Advanced Plus Security ErzCrz Security Config 2025

Last updated
Jun 15, 2025
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
N/A
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
ConfigureDefender
CyberLock
Comodo Firewall
Firewall security
Other - Internet Security (3rd-party)
About custom security
Microsoft Defender twaked with ConfigureDefender Set to High
Cyberlock - ON - Firewall Rules for Unsafe Items. SmartFirewall Recommended, Require Captcha to exit.
Comodo Firewall - Cruelsister Setup - IPv6 filtering enabled
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Firefox with uBlock Origin
Secondary: Edge with uBlock Origin Lite & Osprey Browser Extension
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
AOMEI Backupper Pro - Monthly Full Backups & Weekly Differential Backups
Subscriptions
    • None
System recovery
Lenovo Built in Recovery, AOMEI Backupper Pro Recovering Environment & Bootable USB
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
ErzCrz Laptop Specs 2025
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.
20.11.2024 - WFH and Anti-Exploit added as protection layers.
10.12.2024 - Swapped DefenderUI For ConfigureDefender and Dropped WFC
14.12.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.
18.4.2025 - Removed WFC, purchased Adguard Lifetime Licence & swapped DefenderUI for ConfigureDefender
25..05.2025 - Revereted to MD, DefenderUI, Cyberlock, WFC
2025 Configuration - MD, DefenderUI, CyberLock, WFC
15.06.2025 - New Laptop (see specs link above) Setup is CyberLock Always On, Smart Firewall Recommended & DefenderUI Recommended
01.09.2025 Purchased ESET Smart Security Premium
19.09.2025 - Reverted to MD/CL
18.10.2025 - Added AOMEI Backup/Recovery and using uBO browser extensions
09.11.2025 - Changed backup scheme to full backup, Added Anti-exploit tweaks & enabled CFA
30.11.2025 - Switched to using Comodo Firewall. Removed anti-exploit and CFA setup.
21.12.2025 - Swapped DefenderUI for ConfigureDefender as more set and forget and slight backup adjustment.
31.12.2025 - Last change of the year - Firefox now Primary Browser
----------------------------------------
Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

Andy Ful said:

ErzCrz,​

What is the status of popular script interpreters in your Comodo setup?
I mean: cmd[.]exe, cscript.exe, mshta.exe, powershell.exe, powershell_ise.exe, wscript.exe.
Click to expand...
Oeps forgot that @ErzCrz used Comodo. I have used Comodo Cloud AV and that 'light' version had block rules for suspicious execution of the 'usual suspects' scriptors, so I guess Comodo also protects against scriptors somehow making SWH probably the best option to use.
 
  • Like
  • Thanks
Reactions: Nevi, ErzCrz, oldschool and 2 others
Andy Ful said:

ErzCrz,​

What is the status of popular script interpreters in your Comodo setup?
I mean: cmd[.]exe, cscript.exe, mshta.exe, powershell.exe, powershell_ise.exe, wscript.exe.
Click to expand...
Just the default for Proactive Configuration for those as Runtime Detection and Autoruns Scan which includes some others as well. I know some people who have an extensive list beyond what's there by default but not something I've played around with. All the files in the Autoruns scan have Embedded Code Detection enabled.
1643739741576.png

1643740078534.png
 
Last edited by a moderator:
  • Like
Reactions: Nevi, oldschool, Gandalf_The_Grey and 1 other person
ErzCrz said:
Just the default for Proactive Configuration for those as Runtime Detection and Autoruns Scan which includes some others as well. I know some people who have an extensive list beyond what's there by default but not something I've played around with. All the files in the Autoruns scan have Embedded Code Detection enabled.

View attachment 263956
View attachment 263958
Click to expand...

If you run powershell.exe, is it contained in Comodo's sandbox?
 
  • Like
Reactions: oldschool
Andy Ful said:
If you run powershell.exe, is it contained in Comodo's sandbox?
Click to expand...
No, you'd have to set containment rules for that and any changes you did make with powershell wouldn't affect the system. The default setting is just script analysis/detection. Maybe it's something I should look into ;)
 
  • Like
Reactions: Nevi, Andy Ful, oldschool and 1 other person
ErzCrz said:
No, you'd have to set containment rules for that and any changes you did make with powershell wouldn't affect the system. The default setting is just script analysis/detection. Maybe it's something I should look into ;)
Click to expand...

So, Comodo can detect scripts by heuristics like most AVs. I am not sure how effective it can be (no tests).
The Comodo Client Security can use advanced heuristics based on AMSI but I am not sure about Comodo AV.

Real-Time Scanner Software Virus Protection | Comodo Client Security For Windows

Real-time scanner or on-access scanning program launches scan whenever a new file is created and copied. Real time scanning gives you the highest level of protection and it is highly recommended to enable it in your PC.
help.comodo.com

Anyway, Comodo with your settings can be sufficient at home.(y)
 
  • Like
  • Thanks
Reactions: Nevi, harlan4096, oldschool and 3 others
Just updating. No real isses for the most part. The Noeval uBO rule has been a little annoying to whitelist but that's only been on the occasional site. CIS updates slow the machine when running and full scans seem to get automatically aborted, maybe I'm not using the machine long enough when that's running.
Still on an old machine that isn't Win 11 compatible, hoping I at some point get around to an upgrade though I may have to go to an older one I have spare as this faster one is starting to fall apart. Time to think about an upgrade at some point soon.
 
