SECURITY: Complete ErzCrz config 2021

Last updated
Apr 6, 2021
About
Personal, primary device
Additional PC users
Not shared with other users
Desktop OS
Windows 10
OS edition
Home
Login security
    • Password-less (PIN, Biometric, Face)
Primary sign-in
Microsoft account
Primary user
Admin user - Full permissions
Other users
Other accounts are Admin users
Security updates
Automatic - allow all types of updates
Windows UAC
Maximum - always notify
Network firewall
ISP-issued router
Real-time protection
Microsoft Defender
Software firewall
Microsoft Defender Firewall
Custom RTP, Firewall and OS settings
- System Hardened with Hard_Configurator at Recommended Settings
- Microsoft Defender tweaked with ConfigureDefender set to High. (I'd go with Interactive but I prefer a more set and forget setup)
- FirewallHardening - Recommended H_C rules added
Malware testing
No malware samples
Periodic security scanners
Emisoft Emergency Kit, HitmanPro
Secure DNS
Sky Shield (ISP)
VPN
Sophos VPN for working from home connection.
Password manager
Keepass 2
Browsers, Search and Addons
Chromium Edge
uBlock Origin (@Lenny_Fox 's tweaked Medium/Hard Mode) blocking 3p.
Maintenance and Cleaning
MacrumReflect Free (backups only after major updates) OneDrive backup of documents weekly.
Personal Files & Photos backup
Monthly backup to external drive and Occasional OneDrive Sync
Personal backup routine
Manual (maintained by self)
Device recovery & backup
Backup disc image, updated every few months.
Device backup routine
Manual (maintained by self)
PC activity
  1. Working from home. 
  2. Browsing the web. 
  3. Browsing to unknown sites. 
  4. Emails. 
  5. Shopping. 
  6. PC and cloud gaming. 
  7. Multimedia. 
  8. Streaming. 
Computer specs
Computer hardware
Acer Aspire E15
Intel Core i3-400SU
Intel HD Graphics 4400
12 Gig DDR 11 RAM
1TB HDD
Personal changelog
17.02.2021 - Changed email client from Windows Mail to ThunderbirdBack
06.04.2021 - Back to Windows Mail, SecurityNightmare's Maximum Exploit settings enabled. MD running in it's own Sandbox, Controlled Folder Access enabled. Removed BD Traffic Light and using HTTPS Everywhere in Strict mode.
13.05.2021 - Reverted back to my old favourite Comodo, Firefox and Thunderbird.
22.05.2021 - Returned to MD + H_C setup.
28.08.2021 - Back to using HitmanPro 2nd opinion scanner, using H_C 6 Beta and updated uBO tweak. Thinking about using CFA again and treating messages as more informative unless is breaks something.
Feedback Response

General feedback

oldschool

Level 62
Verified
Mar 29, 2018
5,117
Thanks, I'll have a look ;)

P.S. Currenty reviewing anti-exploit tweaks. I stopped customizing that a little while ago and went back to default. What are you using these days?
I think I'm back at defaults for no reason in particular, or maybe I was troubleshooting something. I forget! But then again, I'm using built-in & Privacy Badger in Edge and compartmentalizing browsers. ;)
 

ErzCrz

Level 10
Verified
Aug 19, 2019
453
I still find myself slipping back to Comodo, Firefox Thunderbird combo. So decided to do some analysis. Thunderbird is compatible with H_C so that's fine as I prefer that for emails. Just faster and more secure than Windows 10. I think it's down to Edge bing search I'm not a fan of so I guess I should experiment with changing that.

The other thing is some slow system at times but not sure if that's down to system updates or running WD in it's own sandbox. It's probably fine for newer machines but at the end of the day I have an old laptop with a 4th generation i3 chip. I just can't afford a upgrade at the moment and what I would get around the £400-500 price mark isn't a great deal better than what I have. /Shrug, maybe after Christmas.

So more tweaking to be done and try WD again without running in it's own sandbox.
 

SeriousHoax

Level 38
Verified
Mar 16, 2019
2,719
I still find myself slipping back to Comodo, Firefox Thunderbird combo. So decided to do some analysis. Thunderbird is compatible with H_C so that's fine as I prefer that for emails. Just faster and more secure than Windows 10. I think it's down to Edge bing search I'm not a fan of so I guess I should experiment with changing that.

The other thing is some slow system at times but not sure if that's down to system updates or running WD in it's own sandbox. It's probably fine for newer machines but at the end of the day I have an old laptop with a 4th generation i3 chip. I just can't afford a upgrade at the moment and what I would get around the £400-500 price mark isn't a great deal better than what I have. /Shrug, maybe after Christmas.

So more tweaking to be done and try WD again without running in it's own sandbox.
Also try running WD at default settings and check if it improves anything.
 

ErzCrz

Level 10
Verified
Aug 19, 2019
453
I'm sticking with Windows 10 mail. Thunderbird crashing when I go into preferences i TB. I was just experimenting a little with CIS and still had it installed but had same issue when CIS was disabled. Anyway, Win 10 Mail does enough for me really and I can still move things to folders etc.

Anyway, just more evidence that 3rd party isn't always the best solution.

1633627480369.png
 

ErzCrz

Level 10
Verified
Aug 19, 2019
453
Have you ever considered turning your email address into a PWA? In Chromium all you have to do is create a shortcut and choose window. It's incredible.
Interesting thought.
On running the Health check it's the processor and TPM that fails but I think I'll push for a new one in the new year.

1634494837649.png
 
  • Like
Reactions: harlan4096
Top