Advanced Plus Security ErzCrz Security Config 2023

[ErzCrz]

Had Local Security Authority Protection warning this morning. It was turned off. Turned it on and restarted twice but had to dismiss the warning message in the end and pagece still says "This change requires you to restart your device" but at least it's enabled. A new feature or something else going on?? Win 11

 

[oldschool]

Had Local Security Authority Protection warning this morning. It was turned off. Turned it on and restarted twice but had to dismiss the warning message in the end and pagece still says "This change requires you to restart your device" but at least it's enabled. A new feature or something else going on?? Win 11

View attachment 273131

I have the same issue. It's mentioned here Redirecting
The fix, which I haven't tried, is here: Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
I'm hoping that MS fixes this with a future update.

 

[ErzCrz]

I have the same issue. It's mentioned here Redirecting
The fix, which I haven't tried, is here: Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
I'm hoping that MS fixes this with a future update.

Ah okay thanks! It had me going there for a minute this morning LOL.

EDIT: The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.

Registry entries from your Enable/Disable link:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002

 

[ErzCrz]

Been a bit manic at this end. Reverted to complete default MD setup a bit undecided about what to go with lately. Probably Comodo's announcement of future updates has me thinking about that again and not been using the Emsisoft subscription I won much. Just kind of in limbo security wise. Bear (or bare) with me

I probably just need to stick with the basics of CD on High at the moment or until I do a fresh install for SAC which isn't happening soon.

 

[TairikuOkami]

EDIT: The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.

Was it 1 or 2? I am wondering, whether RunAsPPLBoot entry is required. I am using (more secure?) RunAsPPL=1 and since it is UEFI locked, it should be enabled at boot?

Configuring Additional LSA Protection

Learn how to configure additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.

learn.microsoft.com

 

[ErzCrz]

Was it 1 or 2? I am wondering, whether RunAsPPLBoot entry is required. I am using (more secure?) RunAsPPL=1 and since it is UEFI locked, it should be enabled at boot?

Configuring Additional LSA Protection

Learn how to configure additional protection for the Local Security Authority (LSA) process to prevent code injection that could compromise credentials.

learn.microsoft.com

I think it was 2 and still is.

 

[oldschool]

@TairikuOkami

I think it was 2 and still is.

Yes. I think both key values are the default value 2 when you enable LSA in Windows Security. The bug in Windows 11 22H2 is that the 2nd key isn't created and users get the "This change requires ..." message even after restarting machine. At least that's how I understand it.

For those who aren't so computer savvy, like myself, I found these detailed directions (Method 2) for manually adding the new key so I wouldn't have to rely on a .reg file.

Fix This change requires you to restart your device LSA Protection Error in Windows

Easy 5 methods for how to fix This change requires you to restart your device LSA or Local Security Authority Protection in Windows 11 or 10.

www.howto-connect.com

 

[ErzCrz]

Doing my usual chopping and changing while I wait for H_C 6.1.1.1 to come out of beta. Running CF with @cruelsister 's settings and MD with CD set to High. Will update configuration on top of thread once I've been using it for a few.

 

[ErzCrz]

I'm typically indecisive and a bit at a crossroads. I think I should really take advantage of that Emsisoft AV subscription and stick with that for now. It's a good product and even though it uses 600+meg of ram, it doesn't really affect my system performance with 16gb on board. Will update config tomorrow.

 

[Kongo]

I'm typically indecisive and a bit at a crossroads. I think I should really take advantage of that Emsisoft AV subscription and stick with that for now. It's a good product and even though it uses 600+meg of ram, it doesn't really affect my system performance with 16gb on board. Will update config tomorrow.

I'm pretty sure the high RAM usage is just temporary just like with pretty much every Bitdefender Engine-based AV. I installed G-Data and had 1gb RAM usage. Now after like 3 days, it dropped down to 400 mb. Just do a full scan and dont shut down your PC for a night.

 

[ErzCrz]

I'm pretty sure the high RAM usage is just temporary just like with pretty much every Bitdefender Engine-based AV. I installed G-Data and had 1gb RAM usage. Now after like 3 days, it dropped down to 400 mb. Just do a full scan and dont shut down your PC for a night.

Thanks. It's settled into the 400s now. I really want to use CF but have to do a fair bit of whitelisting and allow rules. Will pick it back up again when I've had time to some more research on that

 

[ErzCrz]

Done a lot of bouncing around between security configs this year. Trying to go back to a more simplistic route with H_C and MD or just CF and MD. Fort Firewall also a possibility if you can default block outgoing.

CF takes some tweaking apart from cruelsister settings. Firewall rules for 443 outgoing windows host apps and ports 53, 5353, 1900 & 443 outbound rules as default CF web browser preset doesn't include HTTPS, DNS, SSDP or IPv6 Neighbourhood Solicitation but maybe that's as I'm filtering IPv6 along with IPv4.

Anyway, will update the config when I settle on one

 

[piquiteco]

@ErzCrz Testing CF + F-Secure here

 

[ErzCrz]

Getting lots of spam lately. No new haveibeenpwned breaches must just be that time of year. The usual you've been watching... some fake tinder and other random stuff. Thankfully domain host provider spam filter is quite effective and Thunderbird catches what's missed. Does always make me paranoid but in reality it's just data from old breaches and my protection levels cover things

CFW working okay though saw it not registering in Security Centre a few times but it's still doing it's job at least containing malware in simple tests. I like Emsisoft which will block malware connections and full scans taking less than 5 minutes so maybe just go with that if there's further CFW issues.

 

[piquiteco]

CFW working okay though saw it not registering in Security Centre a few times but it's still doing it's job at least containing malware in simple tests.

I like the CFW, but I hate it when the Security Center keeps reporting that the firewall is disabled and when it was the CIS that the AV is outdated and this is old this bug, although it is not so often these notifications. Me if I do not fail memory the build 6888 did not have this. I thought it was only with me that this occurred.

 

[oldschool]

Getting lots of spam lately.

I was getting barraged with spam texts on my phone, multiple times a day. It took weeks of continual reporting and then they tailed off, to be very sporadically replaced by texts in Chinese. After more reporting they seem to have stopped.

 

[oldschool]

CFW ... not registering in Security Centre a few times

I like the CFW, but I hate it when the Security Center keeps reporting that the firewall is disabled

I refuse to use anything with these kinds of bugs, even though they're minor they drive my OCD wild. Which is why I'm sticking with Windows Security.

 

[ErzCrz]

I refuse to use anything with these kinds of bugs, even though they're minor they drive my OCD wild. Which is why I'm sticking with Windows Security.

Yes, I have a hard time committing to Comodo fully until the apparent 2024 update that we're meant to see this summer. I'm trying out the H_C Beta 2 at the moment.

 

[ErzCrz]

Quick update to config. Using Hard_Configurator Beta 3. Oh and a few swaps of ticks relating to PC use.

That issue I thought was H_C related regarding Thunderbird slow server issue turned out to be a email server issue and not directly related to H_C,CD,FWH.

Anyway, played around a fair bit with Comodo but had to add a lot of allow rules and I'm just sticking with MD/H_C until at least this "summer release" happens or I get more clarification about Firewall rules relating to svchost and windows apps connecting out to port 443.

 

[oldschool]

Please change "Last updated" in your config.