Advanced Plus Security ErzCrz Security Config 2023

Last updated
May 19, 2023
How it's used?
For home and private use
OS (desktop)
Windows 11
On-device encryption
None
Log-in security
    • Local password or PIN
Security updates
Automatic - allow all updates
Update channels
Allow stable updates
Windows UAC
Always notify
Windows 11 SAC
Turned Off by Microsoft (Note: cannot be re-enabled by the user)
WiFi network firewall
Router firewall is On
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender

Controlled Folder Access
added folders:
  • C:\Program Data\Microsoft\Windows\Start Menu
  • C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
  • C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Firewall security
Microsoft Defender Firewall
About custom security
Hard_Configurator 6.1.1.1 Beta 3
ConfigureDefender - HIGH + CFA Enabled
WindowsFirewallHardener - Recommended Rules
Custom Exploit Protection - Edge - All Default Rules Enabled
UAC - Always notify
Periodic malware scanners
Emisoft Emergency Kit / Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Edge with uBlock Origin with Tweaked Hard Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
VPN & Protocol used
Sophos VPN for working from home connection only
Password manager
Keepass
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
System recovery
External Drive - Backup of Documents and folders.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
    • Streaming audio/video content from shady sites
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Had Local Security Authority Protection warning this morning. It was turned off. Turned it on and restarted twice but had to dismiss the warning message in the end and pagece still says "This change requires you to restart your device" but at least it's enabled. A new feature or something else going on?? Win 11

1677262707107.png
 

oldschool

Level 76
Top Poster
Well-known
Mar 29, 2018
6,505
Had Local Security Authority Protection warning this morning. It was turned off. Turned it on and restarted twice but had to dismiss the warning message in the end and pagece still says "This change requires you to restart your device" but at least it's enabled. A new feature or something else going on?? Win 11

View attachment 273131
I have the same issue. It's mentioned here Redirecting
The fix, which I haven't tried, is here: Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
I'm hoping that MS fixes this with a future update.
 

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
I have the same issue. It's mentioned here Redirecting
The fix, which I haven't tried, is here: Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
I'm hoping that MS fixes this with a future update.
Ah okay thanks! It had me going there for a minute this morning LOL.

EDIT: The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.

Registry entries from your Enable/Disable link:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002
 
Last edited:

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Been a bit manic at this end. Reverted to complete default MD setup a bit undecided about what to go with lately. Probably Comodo's announcement of future updates has me thinking about that again and not been using the Emsisoft subscription I won much. Just kind of in limbo security wise. Bear (or bare) with me :D

I probably just need to stick with the basics of CD on High at the moment or until I do a fresh install for SAC which isn't happening soon.
 
Last edited:

TairikuOkami

Level 33
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,267
EDIT: The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.
Was it 1 or 2? I am wondering, whether RunAsPPLBoot entry is required. I am using (more secure?) RunAsPPL=1 and since it is UEFI locked, it should be enabled at boot? :unsure:
 
  • Like
Reactions: oldschool

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Was it 1 or 2? I am wondering, whether RunAsPPLBoot entry is required. I am using (more secure?) RunAsPPL=1 and since it is UEFI locked, it should be enabled at boot? :unsure:
I think it was 2 and still is.
 

oldschool

Level 76
Top Poster
Well-known
Mar 29, 2018
6,505
@TairikuOkami
I think it was 2 and still is.
Yes. I think both key values are the default value 2 when you enable LSA in Windows Security. The bug in Windows 11 22H2 is that the 2nd key isn't created and users get the "This change requires ..." message even after restarting machine. At least that's how I understand it.

For those who aren't so computer savvy, like myself, I found these detailed directions (Method 2) for manually adding the new key so I wouldn't have to rely on a .reg file.
 
Last edited:
  • +Reputation
Reactions: ErzCrz

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Doing my usual chopping and changing while I wait for H_C 6.1.1.1 to come out of beta. Running CF with @cruelsister 's settings and MD with CD set to High. Will update configuration on top of thread once I've been using it for a few.
 

