Advanced Plus Security ErzCrz Security Config 2025

Last updated
Jun 15, 2025
How it's used?
For home and private use
Operating system
Windows 11
Other operating system
N/A
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
ESET Security Essentials
CyberLock
RansomwareGuard
Firewall security
Other - Internet Security (3rd-party)
About custom security
ESET Security Essentials - Default Settings
Cyberlock - ON - Firewall Rules for Unsafe Items. SmartFirewall Recommended, Require Captcha to exit.
RansomwareGuard
Periodic malware scanners
Malwarebytes On Demand
Emsisoft
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with Osprey, uBlock Origin Lite & ESET
Secondary: Firefox with uBlock Origin & Osprey Browser Extension & ESET
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
AOMEI Backupper Pro - Monthly Full Backups & Weekly Differential Backups
Subscriptions
    • None
System recovery
Lenovo Built in Recovery, AOMEI Backupper Pro Recovering Environment & Bootable USB
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
ErzCrz Laptop Specs 2025
Notable changes
See First Post Spoilers
08.02.2026 - 2026 setup - ESET Security Essentials, CyberLock, RansomwareGuard
----------------------------------------
Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

Moonhorse said:
Its fine to try out different setups/configs, i do that often myself too

I meant to be referring on cruelsisters video where its easier to disable windows firewall by malware than comodo firewall, so i rather use comodo firewall over windows firewall if possible...but cf+cl+dui is maybe too much for someone ( if it works for you thats okay to keep it then )
Click to expand...
Thanks. Although overkill CF with CL and DUI works fine together without issue. I was experimenting with full CIS but I'd rather have MD's detection alongside CF's containment. CL's really good and prevented Andy's test of disabling AV services cmd /dll bypass.
 
  • Like
Reactions: Sorrento and Moonhorse
No update at the moment, just been bouncing between CFW .8012 and WFC since Comodo certificate issue will take a further 1-2 weeks until the new installers come out. I have been looking around a bit at AVs all seems to be around the £30-39 rate with Emsisoft and Malwrebytes in the lower of that bracket but with CyberLock running and accompanied by DefenderUI there's no point moving to a different AV from MD. Reading some more into optimizing/hardening windows firewall (I can use @Andy Ful 's WFH of course) though with WFC not detecting those rules I might have to manually add them to WFC rules as WFC can override those.
 
  • Like
Reactions: Moonhorse, oldschool and Gandalf_The_Grey
I decided today to renew Emsisoft Anti-Malware Home which served me well last year. It was just £30 which is right in my price range. I did debate about Emisoft but it's £15 more per year for the Premium and £5 more for the basic Eset protection. Emsisoft runs well and does what it does without hassle. Also controls WF and CyberLock is my backup 0-day which also creates WF rules for blocked files.

Emsisoft uses between 600 and 800mb RAM with memory optimization disabled. With my 16-gig ram and i5-12500H chip running a full screen game, 12 edge tabs open and Thunderbird in the background I still have 5-6 gig ram free and CPU only at around 35% so it's not affecting performance.

Anyway, thought it was time for a change and if I get super paranoid I can add CF .8012 again at some point though waiting on this certificate resolution is getting a bit long in the tooth.

Part of the reason not relying on MD is that I have Win 11 Home, I don't have Pro and don't have office 365 so I miss out on added protection from those and I'd rather pay the £30 to Emsisoft rather than £80+ to Microsoft for office and extra features.

Oh and I turn 50 this coming Monday so that's a thing :D
 
  • Like
Reactions: Sorrento, Moonhorse, Gandalf_The_Grey and 1 other person
oldschool said:
What added protection is that? 🤔All Defender advanced settings are still available, etc.
Click to expand...
I think it's things like ATP and Sandboxing but maybe that's all changed these days. I expect ConfigureDefender and this hardening programs cover those. I was just fancying a change. Emsisoft is constantly updated and hassle free which I'd had last year after winning a subscription so went with it again. I know MD is sufficient and CyberLock will catch what's missed whatever is use, just what I decided to go with for now.
 
