Advanced Plus Security ErzCrz Security Config 2024

Last updated
Oct 7, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
DefenderUI
CyberLock
WFC
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Reccomended
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
WFC - Medium Filtering, Notifications Enabled. (Manually added FWH Rules as WFC can overwrite FirewallHardening Tool implemented rules
FirewallHardening Tool - Recommended H_C Rules
Documents_Anti-Exploit Tool - ON/ON2/ON/ON
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with UBOLite in Complete Mode
Secondary - Firefox with uBO in Medium Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x or KeePassXC whichever is my flavour of the month though they use the same database file.
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Subscriptions
    • None
System recovery
AOMEI System Backup Monthly to external drive.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
----------------------------------------
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.
20.11.2024 - WFH and Anti-Exploit added as protection layers.

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
I find myself doing what I said I wasn't planning to do and bouncing between WFC and CF which doesn't make much sense but what I seem to be doing. WFC will alert me of any new connection out CL will catch any 0-days and MD with DefenderUI is optimized. I need to go with the famous quote from @oldschool and stay safe not paranoid :)

P.S. Looking at Malwarebytes Browser Guard but I think that'd only make sense if I was using uBO Lite or Original untweaked.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Just because I have the spare time, been comparing resource usage of CIS with CL and my current config

CIS = 64MB Ram
CL = 103MB Ram
Total = 167

vs

Microsoft Defender = 214MB Ram
DefenderUI = 17MB Ram
CL = 103MB Ram
WFC = 46MB Ram
Total = 380

About double the RAM with my current setup but not noticeable with my 16Gig Ram Laptop but useful to know what takes up what. I think if I did CIS full I'd have HIPS disabled if I'm running CL along with it. HIPS is a lot of hassle anyway. There's a lot of love and hate for Comodo and development is very slow but we'll see what's what when the 3rd Beta eventually surfaces.

Anyway, making use of my last working day off work before I officially return to work after 4 months on sick leave. Thankfully, I'm just working from home for a few weeks initially and then physically returning at some point in March.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Checking MD Logs in DefenderUI and I have about a dozen of the below errors on the same day.

Time to look into it and remember what, if anything I did last Friday. DefenderUI in Recommended Settings.

Event 1 ID: 3002 - 2/17/2024 12:50:10 PM
Message: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,673
Checking MD Logs in DefenderUI and I have about a dozen of the below errors on the same day.

Time to look into it and remember what, if anything I did last Friday. DefenderUI in Recommended Settings.

Event 1 ID: 3002 - 2/17/2024 12:50:10 PM
Message: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Try uninstalling DefenderUI and then check MD. Personally, I find using it is unnecessary.
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
I also believe that if you have Cyber lock installed, Defender UI is unnecessary, that's my opinion.

Yes and no.

DefenderUI Free lets you control Microsoft Defender with rules (as ConfigureDefender does), so you can add CyberLock on top.
DefenderUI Pro, on the other hand, does include CyberLock, so it's useless.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
I don't see a Pro version of DefenderUI though I have CyberLock installed. I'll just check through the logs when I get a minute and see if I can narrow it down.

Thanks @Shadowra @jerzy601 @oldschool and if it's DefenderUI related, opt for CD or without instead. :D

Was my first week back at work this week albeit working from home 4-5 hours a day so it's messed up the free schedule I was used to having while I was on sick leave for 4 months :)
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
I worked it out. Was related to me trying to update my iPod Nano for podcasts and I ended up having to re-install iTunes and reconnect the iPod a number of times before it registered in the program so the error was MD trying to scan the attached device but not succeeding. I'd completely forgotten about that.

Anyway, it has prompted me to compare DefenderUI and CD which are much the same though CD doesn't require a separate running program..
Protection is similar though a few more things covered in CD in High config so I might use CD instead.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Adjusted uBO Rules by removing overlap:
! Block third-party scripts and frames linking to top level domains and countries I never visit
||*$third-party,script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

Added Netcraft & BD:TL extensions to Firefox and Edge. Edge used as primary but I've had to do some streaming over Firefox because of Edge handling some catchup sites banners still showing in full screen.

WFC still seems to affect network connection at times so revisiting CF but not committed to the change as of yet.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Getting some network delays and lso triggers so swapped out WFC and controversially reverted to CIS .8012 and CyberLock which I know is some overkill/crossover but CL runs fine in background without issue and CIS very light on the system.
Been trying to swap over to FF as primary browser but Edge feels so much quicker at times but that might be a random occurrence.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Trialling CIS Final Beta going okay. I still prefer the old UI. On testing these Firewall blocks I get, they are only consistent with the initial restart as it takes CF awhile to fully load and I'm not seeing any related firewall alerts showing with default Safe Mode setup.

Final stable being worked on. I am thinking using @Andy Ful 's Firewall Hardening might be useful for blocking LOLBin connections since Windows Firewall runs along side CF.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Reverted to original config. Microsoft Defender, DefenderUI (Recommended) WFC with WFC Recommended rules kept and Windows default rules deleted.

CIS Beta went fine but this is a production machine and reverting config until CIS Stable/Update.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Been trying to make Firefox my primary since I use Thunderbird for emails but some site stuff not working. E.g. posts elsewhere disappeared and some issues trying to purchase some things. Given that I'm using MD, it's just easier to stick with Edge.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Using CIS FInal Beta with CyberLock which I am aware is overkill but no issues running both together. Edge freezes randomly so returned to Firefox as primary and then Edge for Video Streaming. AOMEI Backupper installed and now running system back up to external monthly.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
CIS Premium 2025 released today. Websites etc to be updated but found on this page if you scroll down a bit:
Download Free Antivirus Software | Get Complete PC Virus Protection

1717183110406.png

Installing and testing now.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Half way through the year, just reviewing my changes for the year so far. Wow, 10 changes in 6 months when I'd planned for this to be one to stick with.

Given @Shadowra 's test of CIS 2025 it'll probably just be CF (@cruelsister tweaked) with CL & DefenderUI that I carry on with in the end. Less time to play around with setups. WFC is also a good option and not overkill but leaning more towards CF for containment.

Note to self: I don't actually need to create allow rules for firewall silent blocks after restart and ones I don't get alerts for.

1717234241454.png
1717234354517.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top