Advanced Plus Security ErzCrz config 2021

Last updated
Apr 6, 2021
How it's used?
For home and private use
Operating system
Windows 10
On-device encryption
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
User Access Control
Always notify
Smart App Control
Network firewall
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
- System Hardened with Hard_Configurator at Recommended Settings
- Microsoft Defender tweaked with ConfigureDefender set to High. (I'd go with Interactive but I prefer a more set and forget setup)
- FirewallHardening - Recommended H_C rules added
Periodic malware scanners
Emisoft Emergency Kit, HitmanPro
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chromium Edge
uBlock Origin (@Lenny_Fox 's tweaked Medium/Hard Mode) blocking 3p.
Secure DNS
Sky Shield (ISP)
Desktop VPN
Sophos VPN for working from home connection.
Password manager
Keepass 2
Maintenance tools
MacrumReflect Free (backups only after major updates) OneDrive backup of documents weekly.
File and Photo backup
Monthly backup to external drive and Occasional OneDrive Sync
System recovery
Backup disc image, updated every few months.
Risk factors
    • Working from home
    • Browsing to popular websites
    • Browsing to unknown / untrusted / shady sites
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Computer hardware
Acer Aspire E15
Intel Core i3-400SU
Intel HD Graphics 4400
12 Gig DDR 11 RAM
1TB HDD
Notable changes
17.02.2021 - Changed email client from Windows Mail to ThunderbirdBack
06.04.2021 - Back to Windows Mail, SecurityNightmare's Maximum Exploit settings enabled. MD running in it's own Sandbox, Controlled Folder Access enabled. Removed BD Traffic Light and using HTTPS Everywhere in Strict mode.
13.05.2021 - Reverted back to my old favourite Comodo, Firefox and Thunderbird.
22.05.2021 - Returned to MD + H_C setup.
28.08.2021 - Back to using HitmanPro 2nd opinion scanner, using H_C 6 Beta and updated uBO tweak. Thinking about using CFA again and treating messages as more informative unless is breaks something.
What I'm looking for?

Looking for medium feedback.

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
My configuration for 2021.

I had been tempted to revert to Comodo Internet Security or some of the other free combinations out there. However, after a fair bit of testing and playing around with various options, the best compatible option while still providing very good protection is a system hardened Windows 10 using Hard_Configurator is still what works best for me. There are a lot of options out there that protect people well and this configuration may change depending on my level of paranoia.

Comodo's containment is fantastic but I can't seem to settle on the right configuration for me and I find I'm constantly fiddling with it when I am using it.

Anyway, my browser and uBlock Origin tweaks are below:

Chromium Edge tweaked exploitation protection:

Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

uBlock Medium Mode tweaks:

Dynamic rules:


no-large-media: behind-the-scene false
* * 3p-frame block
* * 3p-script block
* com * noop
* gov * noop
* io * noop
* net * noop
* org * noop
* uk * noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

My filters:

! -----------security
! Block ping (for sending beacons and hyperlink auditing)
||*$ping
! Block insecure third-party content except stylesheet, image and media
||HTTP://*$3p,~stylesheet,~image,~media
!
! Block downloading executable content from insecure HTTP websites
http://*.exe^$empty
http://*.msi^$empty
http://*.bat^$empty
http://*.dll^$empty
http://*.hta^$empty
http://*.jar^$empty
http://*.msu^$empty
http://*.pif^$empty
http://*.ps1^$empty
http://*.ps2^$empty
http://*.reg^$empty
http://*.scr^$empty
http://*.sys^$empty
http://*.vbe^$empty
http://*.vbs^$empty
http://*.tmp^$empty
!
! Block all on much abused generic TLD's. The TLD is between ||* and ^$, e.g. ||*.BID^$
!
||*.bid^$all
||*.buzz^$all
||*.club^$all
||*.country^$all
||*.date^$all
||*.download^$all
||*.gdn^$all
||*.host^$all
||*.icu^$all
||*.jetz^$all
||*.kim^$all
||*.loan^$all
||*.men^$all
||*.mobi^$all
||*.mom^$all
||*.party^$all
||*.pics^$all
||*.racing^$all
||*.ren^$all
||*.rest^$all
||*.review^$all
||*.ryukyu^$all
||*.science^$all
||*.sex^$all
||*.shop^$all
||*.site^$all
||*.stream^$all
||*.top^$all
||*.trade^$all
||*.vip^$all
||*.wang^$all
||*.win^$all
||*.work^$all
||*.xin^$all
||*.xxx^$all
||*.xyz^$all
@@||email.ionos.co.uk*^$all,domain=ionos.co.uk
!
! Block all on much abused country code TLD's. The TLD is between ||* and ^$, e.g. ||*.AM^$
!
||*.am^$all
||*.cc^$all
||*.cf^$all
||*.cn^$all
||*.fm^$all
||*.ga^$all
||*.gg^$all
||*.ki^$all
||*.kp^$all
||*.la^$all
||*.ml^$all
||*.pw^$all
||*.ru^$all
||*.tk^$all
||*.ua^$all
||*.ug^$all
||*.vn^$all
@@discord.gg^$all,domain=discord.com
!

P.S. I'd run this machine with a limited user account but a bit to much hassle with my home setup.
 
