Latest Changes
May 15, 2019
Operating System
Windows 10
Windows Edition
Home
Build
1809
System Architecture
64-bit OS
Security Updates
Automatic Updates - All security and feature updates
User Access Control
Always Notify
Firewall
Windows Firewall - Network security provided by Microsoft
Device Security
Windows Defender SmartScreen (Windows 10)
User Account
Standard - User has some control over the settings
Recent Security Incidents
No malware or privacy issues
Malware Testing
None - No Malware on host PC or VM
Real-time Web & Malware Protection
Comodo antivirus 12.0.0.6818
Custom Settings For Real-Time Protection
Custom - Major changes for Increased Security
Custom Settings For Real-Time Protection Details
Comodo antivirus : proactive configure enabled
Virus and Malware Removal Tools
Malwarebytes Adwcleaner
Zemana free 3.0
Emsisoft emergency kit
Browsers and Extensions
Google chrome:
- Ublock Origin ( medium mode)
- Bitwarden password manager
- Blocksi
Web Privacy
Chrome://Flags;
Anonymize local IPs exposed by WebRTC - enabled
Smooth Scrolling - disabled
Enable AppContainer Lockdown - enabled
TLS 1.3 downgrade hardening - enabled
Framebusting requires same-origin or a user gesture - enabled
NoState Prefetch - enabled
Autoplay policy - document user activate required
Parallel downloading - enabled
Mark non-secure origins as non-secure - enabled ( mark as actively dangerous)
Enable GPU AppContainer Lockdown - enabled
PDF Isolation - enabled
Block unsafe downloads over insecure connections - enabled
Request Advanced Protection verdicts when inspecting downloads - enabled

Verisign DNS;
64.6.64.6
64.6.65.6
Password Management
Bitwarden
Default Web Search
Google
System Utilities
Bleachbit
Privazer
Data Backup
External drive
Frequency of Data backups
Monthly
System Backup
Aomei backupper Free
Frequency of System backups
Regularly
Computer Activity
PC Gaming
Online banking
Browsing web and email
Install new programs on a weekly basis
Watch movies and other entertainment content on the Internet
Shared device is used by family members
Computer Specifications
Asus m5A97
AMD FX-6300 @ 3.8ghz
MSI GTX-970
HDD 1TB
8GT Kingston Ram, @1600Hz

Moonhorse

Level 25
Content Creator
Verified
29.3.2019

Added comodo firewall, due i need the sandbox

Firefox stable as secondary browser;
-Cloudflare DNS; on firefox network.trr.mode=2

On firefox:
about:config>
- Resist.fingerprint
- Disable WebRTC

Extensions:
- ublock origin
- privacy possum
- decentraleyes
- malwarebytes extension
- netcraft
- bitwarden
 

Moonhorse

Level 25
Content Creator
Verified
I think this is an overkill setup + too many extensions, but just my opinion. :)
overkill how? CF is working as anti-exploit + i use sandbox for tor/firefox

About extensions i could cut off decentraleyes, but rest are fine. Im using ublock origin in medium mode

I know that H_C + CF are both working as default deny, but its the H_C + Smartscreen wich will block exe. first.

If it manages to pass that, cf will sandbox it anyways, its not like CF is going to slow down system or anything and in other hand i could just allow exe. on H_C and setup CF on CS settings, ( currently its just proactive on)


But to be honest im as fine without comodo firewall, just want to see that if 12 brings anything new & im anyways going to clean install system after april update > set up the H_C once again
 
Last edited:

Moonhorse

Level 25
Content Creator
Verified
4.4.2019

Just updated the config. I tried out linux mint, the 4g modem im using didnt work on it so i had to cancel that movement. I couldve used Wifi, but the network speed probably would have dropped a bit

before using linux mint i couldnt get newest cumulative microsoft update to run > comodo firewall was blocking it

So after linux mint failure, i re-installed windows 10 and the current setup is:

