Advanced Plus Security ErzCrz Security Config 2019

Last updated
Sep 30, 2019
Windows Edition
Home
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Notify me only when programs try to make changes to my computer
Real-time security
Windows Defender
Firewall security
Microsoft Defender Firewall
About custom security
Andy Ful's Hard_Configurator at Recommended Settings, ConfigureDefender component set to High, Firewall Hardening all default rules enabled
Periodic malware scanners
Emisoft Emergency Kit, HitmanPro, Malwarebytes Adwcleaner
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chromium Edge Stable
Maintenance tools
Bleachbit
File and Photo backup
Monthly backup to external HD using Windows Built-in backup and occasional OneDrive manual sync
System recovery
Default Windows App
Risk factors
    • Gaming
    • Browsing to popular websites
    • Streaming audio/video content from shady sites
Computer specs
Intel i3 1.7ghz
GPU Intel 4400 HD
Ram 12 Gig

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,223
Still getting my head around Hard_configurator. Is there some way of training it? Will turning off default deny whitelist the programs I use? I'll look through the manual but thought I'd pose the question here as well.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,223
Updated configuration as now running Windows Defender Firewall and AV as protection with system hardening & tweaks using Andy Ful's Hard_Configurator. I was also running OSArmor but probably not needed with Hard_Configurator running with Recommended settings.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,707
Still getting my head around Hard_configurator. Is there some way of training it? Will turning off default deny whitelist the programs I use? I'll look through the manual but thought I'd pose the question here as well.

There is nothing to be trained. H_C is not realtime protection but uses Windows' built-in security features. Switch default/deny will not whitelist anything. It is simply an easy way to switch temporarily from Default-Deny to Default-Allow . Depending on the profile you use, RunAsSmartscreen is a simple way to bypass SRP when installing software. Looking through the manual is advised. (y)
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,223
There is nothing to be trained. H_C is not realtime protection but uses Windows' built-in security features. Switch default/deny will not whitelist anything. It is simply an easy way to switch temporarily from Default-Deny to Default-Allow . Depending on the profile you use, RunAsSmartscreen is a simple way to bypass SRP when installing software. Looking through the manual is advised. (y)

Thanks mate :)

I've got a bit more of an understanding with H_C now. Just gone with recommended settings and I had to whitelist a start menu folder to get SWTOR to run via the link rather than the launcher.exe. ConfigureDefender element set to High as that seems to be the one for most users and I enabled all the block defaults in FirewallHardening.

Working great now. My laptop feels fast and secure. I'm sure I'll find out about tweaks to protect me even more. It's a big change from running Comodo IS for a long time but I needed the change and glad I did so far. :)
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,707
Thanks mate :)

I've got a bit more of an understanding with H_C now. Just gone with recommended settings and I had to whitelist a start menu folder to get SWTOR to run via the link rather than the launcher.exe. ConfigureDefender element set to High as that seems to be the one for most users and I enabled all the block defaults in FirewallHardening.

Working great now. My laptop feels fast and secure. I'm sure I'll find out about tweaks to protect me even more. It's a big change from running Comodo IS for a long time but I needed the change and glad I did so far. :)

High settings are fine with H_C. You need add no more to the mix. I advise Max for those who use other companion softs, or no specific OS hardening.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,223
I've got all Firewall Hardening rules added but explorer.exe connecting out to 443 which relates to updates from what I understand and Akamai is content delivery MS uses, Should I keep blocking that (it's one of the LOLBins rules or remove the rule and.or just use Recommended H_C rules?

Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 2a02:c7d:3c5a:8d00:f926:b8ab:f32c:ee01
SourcePort: 53267
DestAddress: 2a02:26f0:db:29d::2c1a
DestPort: 443
Protocol: 6
FilterRTID: 4235304
LayerName: %%14611
LayerRTID: 50

**************************************
Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 192.168.0.3
SourcePort: 53266
DestAddress: 2.19.153.179
DestPort: 443
Protocol: 6
FilterRTID: 4235303
LayerName: %%14611
LayerRTID: 48
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,601
I've got all Firewall Hardening rules added but explorer.exe connecting out to 443 which relates to updates from what I understand and Akamai is content delivery MS uses, Should I keep blocking that (it's one of the LOLBins rules or remove the rule and.or just use Recommended H_C rules?

Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 2a02:c7d:3c5a:8d00:f926:b8ab:f32c:ee01
SourcePort: 53267
DestAddress: 2a02:26f0:db:29d::2c1a
DestPort: 443
Protocol: 6
FilterRTID: 4235304
LayerName: %%14611
LayerRTID: 50

**************************************
Local Time: 2019/10/05 21:35:42
ProcessId: 3352
Application: C:\windows\explorer.exe
Direction: Outbound
SourceAddress: 192.168.0.3
SourcePort: 53266
DestAddress: 2.19.153.179
DestPort: 443
Protocol: 6
FilterRTID: 4235303
LayerName: %%14611
LayerRTID: 48

Both addresses are from Akamai Technologies. The second is related to go.microsoft.com.edgekey.net
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top