SECURITY: Complete ErzCrz config 2021

Last updated
Apr 6, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Home
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Other users
Other accounts are Admin users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
- System Hardened with Hard_Configurator at Recommended Settings
- Microsoft Defender tweaked with ConfigureDefender set to High. (I'd go with Interactive but I prefer a more set and forget setup)
- FirewallHardening - Recommended H_C rules added
Malware testing
No malware samples
Periodic security scanners
Emisoft Emergency Kit, HitmanPro
Secure DNS
Sky Shield (ISP)
VPN
Sophos VPN for working from home connection.
Password manager
Keepass 2
Browsers, Search and Addons
Chromium Edge
uBlock Origin (@Lenny_Fox 's tweaked Medium/Hard Mode) blocking 3p.
Maintenance and Cleaning
MacrumReflect Free (backups only after major updates) OneDrive backup of documents weekly.
Personal Files & Photos backup
Monthly backup to external drive and Occasional OneDrive Sync
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Backup disc image, updated every few months.
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Browsing to unknown sites. 
  4. Emails. 
  5. Shopping. 
  6. PC and cloud gaming. 
  7. Multimedia. 
  8. Streaming. 
Computer specs
Computer hardware
Acer Aspire E15
Intel Core i3-400SU
Intel HD Graphics 4400
12 Gig DDR 11 RAM
1TB HDD
Personal changelog
17.02.2021 - Changed email client from Windows Mail to ThunderbirdBack
06.04.2021 - Back to Windows Mail, SecurityNightmare's Maximum Exploit settings enabled. MD running in it's own Sandbox, Controlled Folder Access enabled. Removed BD Traffic Light and using HTTPS Everywhere in Strict mode.
13.05.2021 - Reverted back to my old favourite Comodo, Firefox and Thunderbird.
22.05.2021 - Returned to MD + H_C setup.
28.08.2021 - Back to using HitmanPro 2nd opinion scanner, using H_C 6 Beta and updated uBO tweak. Thinking about using CFA again and treating messages as more informative unless is breaks something.
Feedback Response

General feedback

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Ever the indecisive, experimenting again with Comodo and Chrome original. I think I missed chrome though I know chromium edge is safer in some ways. System just seems to be a more responsive. Nothing set in stone just trialing a few things out to keep my sanity while I'm furloughed.
 

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Finished with that experiment and back to WD +H_C. Although some things loaded quicker in Chrome and the system felt more responsive it was using about the same resources when it came down to system load and in case of full screen games I noticed more lag hiccups or sound distortion with Comodo and Chrome.

Anyway, that was useful...
 

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Switched to Thunderbird for email. Just a lot faster and more features. I was playing around with Firefox as I like the containers but with MD as my protection it's best using Chromium Edge.

I am noticing all new MD stuff going to 365 office subscribers which has me considering 3rd party options like BD free but what I have still works ;)
 

ErzCrz

Level 9
Verified
Aug 19, 2019
448
I use Edge Chromium and Thunderbird and reviewing the exploit protection settings. What's the current good setting for both? There's a couple linked in and I want to ensure trouble free but better protected browsing/emailing.

I'm also reviewing my ublock setup. Finding the odd page freezing or scrolling not working from time to time.
 

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Looked at enabling memory integrity but I've got a few incompatible drivers.

This laptop did upgrade from Win 8 to 10 years ago and it being an older machine, no newer drivers available so far in my searches. /shrug
 

Attachments

  • coreisoincomp.jpg
    coreisoincomp.jpg
    112.1 KB · Views: 150
  • Wow
Reactions: Nevi and venustus

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Been playing around with Comodo, FF and Thunderbird email client but as usual, back to my normal setup with a few changes.

Minor changes:

06.04.2021 - Back to Windows Mail, @SecurityNightmares Maximum Exploit settings enabled. MD running in it's own Sandbox, Controlled Folder Access enabled. Removed BD Traffic Light and using HTTPS Everywhere in Strict mode.

Thinking about using ClearURLs again at some point.
 
Last edited:

ErzCrz

Level 9
Verified
Aug 19, 2019
448
I still find myself bouncing between configurations.

MD H_C configuration with Edge and MS Mail works okay but MS Mail lacks features and I've had some random Edge crashes when I load a page with a lot of stuff on it. The only addon is uBlock with my medium mode settings. MD uses about 150 meg as standard and the additional 60meg if I run it sandboxed.

Comodo IS in Proactive with Firefox and Thunderbird. CIS uses about 50meg, Firefox take a little bit to load initially but just as fast as edge when it is running. Thunderbird is far more productive and quicker than MS Mail though takes maybe 10 seconds to load.

Such a long history with me and Comodo I keep going back to it. Indecisive as always, I just need to try and stick with one for a bit longer and adapt/change as needed.

uBO rules are simplified:

Advanced User

My Filters:
! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media

My rules:
no-csp-reports: * true
no-large-media: behind-the-scene false
* * 3p-frame block
* * 3p-script block
* com * noop
* gov * noop
* io * noop
* net * noop
* org * noop
* uk * noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

Yes there's other blockers but I prefer uBO really.
 
Last edited by a moderator:

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Decided on a simple solution, carry on with what I started with though reviewing CFA I just need to watch a tutorial to know what's safe to allow etc. Should I try audit only initially? I'll see what's blocked with default settings and try and work it out.

Anyway but convenience over excessive tweaking is proving to be a priority.

P.S. Added the consent.youtube.com to blocked cookies including 3rd party as described in the ghacks article.

I've also amended the uBO My filters to the following to stop the Youtube Sign-in pop-up and Google Consent messages.

! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media
! Google Consent / Sign-in
google.*##^script:has-text(consentCookiePayload)
www.youtube.com###dialog
www.youtube.com##.opened

Things on the up and up with me in a lot of things in the coming months.

Keep safe

ErzCrz
 
Last edited:

ErzCrz

Level 9
Verified
Aug 19, 2019
448
I go through phases with these things but I've gone back to Comodo Internet Security. I've just found computer runs slower with Microsoft Defender and some gaming became juddery for full screen games.

Runing CIS in Proactive mode defaults with auto-containment tweaks to "Restricted" mode and required ICMP rules for IPv6 filtering. Browser changed back to Firefox and email to Thunderbird. Still using uBO in tweaked Medium Mode and recently re-added ClearURLs.

Comodo occasionally has had it's issues but it's got a place in my heart so I decided to go back to it. Controversial I know but we use what works best for us. That and it's ransomware proection from Containment is amazing.
 

ErzCrz

Level 9
Verified
Aug 19, 2019
448
Just checking in really.

Changed my uBO previous noop 3rd party rules to block and new filters as per recent posting by @Lenny_Fox : Browser Add-on - uBlock0rigin in Medium mode for Lighter and Stronger Protection, with Less websites breakage and hassle

Using the latest H_C 6 Beta with no issues so far. My only annoyance computer wise lately is windows update bringing my system to a crawl now and then but I think I just need to change my Active Hours.

Oh and trying to use DDG more these days, the Bing results are annoying and Google consent messages are a pain. Will update the changelog.

Hope your all well and safe.
 
Top