Battle What is the best combo?

[Sorrento]

The simpler the better, I now use ESET along with CL, I rarely have issues, if ever - But along with other users as member piquiteco I'd use most AV also.

 

[Parkinsond]

The simpler the better, I now use ESET along with CL, I rarely have issues, if ever.

Simplicity is the ultimate sophistication.

 

[n8chavez]

I go for any solution free of charge; I can even go for

First off, ewww. Don't use panda. Just no. Second, if free is your goal pair Comodo Firewall (deny unknowns) with Macrium Reflect Free.

 

[Parkinsond]

First off, ewww. Don't use panda. Just no. Second, if free is your goal pair Comodo Firewall (deny unknowns) with Macrium Reflect Free.

I was joking; MD is way better than Panda.

 

[n8chavez]

Ok, good. I thought for a moment you were either a paid shill or really dumb.

 

[RoboMan]

In terms of "security", I'd go with option #2.

Default-deny technology is almost a must in 2025. Cyberlock can lock the system down regarding execution of software. Blacklist-type of software is outdated technology.

Also, Avast has a huge database of signatures to complement Cyberlock anti-exe capabilities, and is usually quick to react to malware.

Although I don't dislike the idea of adding AdGuard to that combo. It doesn't offer real-time protection of malware, but it's a very powerful privacy tool, ideal against ads, malvertising, phishing, and more, not only in browsers but in all apps. It also helps manage DNS easily.

 

[Fan-of-spyshelter]

As explained here:
AV-Test – Microsoft Defender for Business (Feb 2025)

And validated through this process:
AMTSO Test Plan – AV-TEST 2025

---

If we're talking strictly about an AV-only solution, Microsoft Defender (MD) still seems like the most logical choice to me — not because it’s perfect, but because Microsoft is ultimately the party held accountable when something goes wrong on your system (as long as you’ve paid for a valid license).

We’re talking about damages they can’t prove was causing by your fault — even in a home or in legal enterprise contexts, that makes a big difference.


This is supported by Microsoft’s own privacy policy:
Microsoft Privacy Statement

"Personal data we collect"
Microsoft collects data from you through our interactions with you and through their products. Some of this data is provided directly by you, and some is collected based on how you use their system. The exact data depends on your privacy settings, the features you use, and how you interact with the OS.

So yeah — they know. Basically everything.and…

If you’re not honest, don’t worry — they’ll have logs, telemetry, system-level traces — all thanks to the “TrustedInstaller” account and the hidden super-admin account (net user administrator) that most users have no idea even exists.

---

Anyway...

From this official remark:
Microsoft Defender for Business

If you’re paying for a license on a machine you actually own, running Windows 11 Pro (which includes Group Policy Editor — unlike the Home edition), and you can prove the purchase, then really, what you're doing is renting your own machine back to Microsoft HQ in Redmond with the best antivirus for a lambda user, and when they remotely control the OS kernel and critical components of your system, any malicious code that impacts the kernel-level structure falls under their responsibility — not yours, because they control the very heart of the system.

The only consequence to that choice, is that you need to accept all the security updates for the windows you have.
be advise that the expiration of windows 10 will arrive at October 2025 :

Windows 10 support ends on October 14, 2025 - Microsoft Support

Windows 10 support ends on October 14, 2025. Upgrade to Windows 11 now to ensure continued security and feature updates. Learn more about the transition.

support.microsoft.com

Also if i could have a last advice,

always have an image file of your OS the day 1 you receive your computer :

Windows 11 Image Creation for OEMs

Get step-by-step guidance for OEMS to deploy Windows 11 to desktop computers, laptops, and 2-in-1s.

learn.microsoft.com

and restore point on a external secure flash or hard drive :

Restore points - Win32 apps

Restore points are created to allow users a choice of previous system states. Each restore point contains the necessary information needed to restore the system to the chosen state. Restore points are created before key changes are made to the system.

learn.microsoft.com

 

[Victor M]

always have an image file of your OS the day 1 you receive your computer :

