Advanced Plus Security ErzCrz Security Config 2024

Last updated
May 19, 2023
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender + DefenderUI
CyberLock
Comodo Firewall .8012
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Recommended Settings
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
Comodo Firewall - Cruelsister Configuration
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with uBO in Medium Mode - Netcraft/BD:TL
Secondary - Firefox with uBO in Medium Mode - Netcraft/BD:TL
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
KeepassXC
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Active subscriptions
    • None
System recovery
External Drive - Backup of Documents and folders.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC

11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Just re-added WFC. Seems I need to restart after creating some rules for them to come into effect and having a little more patience with it initially was key.

So far not had the issues I was experiencing previously and partly turned out to Edge updating itself in the background even though I have Boost turned off and had Ended Task for the processes manually. Turning off getting updates quickly in Edge settings seems to have resolved that so it only updates when Edge is running rather than system idle.

EDIT: The WFH rules seem to get ignored if using WFC as I had a prompt for rundll.exe connecting out to port 443 this morning but I'll leave the WFH rules in place just in case.

On a different note, recovering from 2nd and last Rituximab IV infusion today so replies might be a bit slow for a day.
 
Last edited:

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Been having to add some static rules for streaming catch-up TV lately with my medium mode configuration
Static rules:
! Block beacons, obsolete plugins and websocket biderectional data connections on insecure websites
|HTTP://*$ping,object,websocket,important

! Block potentially unsafe third-party content linking to unsafe unencrypted websites
|HTTP://*$third-party,~document,~stylesheet,~image,~media,important

! Warn when opening webpages on top level domains and countries I never visit
||*$document,domain=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

! Block third-party scripts and frames linking to top level domains and countries I never visit
||*$third-party,script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov
Dynamic rules:
no-csp-reports: * true
no-large-media: behind-the-scene false
no-strict-blocking: zorkas.fr true
* * 3p-frame block
* * 3p-script block
* com * noop
* eu * noop
* info * noop
* io * noop
* net * noop
* org * noop
* twitch.tv * noop
* uk * noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

BBC Rule to play videos:
! 2024-01-09 BBC - Home
@@||r.bbci.co.uk/e/mediaplayout/*$ping,domain=www.bbc.co.uk
@@||mybbc-analytics.files.bbci.co.uk/echo-client-js/*$script,domain=www.bbc.co.uk

Channel4 On Demand to fix video playback issues:
! 2023-12-29 Channel 4 | Stream & Watch Live TV
@@||monitor.channel4.com/logs/dotcom/client/html5player$xhr,domain=www.channel4.com
@@||monitor.channel4.com/metrics/dotcom/client/html5player$xhr,domain=www.channel4.com

ITVX Playback issues rule:
! 2023-12-30 https://www.itv.com
@@||cpt.itv.com^$ping,domain=www.itv.com

Not a big deal but some of these sites working their way around the blocking including some sites using 3rd party frames. Anyway, just wanted to share those. It wasn't that long ago I switched up form a Hard Mode to Medium Mode.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
For info regarding Resource usage with my current setup:

1704887607507.png

1704887640599.png

1704887672722.png


I though Defender was meant to be lighter these days but that 267 MB is average though maybe affected by DefenderUI Recommended tweaks.Not all that noticable with 16gig ram on board but yeah, all seems to be running fine.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
No memory leak, no problem.

CPU usage 0.1%? That’s a deal-breaker. /s
Indeed, memory is fine though it runs at 120mb without tweaks. CPU only increases to about 4% but only when launching applications.
 
  • Like
Reactions: [correlate]

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Thinking I may have to do a dynamic ports rule for Teams Update, I get a pop-up every time Teams connects out to 443 to update via a different dynamic port.
Dynamic ports: 49152 - 65535. WFC is useful though I miss CF's simplicity even though it would be Overkill with Cyberlock/VoodooShield.
I've set CL/VS to create firewall rules for not safe items.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Had some more playback errors on Channel4 On Demand. I seem to keep having to add exception rules which has been trial and error. I think at this stage I might have to change my streaming to a different browser.

