I clean-installed Windows 11 Pro 24H2 and am currently using Microsoft Defender and Firewall. I am deciding between using my preferred Comodo Firewall only or pairing Microsoft Defender with WHHLight Tools or CyberLock. Standalone Microsoft Defender and the pairings slow down the system a bit, while Comodo Firewall runs light. I like WHHLight Tools, but I might choose CyberLock for alerts over silent blocks. I am also considering standalone CyberLock with Always ON mode and some tweaks.
rashmi Security Config 2025
- Thread starter rashmi
- Start date
- Apr 28, 2015
- 9,396
- 1
- 84,813
- 8,389
I'll configure UAC to "Always Notify" if I select any of the stated pairings.
I will either choose Comodo Firewall or CyberLock. Defender causes system slowdowns. It delays taskbar appearance on boot and sometimes makes Explorer slow and unresponsive. Some apps also take longer to start. I noticed a 2x increase in backup time.
I have a GlassWire Firewall license. If I opt for CyberLock (Always ON), its zero-trust, smart firewall, and firewall options in WhitelistCloud should be enough. Should I also use GlassWire?
Firefox's color settings are not as pleasant as Chrome's dark mode flag for websites, but I will switch to Firefox, as most sites I visit have dark mode.
I have a GlassWire Firewall license. If I opt for CyberLock (Always ON), its zero-trust, smart firewall, and firewall options in WhitelistCloud should be enough. Should I also use GlassWire?
Firefox's color settings are not as pleasant as Chrome's dark mode flag for websites, but I will switch to Firefox, as most sites I visit have dark mode.
Last edited:
It's a matter of choice re: Glasswire. VS's smart firewall is similar to @Andy Ful's FWH tool. Glasswire will give you fine-grained control of WF.
Here's the setup I selected for our kids' Windows 11 Pro laptops:
ConfigureDefender (High)
FirewallHardening (LOLBins + MS Office)
Smart App Control (ON)
I handle all the kids' laptop downloads, installations, and updates. Only signed programs are on the kids' laptops, except for Hasleo Backup, which is unsigned. Should SAC prove troublesome, I'll disable it, set Cloud Protection Level to "Block," and enable "Block executables..." in ConfigureDefender.
Windows Firewall's "Block incoming connections..."—should I turn it on?
I'm considering using either Comodo Firewall or setting up ConfigureDefender with FirewallHardening. SAC blocked the extension of Ant Download Manager, which is an unsigned program. I run unsigned programs and experiment with new software, so SAC won't work for me.
ConfigureDefender (High)
FirewallHardening (LOLBins + MS Office)
Smart App Control (ON)
I handle all the kids' laptop downloads, installations, and updates. Only signed programs are on the kids' laptops, except for Hasleo Backup, which is unsigned. Should SAC prove troublesome, I'll disable it, set Cloud Protection Level to "Block," and enable "Block executables..." in ConfigureDefender.
Windows Firewall's "Block incoming connections..."—should I turn it on?
I'm considering using either Comodo Firewall or setting up ConfigureDefender with FirewallHardening. SAC blocked the extension of Ant Download Manager, which is an unsigned program. I run unsigned programs and experiment with new software, so SAC won't work for me.
Last edited:
You can try enabling all ASR rules on children's laptops (except LSASS if Core Isolation is enabled) and ignoring rare blocks.
SAC can miss some attacks via shortcuts on flash drives (CMD/PowerShell fileless methods), but fortunately, Microsoft Defender is very aggressive against such attacks.
SAC can miss some attacks via shortcuts on flash drives (CMD/PowerShell fileless methods), but fortunately, Microsoft Defender is very aggressive against such attacks.
Last edited:
By "only" do you mean the only security software with Microsoft Defender disabled, or combined with it? Is adding Comodo Firewall makes the system faster?
With Comodo Firewall, I don't use any antivirus, including Defender, and also disable Windows Firewall. Comodo Firewall is the lightest setup for me.
Why do you try another security setup for children?
I prefer Comodo Firewall with no antivirus and use it on kids' systems. Disabling Defender is a hassle on Windows 11. Sordum's Defender Control is the only tool that successfully disables and re-enables Defender. I decided not to risk kids' systems using the discontinued Defender Control.
You can install any light AV (accepted by Microsoft) and disable all its shields. Comodo Firewall should work as usual.
I'd opt for the CIS suite; it's light too.
Last edited:
I much prefer HardConfigurator to WHHL after trying both. GUI access to CD and FH is another plus. The design is neat and well-structured. My laptop's security levels are HC Recommended, CD High, and FH Recommended HC. I'll definitely replace the kids' laptop setup with this. The security config details are now complete.
I prefer to use only Comodo Firewall, without Comodo Antivirus, no third-party antivirus or security solutions, and with Microsoft Defender and Firewall disabled. The setup I use is proactive configuration, default containment, and HIPS disabled. I would like to use HIPS, but enabling it occasionally freezes the system.@rashmi do you use comodo only CIS with real-time protection MD deactivated or do you use CF + MD activated?
I switched from uBlock Origin Lite to Ghostery. Ghostery's performance has been impressive.
RAM usage lower than uBlock Origin Lite?
You may also like...
-
Defender Hardening Console (part of Hawk Eye Analysis Platform)- Started by Trident
- Replies: 62
-
Windows 11 Patch Tuesday December 2025 (KB5072033, KB5071417)- Started by silversurfer
- Replies: 11
-
Best Free Antivirus in 2026 – Windows Defender, Avast, or Something Else?- Started by Bot
- Replies: 85
-
Windows 11 24H2 KB5060829 June non-security update- Started by Gandalf_The_Grey
- Replies: 0
-