Latest Changes
Oct 8, 2019
Operating System
  • Windows 10
  • Windows Edition
    Home
    Version or Build no.
    18362.388 ( v. 1903 )
    System type
    64-bit operating system; x64-based processor
    Security Updates
    Automatic Updates (recommended)
    User Access Control
    Default
    Network Security (Firewall)
    Windows Defender Firewall
    Device Security
  • Windows Defender SmartScreen (Windows 10)
  • User Account
    Administrator
    Malware Testing
    I do not participate in downloading malware samples
    Real-time Web & Malware Protection
    Windows Defender
    RTP - Custom security settings
  • Major changes for Increased security
  • RTP - Details of Custom security settings
    Windows Defender tweaked by ConfigureDefender (everything ON, cloud protection set to Block)
    Virus and Malware Removal Tools
    1. HitmanPro
    2. AdwCleaner
    Browsers and Extensions
    Chromium portable (launched by chrlauncher) with:
    • Blocksi Web Filter
    • Close & Clean
    • Dark new tab
    • ublock origin
    • Windows Defender Browser Protection
    Privacy-focused Apps and Extensions
    1. CleanBrowsing DNS
    2. O&O shutup10
    3. Windows Privacy Dashboard
    Password Managers
  • None (integrated in the portable browser)
  • Web Search
  • Google
  • System Utilities
    1. Dism++
    2. Explzh
    3. FastStone viewer
    4. Geek uninstaller
    5. NVT SysHardener
    6. Privacy Eraser
    7. RAPR
    8. SUMo
    Data Backup
    Lazesoft Recovery Suite Home Edition
    Frequency of Data backups
    Monthly
    System Backup
    Lazesoft Recovery Suite Home Edition
    Frequency of System backups
    Regularly
    Computer Activity
  • Online banking
  • Browsing web and email
  • Computer Specifications
    MSI cubi i3 5005U

    imuade

    Level 9
    Verified
    It will be OK, if you do not change the settings of SysHardener or H_C.:giggle:
    But some functionality of H_C, related to whitelisting files with dangerous extensions and turning OFF some H_C settings, will be diminished.(y)
    Thanks for testing H_C again.:emoji_ok_hand:
    Well, SysHardener has 5 main sections:
    1. Windows Security Tweaks
    2. File Type Associations
    3. Windows Services
    4. Vulnerable Software
    5. Firewall
    I think sections 2, 3 and 5 are not (or only partially) covered by H_C.
    About 4, that is overlapping, but I prefer not to use generalistic SW (i.e. Adobe), so I don't care too much.
    The biggest issues could come from section 1, but I don't apply too many settings from SysHardener because I think H_C is stronger there :)
     

    Andy Ful

    Level 48
    Verified
    Trusted
    Content Creator
    Well, SysHardener has 5 main sections:
    1. Windows Security Tweaks
    2. File Type Associations
    3. Windows Services
    4. Vulnerable Software
    5. Firewall
    I think sections 2, 3 and 5 are not (or only partially) covered by H_C.
    About 4, that is overlapping, but I prefer not to use generalistic SW (i.e. Adobe), so I don't care too much.
    The biggest issues could come from section 1, but I don't apply too many settings from SysHardener because I think H_C is stronger there :)
    SysHardener is a very good security enhancement for an AV, when the user likes default-allow security setup. But it is redundant, when the user applied the H_C default-deny setup. Using H_C requires more skill and knowledge than using SysHardener, but SysHardener will be more usable for most users.
    1. Windows Security Tweaks: Some SysHardener tweaks are the default settings since Windows Vista. Many tweaks are not required in the default-deny setup. The rest is included in H_C.
    2. File Type Associations: H_C blocks all file extensions that are blocked by SysHardener (and about 30 more). This SysHardener feature will not work, because SRP will block the files with dangerous extensions, before they could be blocked by SysHardener.
    3. Windows Services: H_C blocks only those that can be dangerous. SysHardener blocks more, but they are rather related to privacy, and some others are simply not used (so may be disabled). Yet, there is a better software to block/unblock unused services: Easy Service Optimizer (Easy Service Optimizer v1.2).
    4. Vulnerable Software: SysHardener can harden additionally Foxit Reader and WPS Office, but those tweaks can be easily done within those applications. Both SysHardener and H_C can harden MS Office and Adobe Acrobat Reader, although the H_C settings are slightly stronger.
    5. Firewall: Not required in the H_C default-deny setup (look at @askalan tests on MH). Firewall rules are useful in SysHardener because it does not block some dangerous file extensions (CHM, CPL, LNK, etc.) which are blocked in H_C. Yet, if one wants to protect against LOLBins on a vulnerable system with vulnerable applications, then the firewall rules are rather useless. It is far better to block them with H_C.
    For 90% of H_C users, using SysHardener will be not recommended.
    Some advanced users, who know well how SysHardener and H_C work together, can get some advantage in rare situations.
     