Channel 4 exception rules so far:

! 2023-12-29 Channel 4 | Stream & Watch Live TV
@@||monitor.channel4.com/logs/dotcom/client/html5player$xhr,domain=www.channel4.com
@@||monitor.channel4.com/metrics/dotcom/client/html5player$xhr,domain=www.channel4.com

! 2024-01-19 Channel 4 | Stream & Watch Live TV
@@||webstats.channel4.com/b/ss/channel4dotcom/*$image,domain=www.channel4.com
@@||webstats.channel4.com/b/*$image,domain=www.channel4.com
@@||sdk.fra-01.braze.eu^$xhr,domain=www.channel4.com
@@||dpm.demdex.net/id$xhr,domain=www.channel4.com
@@||b45f12f3d1d8ff61fde258f94943ae3b02a43d94.cws.conviva.com^$xhr,domain=www.channel4.com
@@||logx.optimizely.com^$xhr,domain=www.channel4.com

Just strange. Most of these are xhr protocol. Will try with Edge and see if issue is reproduced without these exception rules.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Do you have Exploit Protection settings enabled for FF? I had to make some changes to my setup and that solved the issue I had with Hulu.
Thanks for reply.

No, not using any exploit tweaks beyond Windows 11 defaults at the moment. Doesn't appear to relate to my uBO configuration as the block log would indicate as such. Doing some re-testing and see if I can figure out the cause. I might try disabling the Firefox video pop-out feature as I never seem to use it but I doubt that's related.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Removed WFC, was causing some random network issues and although useful it's very talkative and I just prefer Comodo Firewall.

**I'm aware that CF with CruelSister settings is a bit of an overkill but it works fine with CL/VS. DefenderUI probably not needed so that might get removed but there's no conflict**
 

Szellem

Level 6
Verified
Well-known
Apr 15, 2020
258
Some brief amendments.
1. Removed WFC - Had some browsing lag after a number of rules created, slow resume of WIFI connection after hibernate and a lot of connection alerts got a bit tedious if I didn't put it in Learning Mode for a couple of days.
2. Implemented @Andy Ful 's WindowsFirewallHardening with H_C Recommended rules applied.
3. Enabled VS/CL rule to create rules for Not Safe items.
View attachment 280748
I may end up going down the CF route eventually as it'll work with VS/CL if using @cruelsister 's configuration at which point DefenderUI might not be needed.

So, some changes this year already but just finding what works best without issue.
Which is this configuration? I mean for CF.
 

Szellem

Level 6
Verified
Well-known
Apr 15, 2020
258
Yes, sometimes I forget to include a context so sorry for the confusion. I'm trying not to change config too much this year but as per my post earlier I changed back to Comodo Firewall using CruelSister's configuration which is a great set and forget.
Thanks for the reply! I will try that today. I'll be curious to see how much easier my system will be compared to Kaspersky.
 
  • Like
Reactions: harlan4096 and Nevi

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,020
Thanks for the reply! I will try that today. I'll be curious to see how much easier my system will be compared to Kaspersky.
Kaspersky includes a firewall already though some people have used Kaspersky Free with CF if it's installed first though Kaspersky has been known to show a conflict alert when the two are running together. Kaspersky is a good product so use that if it works for you.

CF is light on the system I'm just waiting for 3rd Beta and eventual stable to come out before switching to the new version

1706522458430.png
 

Szellem

Level 6
Verified
Well-known
Apr 15, 2020
258
Kaspersky includes a firewall already though some people have used Kaspersky Free with CF if it's installed first though Kaspersky has been known to show a conflict alert when the two are running together. Kaspersky is a good product so use that if it works for you.

CF is light on the system I'm just waiting for 3rd Beta and eventual stable to come out before switching to the new version

View attachment 281237
The truth is that Kaspersky 21.16 didn't do very well. For example, web pages are noticeably slower to load. I'm looking for an alternative where I can play Call of Duty in peace and it doesn't block or interfere with online interaction. And it doesn't hold the machine.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top