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
I'm typically indecisive and a bit at a crossroads. I think I should really take advantage of that Emsisoft AV subscription and stick with that for now. It's a good product and even though it uses 600+meg of ram, it doesn't really affect my system performance with 16gb on board. Will update config tomorrow.
 

Kongo

Level 32
Verified
Top Poster
Well-known
Feb 25, 2017
2,140
I'm typically indecisive and a bit at a crossroads. I think I should really take advantage of that Emsisoft AV subscription and stick with that for now. It's a good product and even though it uses 600+meg of ram, it doesn't really affect my system performance with 16gb on board. Will update config tomorrow.
I'm pretty sure the high RAM usage is just temporary just like with pretty much every Bitdefender Engine-based AV. I installed G-Data and had 1gb RAM usage. Now after like 3 days, it dropped down to 400 mb. Just do a full scan and dont shut down your PC for a night.
 

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
I'm pretty sure the high RAM usage is just temporary just like with pretty much every Bitdefender Engine-based AV. I installed G-Data and had 1gb RAM usage. Now after like 3 days, it dropped down to 400 mb. Just do a full scan and dont shut down your PC for a night.
Thanks. It's settled into the 400s now. I really want to use CF but have to do a fair bit of whitelisting and allow rules. Will pick it back up again when I've had time to some more research on that ;)
 
  • Like
Reactions: Kongo

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Done a lot of bouncing around between security configs this year. Trying to go back to a more simplistic route with H_C and MD or just CF and MD. Fort Firewall also a possibility if you can default block outgoing.

CF takes some tweaking apart from cruelsister settings. Firewall rules for 443 outgoing windows host apps and ports 53, 5353, 1900 & 443 outbound rules as default CF web browser preset doesn't include HTTPS, DNS, SSDP or IPv6 Neighbourhood Solicitation but maybe that's as I'm filtering IPv6 along with IPv4.

Anyway, will update the config when I settle on one :)
 

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Getting lots of spam lately. No new haveibeenpwned breaches must just be that time of year. The usual you've been watching... some fake tinder and other random stuff. Thankfully domain host provider spam filter is quite effective and Thunderbird catches what's missed. Does always make me paranoid but in reality it's just data from old breaches and my protection levels cover things ;)

CFW working okay though saw it not registering in Security Centre a few times but it's still doing it's job at least containing malware in simple tests. I like Emsisoft which will block malware connections and full scans taking less than 5 minutes so maybe just go with that if there's further CFW issues.
 

piquiteco

Level 10
Oct 16, 2022
450
CFW working okay though saw it not registering in Security Centre a few times but it's still doing it's job at least containing malware in simple tests.
I like the CFW, but I hate it when the Security Center keeps reporting that the firewall is disabled and when it was the CIS that the AV is outdated and this is old this bug, although it is not so often these notifications. Me if I do not fail memory the build 6888 did not have this. I thought it was only with me that this occurred.😞
 
  • Like
Reactions: ErzCrz

oldschool

Level 76
Top Poster
Well-known
Mar 29, 2018
6,505
Getting lots of spam lately.
I was getting barraged with spam texts on my phone, multiple times a day. It took weeks of continual reporting and then they tailed off, to be very sporadically replaced by texts in Chinese. After more reporting they seem to have stopped.
 
  • Wow
Reactions: ErzCrz

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
I refuse to use anything with these kinds of bugs, even though they're minor they drive my OCD wild. 😄 Which is why I'm sticking with Windows Security.
Yes, I have a hard time committing to Comodo fully until the apparent 2024 update that we're meant to see this summer. I'm trying out the H_C Beta 2 at the moment.
 
  • Like
Reactions: oldschool

ErzCrz

Level 15
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
731
Quick update to config. Using Hard_Configurator Beta 3. Oh and a few swaps of ticks relating to PC use.

That issue I thought was H_C related regarding Thunderbird slow server issue turned out to be a email server issue and not directly related to H_C,CD,FWH.

Anyway, played around a fair bit with Comodo but had to add a lot of allow rules and I'm just sticking with MD/H_C until at least this "summer release" happens or I get more clarification about Firewall rules relating to svchost and windows apps connecting out to port 443.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top