Advanced Plus Security ErzCrz Security Config 2024

Last updated
Oct 7, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
DefenderUI
CyberLock
WFC
Firewall security
Other - Internet Security (3rd-party)
About custom security
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
DefenderUI - Recommended
WindowsFirewallControl - Medium/Display Notifications
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with UBOLite in Complete Mode
Secondary - Firefox with uBO in Medium Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x or KeePassXC whichever is my flavour of the month though they use the same database file.
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Subscriptions
    • None
System recovery
AOMEI System Backup Monthly to external drive.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.
20.11.2024 - WFH and Anti-Exploit added as protection layers.
10.12.2024 - Swapped DefenderUI For ConfigureDefender and Dropped WFC
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
----------------------------------------
14.12.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

F

ForgottenSeer 100397

Kind of short lived, just checking on some game playing glitch I've experienced with it. It only happened when CF whitelisted some windows apps while the game was playing. Hmm. When in doubt go back to WD H_C with CFA enabled.
In CF, try excluding the game in the "Don't detect shellcode injections" setting.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Re-evaluating UBO rules. Something is slowing my browsing down by 5mbps. I think it's something to do with my dynamic rules but need to look into it and maybe simplified medium mode or something.

Dynamic rules and Static attached but a lot of those rules are allowing pop-ups and some white listing. Anyway, something to delve into at the weekend ;)
 

Attachments

  • my-ublock-dynamic-rules_2023-06-29_21.17.02.txt
    4.8 KB · Views: 281
  • my-ublock-static-filters_2023-06-29_21.17.26.txt
    1.4 KB · Views: 118

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
I think it's something to do with my dynamic rules but need to look into it and maybe simplified medium mode or something.
Took a quick look at your rules but don't see a solution for you. Looks like you're using some version of easy medium mode now. Have you tried straight medium mode? I find it's easier to troubleshoot issues. Just couldn't get comfortable with easy medium as troubleshooting involves deciphering filter list issues. My advice is to backup your rules and filters and use default lists to see the speed difference. Classic advanced mode should be faster than everything else.

I'm not much of a rule writer but check if this is the cultprit.
Code:
! Block beacons, plugins and websockets everywhere
||*$ping,object,websocket
 
Last edited:

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Took a quick look at your rules but don't see a solution for you. Looks like you're using some version of easy medium mode now. Have you tried straight medium mode? I find it's easier to troubleshoot issues. Just couldn't get comfortable with easy medium as troubleshooting involves deciphering filter list issues. My advice is to backup your rules and filters and use default lists to see the speed difference. Classic advanced mode should be faster than everything else.

I'm not much of a rule writer but check if this is the cultprit.
Code:
! Block beacons, plugins and websockets everywhere
||*$ping,object,websocket
Thank mate :) Yeah, time to make things a bit simpler for a bit and start fresh .
 
F

ForgottenSeer 97327

Straight medium mode blocks more than easy medium mode, so that can't be the solution.

@ErzCrz I suggest you change the line @oldschool pointed out to

|HTTP://*$ping,object,websocket

This limits those blocks to unsecure websites. As a last resort, you could entirely remove the websocket parameter.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Straight medium mode blocks more than easy medium mode, so that can't be the solution.

@ErzCrz I suggest you change the line @oldschool pointed out to

|HTTP://*$ping,object,websocket

This limits those blocks to unsecure websites. As a last resort, you could entirely remove the websocket parameter.
Thanks @Max90 swapping that rule out seems to have done the trick.

So basic static rules now:
! Block beacons, plugins and websockets everywhere
|HTTP://*$ping,object,websocket

! Block potentially unsafe third-party content to unencrypted websites
|HTTP://*$third-party,~document,~stylesheet,~image,~media

! Block opening webpages on top level domains and countries I never visit
||*$document,domain=~com|~info|~io|~eu|~net|~org|~uk|~ms|~leg.wa.gov

What would you change from these dynamic rules? or keep them as they are?