Last edited by a moderator:

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Great config (y)
According to @cruelsister is Kaspersky Antivirus Removal Tool one of the best second opinion scanners, but I can't find her post here or at Wilders at the moment. :eek:
Have you tried it?
Thanks :D

Oh, I might have a look for it. I had KIS years ago but haven't used anything of theirs since hacking claims but I don't think Kaspersky was ever directly involved.

I had thought of going with a Sophos home combination but found it was affecting browsing and gaming speeds.

Anyway. will have a search around for that OD Scanner.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Thanks :D

Oh, I might have a look for it. I had KIS years ago but haven't used anything of theirs since hacking claims but I don't think Kaspersky was ever directly involved.

I had thought of going with a Sophos home combination but found it was affecting browsing and gaming speeds.

Anyway. will have a search around for that OD Scanner.
No, your config is great as is, don't change it too much.
That is a security software forum virus :D
Just enjoy your computer or is testing AV's also a hobby?
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Great config (y)
According to @cruelsister is Kaspersky Antivirus Removal Tool one of the best second opinion scanners, but I can't find her post here or at Wilders at the moment. :eek:
Have you tried it?
Found that post:
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
No, your config is great as is, don't change it too much.
That is a security software forum virus :D
Just enjoy your computer or is testing AV's also a hobby?
Just security paranoid at times. I don't really fall for some of the scaremongering tactics out there these days but an old comodo fanboy I guess having used it off and on since CFW 2.0 and CAV 1.0 so I go back and try it out again when there's new releases which is a double edged sword. I end up spending week on week fiddling where as with this config, I can pretty much set and forget apart from when there are new vulnerabilities etc.

BD:TL helps particularly when searching for things. I used to use NoScript and just click all I want but that was before discovering uBO capabilities though I miss being able to check a 3rd party site for reputation there and then like you can with NoScript.

Well, Christmas evening. Didn't eat nearly as much as planned. I think I'll do myself a turkey sandwich in a few :D I'd have some port but I'm on antibiotics so will save that for new year ;)
 

Protomartyr

Level 7
Sep 23, 2019
314
BD:TL helps particularly when searching for things. I used to use NoScript and just click all I want but that was before discovering uBO capabilities though I miss being able to check a 3rd party site for reputation there and then like you can with NoScript.

I have the Bitdefender TrafficLight installed in Edge for the same reason. While Edge has SmartScreen built-in and is good on its own, I find the site reputation from TrafficLight in search results handy.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
I have the Bitdefender TrafficLight installed in Edge for the same reason. While Edge has SmartScreen built-in and is good on its own, I find the site reputation from TrafficLight in search results handy.
A plus for using an extension is that Edge sometimes partly downloads a file before blocking it (can still be found in cache) while in this case Bitdefender TrafficLight fully blocks the download.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Just a quick one to say I'm reviewing my Edge anti-exploit tweaks. Seems my tweaks in some way may be interfering with smartscreen stopping downloads.

I was testing out a couple of things with Comodo before moving over to H_C again and I got a comodo file error for guard64.dll when I ran Edge. Edge did eventually load but when I removed the tweaks it worked fine.

In a similar test with just WD, I could fully download the eircar test file or the eircar.zip file and it would only be detected on-access with the browser tweaks whereas without, it blocked the download.

Just something I'm looking into.
 
F

ForgottenSeer 85179

Just a quick one to say I'm reviewing my Edge anti-exploit tweaks. Seems my tweaks in some way may be interfering with smartscreen stopping downloads.

I was testing out a couple of things with Comodo before moving over to H_C again and I got a comodo file error for guard64.dll when I ran Edge. Edge did eventually load but when I removed the tweaks it worked fine.

In a similar test with just WD, I could fully download the eircar test file or the eircar.zip file and it would only be detected on-access with the browser tweaks whereas without, it blocked the download.

Just something I'm looking into.
I test https://www.eicar.org/?page_id=3950 and all EICAR stuff are blocked:

1609068017049.png

1609068063294.png
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
I test https://www.eicar.org/?page_id=3950 and all EICAR stuff are blocked:

View attachment 251950

View attachment 251951
Thanks. That's really weird. Maybe it was some leftover Comodo driver or something interfering. I did a temporary file cleanup and did the comodo removal tool, seems okay now.

Anyway, works with my exploit tweaks, must have just been something corrupted or comodo remaining bits affecting it.

Thanks.
 
F

ForgottenSeer 85179

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Thanks for sharing @ErzCrz, particularly your uBlock Medium Mode tweaks. I'm using some from @Windows_Security from mid 2019. The base settings look the same but you have some helpful comments within the filters that help a newer user tailor them :)
Your welcome :D I'm always tweaking it some and all the credit really goes to @Lenny_Fox who's made medium mode that much easier.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,003
Just checking in. Doing some minor experimental changes to my ublock filters but nothing set in stone yet.

Oh and why or why do I keep reverting back to Comodo. Been doing some random experiments with it but I'm just as protected with my current setup really. Anyway, just having a bit of a rant at myself for that one. I mean 6+ fresh installs of it this year is ridiculous. I'll wait for next feature update at the very least and just stick with my WD, H_D Recommended, CD High and FH Recommended. It's not like I go anywhere dodgy online etc.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top