  • Like
Reactions: cryogent, Sorrento and Gandalf_The_Grey
ATP latest

https://www.av-test.org/fileadmin/_...auertest_Privat_Endergebnis_EN_3acfa68d86.jpg
www.av-test.org

ATP endurance test: 31 security products for 6 months in the advanced Windows 10 test

Security products for consumer users and corporate users are faced with a formidable task. They have to protect systems around the clock and deal with the latest threats. Sometimes the products detect the attackers immediately – but sometimes only in a further defensive step. This is precisely...
www.av-test.org www.av-test.org
 
  • Like
Reactions: cryogent, ErzCrz, oldschool and 1 other person
Pat MacKnife said:
ATP latest

https://www.av-test.org/fileadmin/_...auertest_Privat_Endergebnis_EN_3acfa68d86.jpg
www.av-test.org

ATP endurance test: 31 security products for 6 months in the advanced Windows 10 test

Security products for consumer users and corporate users are faced with a formidable task. They have to protect systems around the clock and deal with the latest threats. Sometimes the products detect the attackers immediately – but sometimes only in a further defensive step. This is precisely...
www.av-test.org www.av-test.org
Click to expand...
@oldschool Thanks. I was too hasty in getting Emsisoft having slept on it so cancelled and got full refund. Time to just review my setup
 
  • Like
Reactions: cryogent, Sorrento, Pat MacKnife and 2 others
Back to the configuration I had at the start of the year, MD (DefenderUI), CyberLock, WFC. Got refunded for Emsisoft it's good but updates brought system to a crawl. I was debating between DefenderUI and ConfigureDefender but I'm using CL so the former made sense. Open to suggestion though. CF .8012 runs okay though not perfect and with certificate issue ongoing for 3 weeks now, I'm just holding off until that gets fixed before considering that again.

Oh and it's my 50th Birthday today :D
 
  • Like
  • Applause
Reactions: cryogent, Sorrento, Moonhorse and 6 others
Removed DefenderUI to test out an issue where laptop camera not detected. A hard reset resolved it but a strange anomoly and not sure if related to DefenderUI or not. Anyway, taken it off for now and see if it's something else causing it. Also reset CyberLock Whitelist which was over 900 files. I should schedule some reminder or it might be cool to have the option in CL to reset every so many days. @danb

I've also taken WFC also off temporarily while I update to 24H2. Feel like stripping things back and maybe just adding @Andy Ful 's FirewallHardening and ConfigureDefender.

We'll see how 24H2 install goes and then see.
 
  • Like
  • Wow
Reactions: cryogent, Sorrento, Gandalf_The_Grey and 2 others
The camera issue I did have hasn't resurfaced.

Tested out updated CIS 2025 which work smoothly though not committed to it consistently. I'd love to find a workaround for the currently discussed issues here but hardening windows along side CiS/CF is overkill. CL does block that cmd script test when I tested with a similar style test AntivirusDefender10 but probably something for Comodo to fix as and when that happens. Still keeping an eye out for real world examples of malware abusing lolbins in this way but I'm sure some actual testers will have far more of a clue than I do. I do think the solution is windows hardening or CL in the interim.

Firefox and Edge keeps being swapped out as primary. Firefox just faster at times and I like that I can still use uBO

Currently, just staying with pinned post setup for the moment though CD runs fine with CL, you just have to allow the cmd script and CL will eventually remember the allow. WFH does work with CL but in the case of WFC, it's not picked up so I'll be manually adding those at some point, even if to save them as a file which I'll upload here once done.
 
  • Like
Reactions: cryogent and Gandalf_The_Grey
Okay, was a little tedious but manually added the WindowsFirewallHardening list to WFC. I had to go into each folder and select them and with Shell Integration enabled, right clicked what I had of them and blocked. I might put the saved rule file somewhere for people who want it but just as easy to do it yourself if you have the spare time.
 