Realtime protection: Windows defender + configure defender (max settings) + controlled folder access enabled
Web filtering : malwarebytes extension + netcraft
Browser: Google chrome + google search
Adblocker: nano adblock + nano defender
DNS: neustar recursive DNS

I always could add OSA, since its easiest to make /disable rules over syshardener

I have gave up with comodo firewall + H_C for now
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now
Good idea. It is a very good default-deny setup. The only weak point is the potential incompatibility with Windows 10 Updates, but there is a possibility to defer updates in ver. 1903, so the user can always turn off default-deny when updating and force CF to check the new files after update. If some system files will be recognized as unsafe, then they can be changed manually to safe. Next, the autosandbox can be turned ON. Another thing that can be done is removing many unnecessary entries from Trusted Vendor List to avoid bypassing CF by signed malware.
 

imuade

Level 7
Verified
I ended up installing comodo firewall with windows defender, because it just works. This time with auto-block instead of cs settings...corrected on config from now
Sorry to repeat this, but if you install comodo antivirus and set auto containment to block unknown, you can reach the same protection level with less risk of incompatibility and without the need of Windows defender :)
 

Moonhorse

Level 25
Content Creator
Verified
Sorry to repeat this, but if you install comodo antivirus and set auto containment to block unknown, you can reach the same protection level with less risk of incompatibility and without the need of Windows defender :)
Yes ill get it, the comodo cloud didnt work for me but antivirus should do, since the auto containment is same than in firewall
(y)
Personally i just like the windows defender over comodo antivirus
 

Moonhorse

Level 25
Content Creator
Verified
Update 18.4.2019

- Removed comodo firewall

Clean install:
Realtime protection: Windows defender + Configuredefender (max settings)
Browser: google chrome

Chrome flags enabled:
  • block downloads over insecure connections
  • Anonymize WebRTC
  • Disable smooth scrolling
  • Enable GPU appcontainer lockdown
  • Enable appcontainer lockdown
  • TLS 1.3 downgrade hardening
Extensions:

  • Ublock origin ( default filters + ''1hosts mini'' + ''cleaner news sites'' + ''nocoin'' + ''fanboys annoyances'')
  • Netcraft
  • Emsisoft browser security (replaced malwarebytes extensions, because MBE has bigger CPU time in overall)
  • Bitwarden

Disappointed when using cloudflare on my phone as DNS/VPN and replaced it on desktop to NEUSTAR Recursive

Note: No system utilities installed anymore, i only debloated candy crush saga etc. games but kept rest.
System settings : I have disabled most of services manually without any 3rd party program and only windows defender is allowed to run background of windows apps
 

LDogg

Level 28
Verified
Sounds like you have a smooth running Windows 10 system! Without all the stupid bloatware which Windows 10 comes in with every update.

~LDogg
 
  • Like
Reactions: Moonhorse

Moonhorse

Level 25
Content Creator
Verified
Sounds like you have a smooth running Windows 10 system! Without all the stupid bloatware which Windows 10 comes in with every update.

~LDogg
i usually remove everything with geek uninstaller i can, except gallery + some edgehtml tools

But since i did clean install today ( plugged in new monitor in aswell today) i did read few days ago the forum post and answer of andy, where he did say you should not remove all bloat or chance the settings that much since windows knows whats best for it

I try to keep my build as original as windows is, except the rules of configure defender + may build will provide alot improvements + chromium edge
 
  • Like
Reactions: oldschool

LDogg

Level 28
Verified
i usually remove everything with geek uninstaller i can, except gallery + some edgehtml tools

But since i did clean install today ( plugged in new monitor in aswell today) i did read few days ago the forum post and answer of andy, where he did say you should not remove all bloat or chance the settings that much since windows knows whats best for it

I try to keep my build as original as windows is, except the rules of configure defender + may build will provide alot improvements + chromium edge
Definitely makes a lot of sense in doing a clean install this way and then debloating the rest of the crap that appears on each update which does get annoying.

~LDogg
 
  • Like
Reactions: Moonhorse