I would re-install Windows using the BypassNRO registry setting When you use that setting, no bloatware is installed and MS account is not required. And you can remain offline. While still offline, harden your system, install your security, install your apps (the ones you have offline installers for) . Then make the golden drive image. Then you can go online. That way you have an image that is guaranteed clean, and you save yourself time when you need a fresh windows. (like when you are infected or hacked )

 

[Parkinsond]

I would re-install Windows using the BypassNRO registry setting When you use that setting, no bloatware is installed and MS account is not required. And you can remain offline. While still offline, harden your system, install your security, install your apps (the ones you have offline installers for) . Then make the golden drive image. Then you can go online. That way you have an image that is guaranteed clean, and you save yourself time when you need a fresh windows. (like when you are infected or hacked )

Used to do so, but found reinstall of everything takes shorter time than reapplying the image.

 

[brambedkar59]

Either is fine but I would suggest few tweaks.
1 tinywall + emsisoft antimalware+ adguard vpn
2. Avast ultimate

Default-deny technology is almost a must in 2025.

I would disagree. Default-deny won't save a happy clicker as he will find a way to bypass it and someone who practice safe browsing habit will be safe even with a decent AV, security DNS and adblocker in browser. Just my 2 cents.

 

[Victor M]

Used to do so, but found reinstall of everything takes shorter time than reapplying the image.

You must have very few apps and a short scripted hardening procedure.

Maybe it is time to use your credit card and buy a 2nd hand laptop from the eBay store that I mentioned. The PC that I am using now is a Dell Latitude E5570 core i7 6600U , 16 Gb RAM, 256 SSD, bought from that vendor this year, ~USD $160.

That core2 duo of yours is vulnerable to firmware attacks, supposedly leaked from NSA (or some govt org), impossible to get rid of.

 

[Parkinsond]

You must have very few apps and a short scripted hardening procedure.

Maybe it is time to use your credit card and buy a 2nd hand laptop from the eBay store that I mentioned. The PC that I am using now is a Dell Latitude E5570 core i7 6600U , 16 Gb RAM, 256 SSD, bought from that vendor this year, ~USD $160.

That core2 duo of yours is vulnerable to firmware attacks, supposedly leaked from NSA (or some govt org), impossible to get rid of.

Nice specs.
The core 2 duo one is the backup; the main use one have core i5 3rd gen; still old but is doing the job for me.

 

[Fan-of-spyshelter]

I would re-install Windows using the BypassNRO registry setting When you use that setting, no bloatware is installed and MS account is not required. And you can remain offline. While still offline, harden your system, install your security, install your apps (the ones you have offline installers for) . Then make the golden drive image. Then you can go online. That way you have an image that is guaranteed clean, and you save yourself time when you need a fresh windows. (like when you are infected or hacked )

Yeah, bypassing NRO is great — and it was part of the MS "accepted tricks".
But as expected... it's coming to an end:
Windows 11 Insider Preview Build 26200.5516 (Dev Channel)

"We’re removing the bypassnro.cmd script from the build to enhance security and user experience. This change ensures all users exit setup with internet connectivity and a Microsoft Account."

So yeah, if you're planning to build a clean image, do it before they lock it down further.

Now, to those who are listening :
Once you have your image system file from your new computer (I mean the recovery partition, not a custom-made system image by ), you should duplicate it immediately.
→ Two copies minimum:

1. One to archive safely, because most machines from consumer shops come with OEM Windows licenses (non-transferable).
   OEM vs Retail explained – Microsoft Answers
   These include pre-installed drivers tied to your hardware — hard to replicate cleanly in retail ISOs, unless you’re 100% sure of what you're doing.

1. The second copy? Use it to explore, tweak, and learn — with tools like:
   NTLite – Windows Customization Tool
   (But that’s a whole other topic.)

And honestly, I know Microsoft Defender for Business isn't for everyone
But once you understand how it integrates with the system, and how much control it gives back to you — it’s peace of mind, believe me as i do not like microsoft ^^.

 

[bazang]

Anyway...