* * 3p block
* * 3p-frame block
* * 3p-script block
* com * noop
* eu * noop
* info * noop
* io * noop
* net * noop
* org * noop
* uk * noop
 
F

ForgottenSeer 97327

Well, I sort of adopted the tips of Jan Willy, with some changes, first you would need to go to SETTINGS and click on the WHEELS behind the option "I am advanced user" You will be presented a screen with a lot of options. Look for the option " filterAuthorMode" (on my screenprompt it is at line #26) and change false to true and click the apply changes button.

Now we check whether this change from advanced user to expert user was successful and open a website and check whether you see a GREEN allow option in the uBO control panel (besides the GREY noop and RED block option). See picture below.

When that is all good you can remove the MyRules below
* * 3p block
* * 3p-frame block
* * 3p-script block
* com * noop
* eu * noop
* info * noop
* io * noop
* net * noop
* org * noop
* uk * noop


And add the rules below in the MyFiles

! Block beacons, obsolete plugins and websocket biderectional data connections on insecure websites
|HTTP://*$ping,object,websocket,important

! Block potentially unsafe third-party content linking to unsafe unencrypted websites
|HTTP://*$third-party,~document,~stylesheet,~image,~media,important

! Warn when opening webpages on top level domains and countries I never visit
||*$document,domain=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

! Block third-party scripts and frames linking to top level domains and countries I never visit
||*$third-party,script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

That is it. now you have easy medium mode applied in My Filters with an option to overrule it with dynamic filtering by simply choosing allow (GREEN) as show here with SMARTOCTO.com (just as example) which was blocked by a filter list i use.

1697293089383.png


Benefits of JanWilly's easy medium mode over Kees1958 easy medium mode
1. You still got the power of dynamic filtering. With Kees1958 generic rules overrule specific rules so you can' t weed-out a specific website from third-party annoyances nor upgrade security temporarily by going into hardmode when playing with malware links. With JanWill's approach you still can apply hard mode (for a specific website) and NOOP only a few third-party domains (weeding out a website)
2. You have the ALLOW option to overrule the easy medium mode filtering you setup in MY Files (in fact with green you override any filter).

IMPORTANT: you must understand the difference between grey-NOOP (ignore dymanic filtering only) and green-ALLOW (overrule ALL filters), hence only use ALLOW for the second (third-party) column on a specific website.
 
Last edited by a moderator:

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Well, I sort of adopted the tips of Jan Willy, with some changes, first you would need to go to SETTINGS and click on the WHEELS behind the option "I am advanced user" You will be presented a screen with a lot of options. Look for the option " filterAuthorMode" (on my screenprompt it is at line #26) and change false to true and click the apply changes button.

Now we check whether this change from advanced user to expert user was successful and open a website and check whether you see a GREEN allow option in the uBO control panel (besides the GREY noop and RED block option). See picture below.

When that is all good you can remove the MyRules below
* * 3p block
* * 3p-frame block
* * 3p-script block
* com * noop
* eu * noop
* info * noop
* io * noop
* net * noop
* org * noop
* uk * noop


And add the rules below in the MyFiles

! Block beacons, obsolete plugins and websocket biderectional data connections on insecure websites
|HTTP://*$ping,object,websocket,important

! Block potentially unsafe third-party content linking to unsafe unencrypted websites
|HTTP://*$third-party,~document,~stylesheet,~image,~media,important

! Warn when opening webpages on top level domains and countries I never visit
||*$document,domain=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

! Block third-party scripts and frames linking to top level domains and countries I never visit
||*$script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

That is it. now you have easy medium mode applied in My Filters with an option to overrule it with dynamic filtering by simply choosing allow (GREEN) as show here with SMARTOCTO.com (just as example) which was blocked by a filter list i use.

View attachment 279116

Benefits of JanWilly's easy medium mode over Kees1958 easy medium mode
1. You still got the power of dynamic filtering. With Kees1958 generic rules overrule specific rules so you can' t weed-out a specific website from third-party annoyances nor upgrade security temporarily by going into hardmode when playing with malware links. With JanWill's approach you still can apply hard mode (for a specific website) and NOOP only a few third-party domains (weeding out a website)
2. You have the ALLOW option to overrule the easy medium mode filtering you setup in MY Files (in fact with green you override any filter).