  • Like
Reactions: cryogent, harlan4096, oldschool and 1 other person
Just a small update to WFC, Added AndyFul's WFH recommended rules and Enabled Documents Anti-Exploit Tool

WFC - Medium Filtering, Notifications Enabled. (Manually added FWH Rules as WFC can overwrite FirewallHardening Tool implemented rules
FirewallHardening Tool - Recommended H_C Rules
Documents_Anti-Exploit Tool - ON/ON2/ON/ON

Do do continue to bounce somewhat between setups experimenting with CIS or CF. As we're in the latter part of the year not sure if much will change with the coming year. I have a further year of CL already which I enjoy using so we'll see what layers with that are to come. I kind of like the ideal of CL / DefenderUI and CF though overkill Comodo will probably always feature in my setup in some form now and then.
WFC has caused some net lag from time to time but not consistently so still identifying if the issue. there are other firewalls and even CF has been popping back into the picture and I can still have the WFH rules that work and no issue with anti-exploit addition. Another possibility is just using Windows Firewall as WFH covers LOLbins and CL is set to create block rules for Unsafe files.

Anyway, enough rambling. Was just doing a minor tweak this week.
*Edits just to tweak wording*
 
Last edited:
  • Like
Reactions: cryogent, toto_10 and oldschool
Since I was goign down the FWH, Documents AntiExploit and even CD over DefenderUI, I'm trialing H_C, CD, FWH with CL even though there's a H_C overlap with CL and putting Defenderui and WFC on the back burner for this test. So far, quick and smooth without issue. Just fancied trying it out to check for any conflicts while I was in between other things today. Hard to find the perfect solution and no solution is 100%.

EDIT: It is overkill and I should just pick H_C or CL if I'm using this setup rather than CIS or paid product like Emsisoft.
 
Last edited:
  • Like
Reactions: Gandalf_The_Grey and toto_10
Swapped out DefenderUI for ConfigureDefender and dropped WFC possibly just temporarily but with CL creating Firewall rules for unsafe files and FWH blocking LOLBins I think WFC not necessary with this setup. We'll see how it holds up but smooth and fine so far.

DefenderUI works fine, just trying out various options ahead of the year end and not sure whether WFH and Anti-Exploit is overkill with CL. Anyway, just a bit of a change.
 
Last edited:
  • Like
Reactions: Pat MacKnife, Gandalf_The_Grey, lokamoka820 and 1 other person
Just returned to the setup I started with this year. CyberLock works really well, DefenderUI pairs best with it, for me and WFC gives me that firewall control I need. It's still the best compromise of security and usability as well as being lightweight and very effective.

I have tested latest CIS but waiting on further development but happy to assist those who use it.
 
  • Like
Reactions: Moonhorse, Gandalf_The_Grey and oldschool
Just thinking ahead regarding security setup for the coming year. I'd like to avoid overkill so may be the same again this year but I'm not sure yet. The likes of CIS and CFW is overkill with CL though CL blocks only and I have run the two together in experimenting setups this year without issue. I'll probably just stick with CL WD DefenderUI WFC again as CL has proven great this year ;)
 
  • Like
Reactions: Moonhorse and oldschool
Using MD, DefenderUI, CyberLock, WFC again this year. I changed things up a lot this past year so the plan is to be more consistent this year. Waiting until next Comodo update before revisiting.

I have been thinking of changing AOEMI Backupper Free for something else. I had looked at Rescuezilla as I was considering just image backups but I get a error burning iso with Rufus. Hasleo seems to do well from what I've read but the installer is unsigned. Maybe I need a one off pay for solution or just keep using free AOEMI and my Seagate Toolkit for backing up documents etc.

Comodo Top Tip: DO NOT uncheck “Rate applications according to their vendor rating”!!
It makes CIS/CFW inaccessible & inoperable and you end up having to remove it with the uninstaller tool in safe mode.

Happy New Year!
 
  • Like
Reactions: Gandalf_The_Grey, porkpiehat and Captain Awesome

You may also like...