From this official remark:
Microsoft Defender for Business

If you’re paying for a license on a machine you actually own, running Windows 11 Pro (which includes Group Policy Editor — unlike the Home edition), and you can prove the purchase, then really, what you're doing is renting your own machine back to Microsoft HQ in Redmond with the best antivirus for a lambda user, and when they remotely control the OS kernel and critical components of your system, any malicious code that impacts the kernel-level structure falls under their responsibility — not yours, because they control the very heart of the system.

This interpretation is absolutely, completely incorrect on multiple points. Here I will only address Microsoft's accountability and responsibility for Microsoft Defender - ANY edition - and the same applies TO ALL OTHER MICROSOFT SERVICES AND SOFTWARE. Microsoft only offers significantly customized services (e.g. FedRAMP Certified) and agreements to Governments - and by that - I mean the U.S. Government.

This is the link to the license terms and conditions covering ALL Microsoft Defender versions from the one everyone knows on their local systems all the way up through the Government versions (Microsoft accepts no risk and no fitness for use or failures of the product (or any of its products or services); the Subscriber/User assumes full accountability and responsibility for its use and any negative consequences within the realm of security failures). If anyone does not understand EULAs and License/Subscription Agreement legalese then most of the clauses will not be understood, but the key items are 18 and 19." No matter what anyone from Microsoft posts online, the only legally binding terms are contracts, licenses, and EULAs:

Microsoft Defender Application license terms

Describes the Microsoft Defender Application license terms

learn.microsoft.com

Advisory: There are no laws in the US or the UK that would render these major clauses void or invalidate parts of them. Short of it - the User/Licensee assumes all risk for everything as far as software and/or service performance.

 

[Fan-of-spyshelter]

This interpretation is absolutely, completely incorrect on multiple points. Here I will only address Microsoft's accountability and responsibility for Microsoft Defender - ANY edition - and the same applies TO ALL OTHER MICROSOFT SERVICES AND SOFTWARE. Microsoft only offers significantly customized services (e.g. FedRAMP Certified) and agreements to Governments - and by that - I mean the U.S. Government.

This is the link to the license terms and conditions covering ALL Microsoft Defender versions from the one everyone knows on their local systems all the way up through the Government versions (Microsoft accepts no risk and no fitness or failures of the product; the Subscriber/User assumes full accountability and responsibility for its use and any negative consequences within the realm of security failures). If anyone does not understand EULAs and License/Subscription Agreement legalese then most of the clauses will not be understood, but the key items are 18 and 19." No matter what anyone from Microsoft posts online, the only legally binding terms are contracts, licenses, and EULAs:

Microsoft Defender Application license terms

Describes the Microsoft Defender Application license terms

learn.microsoft.com

View attachment 288794

Let’s make something clear user Bazang :

an EULA is not “the law” — it’s a private agreement drafted by the company. Whether all of its terms are enforceable depends on the laws of the user's country and how courts interpret them. In many jurisdictions (including the EU and several US states), there are consumer protection laws and software liability frameworks that can override some EULA clauses — especially when the product causes damage, data loss, or security failures, and when the product is sold or marketed with guarantees of performance (e.g. “Enterprise-grade protection”).

So yes, Microsoft “accepts no risk” in their wording — but that doesn’t mean they are automatically exempt in practice, especially in enterprise or legal contexts.

My original point wasn't about what Microsoft says in their license, but about the real-world implications of using Defender in a system they entirely control — and how that affects accountability beyond the EULA. EULAs try to define responsibility. Courts decide who actually holds it.

 

[bazang]

In many jurisdictions (including the EU and several US states), there are consumer protection laws and software liability frameworks that can override some EULA clauses — especially when the product causes damage, data loss, or security failures, and when the product is sold or marketed with guarantees of performance (e.g. “Enterprise-grade protection”).

In the US and UK, the only software failure cases that have been successful, resulting in jury awards of damages (monetary compensation) are the ones where software malfunctions physically harmed or killed people. There is not a single state in the US or anywhere in the UK where a regulatory body or a civil case brought by a plaintiff (against a security software publisher) claiming that the product failed to protect has ever resulted in an award. I know the Crown has never been successful in a consumer protection or regulatory case involving consumer security software because it has never brought such a case before the Bar.

