Advanced Plus Security Moonhorse's Security Config 2019

Last updated
Nov 18, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Sophos home premium FREE
Comodo firewall
Firewall security
About custom security
Comodo firewall on internet security config
Periodic malware scanners
Emsisoft emergency kit
Malwarebytes adwcleaner
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Firefox stable channel (70.0.1 currently)

Extensions:
- Ublock origin
- Bitwarden
- Bitdefender trafficlight

About:config
- network.trr.mode = 2
- media.peerconnection.enabled = false
- security.secure_connection_icon_color_gray = false
- security.identityblock.show_extended_validation = true
Maintenance tools
Geek uninstaller
File and Photo backup
External drive
System recovery
Aomei backupper Free
Risk factors
    • Gaming
    • Logging into my bank account
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
Asus m5A97
AMD FX-6300 @ 3.8ghz
MSI GTX-970
HDD 1TB
8GT Kingston Ram, @1600Hz

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
29.3.2019

Added comodo firewall, due i need the sandbox

Firefox stable as secondary browser;
-Cloudflare DNS; on firefox network.trr.mode=2

On firefox:
about:config>
- Resist.fingerprint
- Disable WebRTC

Extensions:
- ublock origin
- privacy possum
- decentraleyes
- malwarebytes extension
- netcraft
- bitwarden
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I think this is an overkill setup + too many extensions, but just my opinion. :)
overkill how? CF is working as anti-exploit + i use sandbox for tor/firefox

About extensions i could cut off decentraleyes, but rest are fine. Im using ublock origin in medium mode

I know that H_C + CF are both working as default deny, but its the H_C + Smartscreen wich will block exe. first.

If it manages to pass that, cf will sandbox it anyways, its not like CF is going to slow down system or anything and in other hand i could just allow exe. on H_C and setup CF on CS settings, ( currently its just proactive on)


But to be honest im as fine without comodo firewall, just want to see that if 12 brings anything new & im anyways going to clean install system after april update > set up the H_C once again
 
Last edited:

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
31.3.2019

Antivirus + firewall:
- Windows defender
- Comodo firewall 12; config = proactive security

Swapped to comodo secure DNS as i enabled it on installer

Mostly edited the config above to meet nowadays config
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
4.4.2019

Just updated the config. I tried out linux mint, the 4g modem im using didnt work on it so i had to cancel that movement. I couldve used Wifi, but the network speed probably would have dropped a bit

before using linux mint i couldnt get newest cumulative microsoft update to run > comodo firewall was blocking it

So after linux mint failure, i re-installed windows 10 and the current setup is:

Realtime protection: Windows defender + configure defender (max settings) + controlled folder access enabled
Web filtering : malwarebytes extension + netcraft
Browser: Google chrome + google search
Adblocker: nano adblock + nano defender
DNS: neustar recursive DNS

I always could add OSA, since its easiest to make /disable rules over syshardener

I have gave up with comodo firewall + H_C for now
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,601
I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now
Good idea. It is a very good default-deny setup. The only weak point is the potential incompatibility with Windows 10 Updates, but there is a possibility to defer updates in ver. 1903, so the user can always turn off default-deny when updating and force CF to check the new files after update. If some system files will be recognized as unsafe, then they can be changed manually to safe. Next, the autosandbox can be turned ON. Another thing that can be done is removing many unnecessary entries from Trusted Vendor List to avoid bypassing CF by signed malware.
 

imuade

Level 12
Verified
Top Poster
Well-known
Jul 29, 2018
566
I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now
Sorry to repeat this, but if you install comodo antivirus and set auto containment to block unknown, you can reach the same protection level with less risk of incompatibility and without the need of Windows defender :)
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Sorry to repeat this, but if you install comodo antivirus and set auto containment to block unknown, you can reach the same protection level with less risk of incompatibility and without the need of Windows defender :)
Yes ill get it, the comodo cloud didnt work for me but antivirus should do, since the auto containment is same than in firewall
(y)
Personally i just like the windows defender over comodo antivirus
 

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Update 18.4.2019

- Removed comodo firewall

Clean install:
Realtime protection: Windows defender + Configuredefender (max settings)
Browser: google chrome

Chrome flags enabled:
  • block downloads over insecure connections
  • Anonymize WebRTC
  • Disable smooth scrolling
  • Enable GPU appcontainer lockdown
  • Enable appcontainer lockdown
  • TLS 1.3 downgrade hardening
Extensions:

  • Ublock origin ( default filters + ''1hosts mini'' + ''cleaner news sites'' + ''nocoin'' + ''fanboys annoyances'')
  • Netcraft
  • Emsisoft browser security (replaced malwarebytes extensions, because MBE has bigger CPU time in overall)
  • Bitwarden

Disappointed when using cloudflare on my phone as DNS/VPN and replaced it on desktop to NEUSTAR Recursive

Note: No system utilities installed anymore, i only debloated candy crush saga etc. games but kept rest.
System settings : I have disabled most of services manually without any 3rd party program and only windows defender is allowed to run background of windows apps
 

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
Sounds like you have a smooth running Windows 10 system! Without all the stupid bloatware which Win10 comes in with every update.

~LDogg
 
  • Like
Reactions: Moonhorse

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Sounds like you have a smooth running Windows 10 system! Without all the stupid bloatware which Windows 10 comes in with every update.

~LDogg
i usually remove everything with geek uninstaller i can, except gallery + some edgehtml tools

But since i did clean install today ( plugged in new monitor in aswell today) i did read few days ago the forum post and answer of andy, where he did say you should not remove all bloat or chance the settings that much since windows knows whats best for it

I try to keep my build as original as windows is, except the rules of configure defender + may build will provide alot improvements + chromium edge
 
  • Like
Reactions: oldschool

LDogg

Level 33
Verified
Top Poster
Well-known
May 4, 2018
2,261
i usually remove everything with geek uninstaller i can, except gallery + some edgehtml tools

But since i did clean install today ( plugged in new monitor in aswell today) i did read few days ago the forum post and answer of andy, where he did say you should not remove all bloat or chance the settings that much since windows knows whats best for it

I try to keep my build as original as windows is, except the rules of configure defender + may build will provide alot improvements + chromium edge
Definitely makes a lot of sense in doing a clean install this way and then debloating the rest of the crap that appears on each update which does get annoying.

~LDogg
 
  • Like
Reactions: Moonhorse

Moonhorse

Level 38
Thread author
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
21.4.2019

+ added runbysmartscreen
+ added documents anti-exploit

+ forticlient web filter replaces emsisoft browser security


Using developer edge as browsing browser + google chrome for banking
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top