  • Like
Reactions: Nevi, Gandalf_The_Grey, eonline and 3 others
Got the itch to move back to Hard_Configurator update before long. I like CIS but I think the last bug fix was almost a year ago. We'll just see bit but it's a move I'm thinking about doing.
 
  • Like
Reactions: harlan4096 and oldschool
ErzCrz said:
So decided to try going back to MD. Uninstalled CIS and restarted as normal but now MD not working :( I might have a system restore but it's been a couple of weeks sine I did an install.

View attachment 266597

View attachment 266598
Click to expand...
When it comes to Comodo, never rely on uninstallation. In my experience, they are the worst at uninstalling. For all AV in general, it's better to create a backup before installing a third party AV.
ErzCrz said:
Anyway, found a restore point from last week, will have a go at that.
Click to expand...
Glad to hear that.
 
  • +Reputation
  • Like
  • Thanks
Reactions: Nevi, Trooper, Shadowra and 3 others
ErzCrz said:
So decided to try going back to MD. Uninstalled CIS and restarted as normal but now MD not working :( I might have a system restore but it's been a couple of weeks sine I did an install.

View attachment 266597

View attachment 266598
Click to expand...

I'm not really surprised.
When I tried it, Comodo even blocked Windows updates with HIPS enabled (to put it simply, the installation failed)
I had to uninstall it.
I hope they fixed the problem.
 
  • Like
  • Thanks
Reactions: Nevi, [correlate], ErzCrz and 1 other person
ErzCrz said:
System restores just sticks at Initializing. I think I need to run SFC scan and see if that does anything.
Click to expand...
You might want to check out this tool. Was quite helpful to me in some cases.

windows-repair-toolbox.com

(Almost) everything you need to repair Windows problems in one small handy tool. - Windows Repair Toolbox

Windows Repair Toolbox is a portable program that helps you repair a Windows system, by making the process faster, easier, and more consistent.Features:– Download and run “on-the-fly” the best free software when it comes to diagnosing and solving several kinds of Windows problems. With three...
windows-repair-toolbox.com windows-repair-toolbox.com

It's the same dev who created the Antivirus Removal Tool: Antivirus Removal Tool - The technician friendly tool to detect and completely remove antivirus software.
 
  • Like
  • Thanks
  • +Reputation
Reactions: Nevi, SeriousHoax, [correlate] and 6 others
So System Restore didn't fix the issue or it just kept hanging and I had to repair install to get Windows loading again. I do have an old full backup from years ago but I'd have to figure out what I've added and back that up. Alternatively, do a fresh install but that'll mean finding program discs again and a long download of a game (40gig).

I think Reset this PC might just be the best option and use Open Office or something for Word, Excel etc and Thunderbird for emails. Just doing a backup of my keepass files.
 
  • Like
  • Sad
  • Wow
Reactions: Nevi, SeriousHoax, WhiteMouse and 2 others
ErzCrz said:
So System Restore didn't fix the issue or it just kept hanging and I had to repair install to get Windows loading again. I do have an old full backup from years ago but I'd have to figure out what I've added and back that up. Alternatively, do a fresh install but that'll mean finding program discs again and a long download of a game (40gig).

I think Reset this PC might just be the best option and use Open Office or something for Word, Excel etc and Thunderbird for emails. Just doing a backup of my keepass files.
Click to expand...
System Restore failed on me too many times that I stop trusting it. I disable it to save disk space and ssd TBW. Macrium Reflect is so reliable that I even bought 4 licenses.
 
  • Like
Reactions: harlan4096 and ErzCrz
ErzCrz said:
So System Restore didn't fix the issue or it just kept hanging and I had to repair install to get Windows loading again. I do have an old full backup from years ago but I'd have to figure out what I've added and back that up. Alternatively, do a fresh install but that'll mean finding program discs again and a long download of a game (40gig).

I think Reset this PC might just be the best option and use Open Office or something for Word, Excel etc and Thunderbird for emails. Just doing a backup of my keepass files.
Click to expand...
Why not create a separate partition for games?
 
  • Like
  • Thanks
Reactions: Nevi, Trooper and ErzCrz
SeriousHoax said:
Why not create a separate partition for games?
Click to expand...
Yeah, I didn't think of that at the time. I do have a second partition on the drive with plenty of space so I'll do that this time around. Just checking if I can move the files over to the 2nd partition for the game to save me spending all weekend downloading it ;)

Not sure I can face this system reset but I better get on with it so I'm not up all night.
 
It looks like you didn't backup system image every two weeks or month? that's a reason, System restore is bad sometime..
 
CyberTech said:
It looks like you didn't backup system image every two weeks or month? that's a reason, System restore is bad sometime..
Click to expand...
Yeah, intention was for that to be the case but the exernal drive became a hassle and I've been planning to get a separate drive just dedicated to backups. Anyway, a lesson I needed to learn I think.

OFFLINE for the rest of today but hopefully it won't take long.
 
  • Like
Reactions: CyberTech

You may also like...