Since the EU (including Switzerland), Japan, Singapore, and Australia tend to even be more restrictive in bringing such cases, it is unlikely that a jury award has ever happened in those nations either. But it isn't important enough for me to research.

Only in services with Service Level Agreements (SLAs), Security Requirements (SRs), and other Shared Responsibilities is there an opportunity for "financial credit" or further recourse - IF those are clearly defined within the contracts and other documents. Those types of agreements are only between companies and Enterprises and Governments. Contracts with the US Government are governed by numerous statutes and regulations but recovery is mostly via the False Claims Act (FCA). In the UK it is through the UK Procurement Act 2023, The Economic Crime & Transparency Act 2023, and The Fraud Act 2006. None of that has anything to do with consumers.

The Crown prosecuted Advanced Computer Software Group Ltd and obtained a financial settlement for that company's subsidiary failing to implement security controls under the contract with the UK National Health Service that resulted in the entire NHS brought down by ransomware. That was a service failure and not a software failure.

"Enterprise-grade protection" is not a guarantee. It is a marketing descriptor. Nothing else.

No consumer will ever get a penny or a £ out of Microsoft for any of its software failing to protect their systems. Even if they tried, they would spend 50,000 Euros before the first hearing. Beyond that it would cost hundreds of thousands of Pounds. This is the way the legal system works globally.

There is a massive legal "carve out" for software publishers the world over. Otherwise people would sue en masse and bankrupt 99% of all software publishers.

 

[Fan-of-spyshelter]

Are you sure about what you said?

Because here's what's actually happening:

ICCL launches Ireland’s first class-action suit against Microsoft’s ad business

FTC: Microsoft to pay $20 million for collecting children’s data via Xbox

Microsoft's LinkedIn sued over AI training using private messages

EU fines LinkedIn €310 million over unlawful data use

So — should I continue?
Or would you prefer I start listing court decisions from the U.S. next?

 

[bazang]

Are you sure about what you said?

Because here's what's actually happening:

ICCL launches Ireland’s first class-action suit against Microsoft’s ad business

FTC: Microsoft to pay $20 million for collecting children’s data via Xbox

Microsoft's LinkedIn sued over AI training using private messages

EU fines LinkedIn €310 million over unlawful data use

So — should I continue?
Or would you prefer I start listing court decisions from the U.S. next?

Yes. I am very sure. I know the law and how it works most everywhere when it involves a claim by a plaintiff stating that a security software failed to protect them.

None of those are cases involving a plaintiff suing for failure of a security software to protect their system.

Those are all government regulatory actions and cases.

 

[Fan-of-spyshelter]

Yes. I am very sure. I know the law and how it works most everywhere when it involves a claim by a plaintiff stating that a security software failed to protect them.

None of those are cases involving a plaintiff suing for failure of a security software to protect their system.

Those are all government regulatory actions and cases.

ok, ... now this is just an example :

Unauthorised Windows 10 Upgrade, claimant receives $10,000

Microsoft last month paid a California travel agent $10,000 after she won a judgment in small claims court by successfully arguing that an unauthorized upgrade to Windows 10 crippled her work PC. Teri Goldstein, the owner of Sausalito, Calif.-based TG Travel Group LLC, said that she had not...

malwaretips.com

and you can search for more, if you want, cause there is tons of public data on internet directly from the US government not only serious news paper !

have a nice day ^^.

 

[Victor M]

ok, ... now this is just an example :

Unauthorised Windows 10 Upgrade, claimant receives $10,000

Microsoft last month paid a California travel agent $10,000 after she won a judgment in small claims court by successfully arguing that an unauthorized upgrade to Windows 10 crippled her work PC. Teri Goldstein, the owner of Sausalito, Calif.-based TG Travel Group LLC, said that she had not...

malwaretips.com

The case you quoted has nothing to do with failing to protect a PC. You have to be very specific in legal matters.