I'd add another second opinion scanner like HitmanPro or/and KVRT along with EEK

Thanks. I did have HitmanPro at one point.

 

[ErzCrz]

Just checking in really.

Changed my uBO previous noop 3rd party rules to block and new filters as per recent posting by @Lenny_Fox : Browser Add-on - uBlock0rigin in Medium mode for Lighter and Stronger Protection, with Less websites breakage and hassle

Using the latest H_C 6 Beta with no issues so far. My only annoyance computer wise lately is windows update bringing my system to a crawl now and then but I think I just need to change my Active Hours.

Oh and trying to use DDG more these days, the Bing results are annoying and Google consent messages are a pain. Will update the changelog.

Hope your all well and safe.

 

[oldschool]

trying to use DDG more these days

Have your tried search.brave.com?