Advanced Plus Security ErzCrz Security Config 2024

Last updated
Oct 7, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
DefenderUI
CyberLock
WFC
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Reccomended
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
WFC - Medium Filtering, Notifications Enabled. (Manually added FWH Rules as WFC can overwrite FirewallHardening Tool implemented rules
FirewallHardening Tool - Recommended H_C Rules
Documents_Anti-Exploit Tool - ON/ON2/ON/ON
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with UBOLite in Complete Mode
Secondary - Firefox with uBO in Medium Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x or KeePassXC whichever is my flavour of the month though they use the same database file.
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Subscriptions
    • None
System recovery
AOMEI System Backup Monthly to external drive.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
----------------------------------------
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.
20.11.2024 - WFH and Anti-Exploit added as protection layers.

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
Removed Privacy Badger for now, just trying to identify overlap with it and uBO and some page slows.
Did some CF testing but doesn't always seem to be filtering or just not showing in UI. I am seeing how the H_C setup goes but have been tempted with some of the BF offers or going with Emsisoft but who knows.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
What's BF? BlackFog? Bitdefender Free? 🤔
Sorry, Black Friday. I forget to add proper context now and then :D

Just being a bit indecisive and with the layered approach I'm currently using it's probably enough, just having 3rd party sometimes makes you think it's doing more but MD is just if not more active protecting more things ;)
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
The forensic of "have been tempted with some of the BF offers" revealed a cryptic invitation to explore the mischievous realm of "Blue Films"! 😂🤣
hahaha. That's what VPNs and Comodo Secure Shopping was for 🤣
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
Back to my quandary, I don't have office 365 and only Home version of Win 11 so don't have extra Microsoft Defender features but that's what ConfigreDefender is for. Think I'll give CF Beta 2 another go.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
Not sure when it started appearing but I noted today that MDCoreSvc Microsoft Defender Core Service was running even though I was testing out CIS Beta 2 with a couple of things today.

1701460289734.png


It'll probably just be MD until the next beta comes out but just happen to notice this service still running even though I have periodic MD scanning disabled. Not had time to check if it's the same with other AVs,
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
Not sure when it started appearing but I noted today that MDCoreSvc Microsoft Defender Core Service was running even though I was testing out CIS Beta 2 with a couple of things today.

View attachment 279957

It'll probably just be MD until the next beta comes out but just happen to notice this service still running even though I have periodic MD scanning disabled. Not had time to check if it's the same with other AVs,
Interesting. I don't have this service on my system.
 
  • Like
Reactions: Nevi and oldschool

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
It's still there with Emsisoft installed so it must be just a thing now. I do have the early updates enabled in Win 11 but just something I noticed.

I see. So you know on Windows 11, MD's "Antimalware Service Executable/MsMpEng.exe" always keeps running even when a third-party AV is installed. So maybe MS has now created this new "Antimalware Core Service" which will be the one that will now keep running always. Or maybe a name is happening where "Antimalware Service Executable" will be called "Antimalware Core Service" in the future.
What's the name of the exe file of this service?
 
  • Like
Reactions: Nevi and harlan4096

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
I see. So you know on Windows 11, MD's "Antimalware Service Executable/MsMpEng.exe" always keeps running even when a third-party AV is installed. So maybe MS has now created this new "Antimalware Core Service" which will be the one that will now keep running always. Or maybe a name is happening where "Antimalware Service Executable" will be called "Antimalware Core Service" in the future.
What's the name of the exe file of this service?
Yeah, must just be a something keeping your account protection etc monitored.

C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpDefenderCoreService.exe
1701522490941.png

Not using much resource at all which is great.

On a different note, not sure I'll renew Emsisoft though it is good. CF/MD probably my plans for 2024.
 
F

ForgottenSeer 100397

So you know on Windows 11, MD's "Antimalware Service Executable/MsMpEng.exe" always keeps running even when a third-party AV is installed. So maybe MS has now created this new "Antimalware Core Service" which will be the one that will now keep running always.
There is no instance of MsMpEng running on our Windows 11 systems with Kaspersky. I'll confirm and update here regarding this and the new service.
 
  • Like
Reactions: harlan4096

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
There is no instance of MsMpEng running on our Windows 11 systems with Kaspersky. I'll confirm and update here regarding this and the new service.
It may not always run on systems that were upgraded to 11 from 10 without freshly installing windows. Or if it was disabled using something like Defender Control or other manual method.
 

ErzCrz

Level 23
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
It may not always run on systems that were upgraded to 11 from 10 without freshly installing windows. Or if it was disabled using something like Defender Control or other manual method.
Ah okay. It's Win 11 as it was shipped and SAC disabled. Doesn't really matter since using MD anyway but just something I noticed when I was trying out a couple of different configurations ;) Thanks for the info.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top