Advanced Plus Security ErzCrz Security Config 2019

[ErzCrz]

You can use ConfigureDefender to access advanced settings to harden Windows Defender. You may get the stand-alone version here Hard_Configurator — Download

Please edit configuration as well.

Many thanks for your help. Do let me know if I should do other tweaks. I have Win10 Home so don't have MS ATP.

 

[ErzCrz]

Still getting my head around Hard_configurator. Is there some way of training it? Will turning off default deny whitelist the programs I use? I'll look through the manual but thought I'd pose the question here as well.

 

[ErzCrz]

Updated configuration as now running Windows Defender Firewall and AV as protection with system hardening & tweaks using Andy Ful's Hard_Configurator. I was also running OSArmor but probably not needed with Hard_Configurator running with Recommended settings.

 

[oldschool]

Still getting my head around Hard_configurator. Is there some way of training it? Will turning off default deny whitelist the programs I use? I'll look through the manual but thought I'd pose the question here as well.

There is nothing to be trained. H_C is not realtime protection but uses Windows' built-in security features. Switch default/deny will not whitelist anything. It is simply an easy way to switch temporarily from Default-Deny to Default-Allow . Depending on the profile you use, RunAsSmartscreen is a simple way to bypass SRP when installing software. Looking through the manual is advised.

 

[ErzCrz]

There is nothing to be trained. H_C is not realtime protection but uses Windows' built-in security features. Switch default/deny will not whitelist anything. It is simply an easy way to switch temporarily from Default-Deny to Default-Allow . Depending on the profile you use, RunAsSmartscreen is a simple way to bypass SRP when installing software. Looking through the manual is advised.

Thanks mate

I've got a bit more of an understanding with H_C now. Just gone with recommended settings and I had to whitelist a start menu folder to get SWTOR to run via the link rather than the launcher.exe. ConfigureDefender element set to High as that seems to be the one for most users and I enabled all the block defaults in FirewallHardening.

Working great now. My laptop feels fast and secure. I'm sure I'll find out about tweaks to protect me even more. It's a big change from running Comodo IS for a long time but I needed the change and glad I did so far.

 

[oldschool]

Thanks mate

I've got a bit more of an understanding with H_C now. Just gone with recommended settings and I had to whitelist a start menu folder to get SWTOR to run via the link rather than the launcher.exe. ConfigureDefender element set to High as that seems to be the one for most users and I enabled all the block defaults in FirewallHardening.

Working great now. My laptop feels fast and secure. I'm sure I'll find out about tweaks to protect me even more. It's a big change from running Comodo IS for a long time but I needed the change and glad I did so far.

High settings are fine with H_C. You need add no more to the mix. I advise Max for those who use other companion softs, or no specific OS hardening.

 

[ErzCrz]

High settings are fine with H_C. You need add no more to the mix. I advise Max for those who use other companion softs, or no specific OS hardening.

That's great. Thanks for your help. The setup seems to be working great now.

 

[ErzCrz]

I've got all Firewall Hardening rules added but explorer.exe connecting out to 443 which relates to updates from what I understand and Akamai is content delivery MS uses, Should I keep blocking that (it's one of the LOLBins rules or remove the rule and.or just use Recommended H_C rules?

Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 2a02:c7d:3c5a:8d00:f926:b8ab:f32c:ee01
SourcePort: 53267
DestAddress: 2a02:26f0:db:29d::2c1a
DestPort: 443
Protocol: 6
FilterRTID: 4235304
LayerName: %%14611
LayerRTID: 50

**************************************
Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 192.168.0.3
SourcePort: 53266
DestAddress: 2.19.153.179
DestPort: 443
Protocol: 6
FilterRTID: 4235303
LayerName: %%14611
LayerRTID: 48

 

[ErzCrz]

Updated to show just using Chromium Edge with ublock origin, privacy possum and bitdefender traffic light.

 

[Andy Ful]

I've got all Firewall Hardening rules added but explorer.exe connecting out to 443 which relates to updates from what I understand and Akamai is content delivery MS uses, Should I keep blocking that (it's one of the LOLBins rules or remove the rule and.or just use Recommended H_C rules?

Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 2a02:c7d:3c5a:8d00:f926:b8ab:f32c:ee01
SourcePort: 53267
DestAddress: 2a02:26f0:db:29d::2c1a
DestPort: 443
Protocol: 6
FilterRTID: 4235304
LayerName: %%14611
LayerRTID: 50

**************************************
Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 192.168.0.3
SourcePort: 53266
DestAddress: 2.19.153.179
DestPort: 443
Protocol: 6
FilterRTID: 4235303
LayerName: %%14611
LayerRTID: 48

Both addresses are from Akamai Technologies. The second is related to go.microsoft.com.edgekey.net