    Last edited:

    imuade

    Level 9
    Verified
    Update 16/03/2019
    Removed Immunet, Windows 10 Firewall Control and Zemana Anti-malware portable
    Re-enabled Windows Defender (tweaked for performance)

    So, summarizing:
    • Web protection: k9
    • Antivirus: Windows Defender
    • Firewall: Windows Defender Firewall
    • Hardening: NoVirusThanks SysHardener + AndyFul's Hard_Configurator
    • Backup: Lazesoft Recovery Suite Home Edition
    k9 and H_C can take care of 99,99% of threats, WD is quite light if properly tweaked and using it reduces the chances of incompatibility issues
     

    oldschool

    Level 35
    Verified
    Update 16/03/2019
    Removed Immunet, Windows 10 Firewall Control and Zemana Anti-malware portable
    Re-enabled Windows Defender (tweaked for performance)

    So, summarizing:
    • Web protection: k9
    • Antivirus: Windows Defender
    • Firewall: Windows Defender Firewall
    • Hardening: NoVirusThanks SysHardener + AndyFul's Hard_Configurator
    • Backup: Lazesoft Recovery Suite Home Edition
    k9 and H_C can take care of 99,99% of threats, WD is quite light if properly tweaked and using it reduces the chances of incompatibility issues
    I've gotten rid of all the "extras" like yourself. (y) Notice how your machine just hums along nicely? Heck, I've got all WD settings enabled and no issues, blocks, conflicts of any kind!
     

    imuade

    Level 9
    Verified
    I've gotten rid of all the "extras" like yourself. (y) Notice how your machine just hums along nicely? Heck, I've got all WD settings enabled and no issues, blocks, conflicts of any kind!
    Yeah I also happen to go back to WD after I try other AVs.
    Being integrated in Windows is a great plus considering that Microsoft already messes up with updates :p
     

    Kyle_Katarn

    From KC Softwares
    Verified
    Developer
    There will be always some problems with application auto-updating when using default-deny setup. Personally, when the auto-update of some application is blocked, I simply turn OFF auto-updates for it, and perform manual updates. On Administrator account, it can be simply done by running the application via "Run As SmartScreen" and perform the update from application GUI. If the update requires the updater downloaded from the Internet, then the updater should be run via "Run As SmartScreen".
    Probably something like SUMO (www.kcsoftwares.com) updater can be useful, too.
    Thanks for recommending SUMo.
     

    imuade

    Level 9
    Verified
    Update 24/03/2019
    Removed Hard_Configurator
    Replaced Windows Defender with Comodo AntiVirus
    Replaced Bandizip with PeaZip

    I just wanna give CAV another try, on Comodo Forums I read the latest version (v11.0.0.6802) is quite stable.
    First impression is OK, my system wasn't broken :ROFLMAO:
    It's quite light on system resources
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    Update 24/03/2019
    Removed Hard_Configurator
    Replaced Windows Defender with Comodo AntiVirus
    Replaced Bandizip with PeaZip

    I just wanna give CAV another try, on Comodo Forums I read the latest version (v11.0.0.6802) is quite stable.
    First impression is OK, my system wasn't broken :ROFLMAO:
    It's quite light on system resources
    Let us know if you like it. :)
     

    imuade

    Level 9
    Verified
    Let us know if you like it. :)
    So far so good, boot time and shut down aren't noticeably affected.
    Even right after the start up, CPU and disk usage are nearly zero.
    The only "issue" I have is about the following errors in Windows Event Viewer:
    Error HTTP read from download.comodo.com/cis/download/installs/stl/authroot.stl.7z, httpCode: 404 Error Code: 0x80070002
    Error HTTP read from download.comodo.com/cis/download/installs/stl/whitelist.json.7z, httpCode: 404 Error Code: 0x80070002

    On Comodo Forums they said it's a non-issue, probably related with the update of the web filtering module, but it's strange because I don't have that module (I used the offline installer and check the AntiVirus only)
    Error, httpCode: 404 Error Code: 0x80070002 - Install / Setup / Configuration Help - CIS
     

    imuade

    Level 9
    Verified
    What are the recommended settings/tweaks for Comodo Antivirus? Similar to the tweaks of Comodo Cloud AV?
    Maybe you can tell a bit more...i'm interested
    CAV has more settings compared with CCAV.
    These are my tweaks:
    • General settings --> Configuration --> Enable Proactive Security (to increase security)
    • HIPS --> Disabled (to reduce alerts)
    • Containment --> Auto-containment --> Block unknown (similar to CCAV)
    • Containment --> Auto-containment --> Add exclusion for "Portable SW" folders (to reduce false positives, because I have several uncommon portable softwares that might be not whitelisted yet)
     

    shmu26

    Level 83
    Verified
    Trusted
    Content Creator
    CAV has more settings compared with CCAV.
    These are my tweaks:
    • General settings --> Configuration --> Enable Proactive Security (to increase security)
    • HIPS --> Disabled (to reduce alerts)
    • Containment --> Auto-containment --> Block unknown (similar to CCAV)
    • Containment --> Auto-containment --> Add exclusion for "Portable SW" folders (to reduce false positives, because I have several uncommon portable softwares that might be not whitelisted yet)
    @imuade now you have me confused. You installed CAV, but it has options for HIPS and Autocontainment. How is this program different from Comodo Internet Security, usually abbreviated as CIS?
    Or did you actually install CIS?
     

    imuade

    Level 9
    Verified
    @imuade now you have me confused. You installed CAV, but it has options for HIPS and Autocontainment. How is this program different from Comodo Internet Security, usually abbreviated as CIS?
    Or did you actually install CIS?
    When you install Comodo Internet Security (offline installer), you can check or uncheck two modules: Firewall and AntiVirus (Dragon and Secure Shopping are not available with the offline installer)
    Installation.png


    CIS is Firewall + AntiVirus
    CAV is AntiVirus only
    CFW is Firewall only
    No matter which one you install, you always get General Settings, HIPS, Containment, File Rating (cloud lookup) and Advanced Protection
    CIS.jpg

    CFW.jpg

    CAV.jpg
     
    Last edited:

    imuade

    Level 9
    Verified
    The advantage of using CIS (FW + AV) is that a malware running in the containment could connect to the internet and send out personal information, so the FW can block the connection and keep you safe.
    But if you set the auto-containment to block unknow (instead of virtualizing them), the malware will be blocked and won't be able to connect out, so the FW is not needed.
    And the FW module is the one which makes more stability problems (especially on Windows 10)