IMPORTANT: you must understand the difference between grey-NOOP (ignore dymanic filtering only) and green-ALLOW (overrule ALL filters), hence only use ALLOW for the second (third-party) column on a specific website.
Nice one thanks :D
 

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
Well, I sort of adopted the tips of Jan Willy, with some changes,...
Yes, it's your interpretation. Nothing wrong with that, but I try to stay as close as possible to the intentions of the uBO-developer and of my inspirers, Kees1958 and Lenny_Fox.
So the basis of my tracker blocking will always be dynamic filtering, without using the allow option.
You allowed smartocto.com. It means that no blocking rule will be applied. At default uBO blocks three third party scripts, without breaking the site. So why allowing everything? Or is there still some blocking on DNS level?
! Warn when opening webpages on top level domains and countries I never visit
||*$document,domain=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov
With this rule you block opening sites with uncommon TLD's. So all content (included third party content) will be blocked. No need for your rule ||*$script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov
In fact this rule reminds of a conversion of a dynamic rule in a static rule (with whitelisting regular TLD's).
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
So the basis of my tracker blocking will always be dynamic filtering, without using the allow option.
You allowed smartocto.com. It means that no blocking rule will be applied. At default uBO blocks three third party scripts, without breaking the site. So why allowing everything?
Which is why @gorhill removed the allow option from default setup. Too many users misunderstood and/or abused the "allow" feature. I don't even know why it's still available as a hidden switch.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I have been following scam site wich is identyfying itselfs as banking site, not single antivirus will flag it and it has TLD of .info

Should i make rules on adguard, install malwarebytes with TLD blocking or third option that is?
 
F

ForgottenSeer 97327

Yes, it's your interpretation. Nothing wrong with that, but I try to stay as close as possible to the intentions of the uBO-developer and of my inspirers, Kees1958 and Lenny_Fox.
So the basis of my tracker blocking will always be dynamic filtering, without using the allow option.
You allowed smartocto.com. It means that no blocking rule will be applied. At default uBO blocks three third party scripts, without breaking the site. So why allowing everything? Or is there still some blocking on DNS level?

With this rule you block opening sites with uncommon TLD's. So all content (included third party content) will be blocked. No need for your rule ||*$script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov
In fact this rule reminds of a conversion of a dynamic rule in a static rule (with whitelisting regular TLD's).
Yes, error that rule misses third-party . Also document rule throws a warning, which csn be bypassed, so technically not a block

Also allow rule is third-party for that specific website only as I explained. And it was only an example.
 
Last edited by a moderator:
F

ForgottenSeer 97327

Which is why @gorhill removed the allow option from default setup. Too many users misunderstood and/or abused the "allow" feature. I don't even know why it's still available as a hidden switch.
Duhh, what did I explain at the bottom? :)

Your remark makes sense for average users, but I don't think you nor Jan Willy would be making such mistakes
:)
 
Last edited by a moderator:
F

ForgottenSeer 97327

With Kees1958 approach you sacrifice dynamic filtering for the implementation of easy medium mode. What I thought to be a brilliant idea of Jan Willy to move it to static filtering you still have the option to apply medium or hard mode for certain websites or use synamic filtering to weed-out a website (block third-party rubbish). Seems that I made a misinterpretation, but I use "my interpretation of Jan Willy's tip" for nearly over a year now and it works perfectly. See for instance picture below where I weed-out (block) some third-party stuff not adding any usefull content to ESPN.nl.

1697317271777.png
 

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
but I use "my interpretation of Jan Willy's tip" for nearly over a year now and it works perfectly.
To be clear: I wrote about uBO medium mode simulation in AG browser extension. Of course I would never use it in uBO itself. View:
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
To be clear: I wrote about uBO medium mode simulation in AG browser extension. Of course I would never use it in uBO itself. View:
Thanks Jan, given that chrome removing all MV2 extensions in January 2024 An update to the transition of Chrome extensions to Manifest V3 I am keeping an eye out on the uBO lite and Adguard experimental. Did use AG for a period of time but found it slowed browsing when I tried it.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top