Advanced Plus Security ErzCrz Security Config 2024

Last updated
Oct 7, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
DefenderUI
CyberLock
WFC
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Reccomended
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
WFC - Medium Filtering, Notifications Enabled. (Manually added FWH Rules as WFC can overwrite FirewallHardening Tool implemented rules
FirewallHardening Tool - Recommended H_C Rules
Documents_Anti-Exploit Tool - ON/ON2/ON/ON
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with UBOLite in Complete Mode
Secondary - Firefox with uBO in Medium Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x or KeePassXC whichever is my flavour of the month though they use the same database file.
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Subscriptions
    • None
System recovery
AOMEI System Backup Monthly to external drive.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
----------------------------------------
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.
20.11.2024 - WFH and Anti-Exploit added as protection layers.

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
Its fine to try out different setups/configs, i do that often myself too

I meant to be referring on cruelsisters video where its easier to disable windows firewall by malware than comodo firewall, so i rather use comodo firewall over windows firewall if possible...but cf+cl+dui is maybe too much for someone ( if it works for you thats okay to keep it then )
Thanks. Although overkill CF with CL and DUI works fine together without issue. I was experimenting with full CIS but I'd rather have MD's detection alongside CF's containment. CL's really good and prevented Andy's test of disabling AV services cmd /dll bypass.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
No update at the moment, just been bouncing between CFW .8012 and WFC since Comodo certificate issue will take a further 1-2 weeks until the new installers come out. I have been looking around a bit at AVs all seems to be around the £30-39 rate with Emsisoft and Malwrebytes in the lower of that bracket but with CyberLock running and accompanied by DefenderUI there's no point moving to a different AV from MD. Reading some more into optimizing/hardening windows firewall (I can use @Andy Ful 's WFH of course) though with WFC not detecting those rules I might have to manually add them to WFC rules as WFC can override those.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
I decided today to renew Emsisoft Anti-Malware Home which served me well last year. It was just £30 which is right in my price range. I did debate about Emisoft but it's £15 more per year for the Premium and £5 more for the basic Eset protection. Emsisoft runs well and does what it does without hassle. Also controls WF and CyberLock is my backup 0-day which also creates WF rules for blocked files.

Emsisoft uses between 600 and 800mb RAM with memory optimization disabled. With my 16-gig ram and i5-12500H chip running a full screen game, 12 edge tabs open and Thunderbird in the background I still have 5-6 gig ram free and CPU only at around 35% so it's not affecting performance.

Anyway, thought it was time for a change and if I get super paranoid I can add CF .8012 again at some point though waiting on this certificate resolution is getting a bit long in the tooth.

Part of the reason not relying on MD is that I have Win 11 Home, I don't have Pro and don't have office 365 so I miss out on added protection from those and I'd rather pay the £30 to Emsisoft rather than £80+ to Microsoft for office and extra features.

Oh and I turn 50 this coming Monday so that's a thing :D
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
What added protection is that? 🤔All Defender advanced settings are still available, etc.
I think it's things like ATP and Sandboxing but maybe that's all changed these days. I expect ConfigureDefender and this hardening programs cover those. I was just fancying a change. Emsisoft is constantly updated and hassle free which I'd had last year after winning a subscription so went with it again. I know MD is sufficient and CyberLock will catch what's missed whatever is use, just what I decided to go with for now.
 

Pat MacKnife

Level 16
Verified
Top Poster
Well-known
Jul 14, 2015
778
ATP latest

https://www.av-test.org/fileadmin/_...auertest_Privat_Endergebnis_EN_3acfa68d86.jpg
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
ATP latest

https://www.av-test.org/fileadmin/_...auertest_Privat_Endergebnis_EN_3acfa68d86.jpg
@oldschool Thanks. I was too hasty in getting Emsisoft having slept on it so cancelled and got full refund. Time to just review my setup
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
Back to the configuration I had at the start of the year, MD (DefenderUI), CyberLock, WFC. Got refunded for Emsisoft it's good but updates brought system to a crawl. I was debating between DefenderUI and ConfigureDefender but I'm using CL so the former made sense. Open to suggestion though. CF .8012 runs okay though not perfect and with certificate issue ongoing for 3 weeks now, I'm just holding off until that gets fixed before considering that again.

Oh and it's my 50th Birthday today :D
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
Removed DefenderUI to test out an issue where laptop camera not detected. A hard reset resolved it but a strange anomoly and not sure if related to DefenderUI or not. Anyway, taken it off for now and see if it's something else causing it. Also reset CyberLock Whitelist which was over 900 files. I should schedule some reminder or it might be cool to have the option in CL to reset every so many days. @danb

I've also taken WFC also off temporarily while I update to 24H2. Feel like stripping things back and maybe just adding @Andy Ful 's FirewallHardening and ConfigureDefender.

We'll see how 24H2 install goes and then see.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
The camera issue I did have hasn't resurfaced.

Tested out updated CIS 2025 which work smoothly though not committed to it consistently. I'd love to find a workaround for the currently discussed issues here but hardening windows along side CiS/CF is overkill. CL does block that cmd script test when I tested with a similar style test AntivirusDefender10 but probably something for Comodo to fix as and when that happens. Still keeping an eye out for real world examples of malware abusing lolbins in this way but I'm sure some actual testers will have far more of a clue than I do. I do think the solution is windows hardening or CL in the interim.

Firefox and Edge keeps being swapped out as primary. Firefox just faster at times and I like that I can still use uBO

Currently, just staying with pinned post setup for the moment though CD runs fine with CL, you just have to allow the cmd script and CL will eventually remember the allow. WFH does work with CL but in the case of WFC, it's not picked up so I'll be manually adding those at some point, even if to save them as a file which I'll upload here once done.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
Okay, was a little tedious but manually added the WindowsFirewallHardening list to WFC. I had to go into each folder and select them and with Shell Integration enabled, right clicked what I had of them and blocked. I might put the saved rule file somewhere for people who want it but just as easy to do it yourself if you have the spare time.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
Just a small update to WFC, Added AndyFul's WFH recommended rules and Enabled Documents Anti-Exploit Tool

WFC - Medium Filtering, Notifications Enabled. (Manually added FWH Rules as WFC can overwrite FirewallHardening Tool implemented rules
FirewallHardening Tool - Recommended H_C Rules
Documents_Anti-Exploit Tool - ON/ON2/ON/ON

Do do continue to bounce somewhat between setups experimenting with CIS or CF. As we're in the latter part of the year not sure if much will change with the coming year. I have a further year of CL already which I enjoy using so we'll see what layers with that are to come. I kind of like the ideal of CL / DefenderUI and CF though overkill Comodo will probably always feature in my setup in some form now and then.
WFC has caused some net lag from time to time but not consistently so still identifying if the issue. there are other firewalls and even CF has been popping back into the picture and I can still have the WFH rules that work and no issue with anti-exploit addition. Another possibility is just using Windows Firewall as WFH covers LOLbins and CL is set to create block rules for Unsafe files.

Anyway, enough rambling. Was just doing a minor tweak this week.
*Edits just to tweak wording*
 
Last edited:

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,206
Since I was goign down the FWH, Documents AntiExploit and even CD over DefenderUI, I'm trialing H_C, CD, FWH with CL even though there's a H_C overlap with CL and putting Defenderui and WFC on the back burner for this test. So far, quick and smooth without issue. Just fancied trying it out to check for any conflicts while I was in between other things today. Hard to find the perfect solution and no solution is 100%.

EDIT: It is overkill and I should just pick H_C or CL if I'm using this setup rather than CIS or paid product like Emsisoft.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top