Advanced Plus Security ErzCrz Security Config 2024

Last updated
Oct 7, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
DefenderUI
CyberLock
WFC
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Reccomended
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with UBOLite in Complete Mode
Secondary - Firefox with uBO in Medium Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x or KeePassXC whichever is my flavour of the month though they use the same database file.
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Subscriptions
    • None
System recovery
AOMEI System Backup Monthly to external drive.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
ErzCrz Laptop Specs 2024
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
----------------------------------------
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
ErzCrz said:
Ah okay. It's Win 11 as it was shipped and SAC disabled. Doesn't really matter since using MD anyway but just something I noticed when I was trying out a couple of different configurations ;) Thanks for the info.
Click to expand...
In that comment, I was actually talking about the MsMpEng.exe service that always runs on Windows 11. This MpDefenderCoreService.exe is new, and I don't have it yet. Probably pushed to a few users, mainly those who have enabled early updates like you. Even Microsoft Defender's update channel can be changed to a beta build.
 
  • Like
  • Thanks
Reactions: oldschool and ErzCrz
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Hi,

Some info about the new services:
m365admin.handsontek.net

New Microsoft Defender Antivirus services on Windows Devices - M365 Admin

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with two new services: Microsoft Defender Core service. Microsoft Data Loss Prevention Service When this will happen: Preview: Nov ‘23 to Beta channel (Prerelease). Standard: We will begin rolling out mid-January 2024 and...
m365admin.handsontek.net m365admin.handsontek.net
 
  • +Reputation
  • Like
Reactions: CyberTech, SeriousHoax, simmerskool and 2 others
F

ForgottenSeer 100397

SeriousHoax said:
It may not always run on systems that were upgraded to 11 from 10 without freshly installing windows. Or if it was disabled using something like Defender Control or other manual method.
Click to expand...
A clean installation of Windows 11 with no disabling of Defender using any methods!
 
  • Like
Reactions: simmerskool
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Andy Ful said:
Hi,

Some info about the new services:
m365admin.handsontek.net

New Microsoft Defender Antivirus services on Windows Devices - M365 Admin

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with two new services: Microsoft Defender Core service. Microsoft Data Loss Prevention Service When this will happen: Preview: Nov ‘23 to Beta channel (Prerelease). Standard: We will begin rolling out mid-January 2024 and...
m365admin.handsontek.net m365admin.handsontek.net
Click to expand...
we are shipping the Microsoft Defender Core service which will help with stability and performance of Microsoft Defender Antivirus.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Nevi, CyberTech, Andy Ful and 3 others
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Playing around with CF installed as usual. Just running .8012 while I wait for next stable.

My Asus OEM originated MemCompression (system file) tried to connect out ICMPv6 Neighbour Solicitation. There was a old related bug but was fixed in previous versions. Might try out Beta2 and see if it shows up again. It got blocked by default while I looked up the information.

1701699722869.png
 
Last edited:
  • Like
Reactions: simmerskool and harlan4096
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Did a but more testing CIS/CF Beta. Was wrking quite well but checking logs after full sceen game and firefox running in background, there was a HIPS block of Werfault and checking logs there was a few 1000 application errors. Kind of proves HIPS not ready yet for Win 11 at least with current beta. Haven't had such issue with current stable on my Win 11 machine. I'll just stick with CF with @cruelsister 's setup is the least troublesome route. ;)
Good news on the Beta2 front, the minor program update you get resolves the leftover drivers issue after you uninstall it though the Event Viewer and Startup entries still have to be manually removed.
 
  • Like
Reactions: Nevi, simmerskool, Gandalf_The_Grey and 1 other person
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
oldschool said:
Please link your current config thread to your account. It's still the 2020 Config.
Click to expand...
Thanks, I'd forgotten about changing that.

On a different note, my earlier issue might have been Firefox related as it crashed /shrug. Seems changing things too much on this machine makes it unhappy.
Back to MD H_C etc as indicated in this top post and your exploit settings I think.
 
  • Like
Reactions: simmerskool, Jonny Quest, Gandalf_The_Grey and 1 other person
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Anti-Exploit settings in line with @oldschool 's config

-------------------------
Complete Exploit Protection settings

System settings:

Control flow guard (CFG) - Use default (On)
Data execution prevention (DEP) - Use default (On)
Force randomization for images (Mandatory ASLR) - On by default
Randomize memory allocations (Bottom-up ASLR) - Use default (On)
High entropy ASLR - Use default (On)
Validate exception chains (SEHOP) - Use default (On)
Validate heap integrity - Use default (On)

Edge:

Block low integrity images - On
Block remote images - On
Validate image dependency integrity - ON
Block untrusted fonts - On
Code integrity guard - On | Also allow images signed by MS Store - Unchecked
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On | Enforce for all modules ... - Checked
Validate handle usage - On
---------------------------------
 
  • Like
Reactions: Nevi, simmerskool, Moonhorse and 3 others
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Haven't been able to replicate that issue I had with CIS Beta2. Got a fair bit of time on my hands since i'm off on sick leave re: ErzCrz Status Update 30.11.2023 so time to try out different things. I expect I'll not be instructed not to be back at work until after Chrismas as waiting on a date for a treatment.
Anyway, TMI. Just trying out different things that won't mess up the system. THe Hard_Configurator setup is good though I don't like Microsoft Store updates not updating automatically. The workaround is to turn off the instealler SRP rule but that's a security risk. I'll just thave to check the store manually now and then if going down that route but CF & MD or similar best of both worlds.
 
  • Like
Reactions: Nevi, simmerskool and Gandalf_The_Grey
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Given my old Office 2013 ended support back in April I've just been using work system for any document writing/handling but have occasionally ended up using word etc via Edge. Thinking of going more local application now. Office365 is £60.00 for the year and I'm just not sure, that's quite a chunk of change. Might give Libre Office another go.
 
  • Like
Reactions: Nevi, simmerskool, micasayyo and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,259
ErzCrz said:
Given my old Office 2013 ended support back in April I've just been using work system for any document writing/handling but have occasionally ended up using word etc via Edge. Thinking of going more local application now. Office365 is £60.00 for the year and I'm just not sure, that's quite a chunk of change. Might give Libre Office another go.
Click to expand...
You could also try FreeOffice:

FreeOffice: The best free alternative to Microsoft Office

FreeOffice, the best free alternative to Microsoft Office (Word, Excel, PowerPoint) for Windows, Mac and Linux
www.freeoffice.com www.freeoffice.com
Installed that for my father (when he was still alive) and he really liked that.
 
  • Like
Reactions: Nevi, simmerskool, ZeroDay and 1 other person
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
  • Like
Reactions: simmerskool, micasayyo, ZeroDay and 1 other person
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Just changing things up again some. Back to Comodo Firewall with @cruelsister configuration.
Removed custom exploit rules as having some Edge freezes.
I'm trialling ConfigureDefender - High and WindowsFirewallHardening - Recommended as an additional tweak not noted above but want to ensure no conflicts before confirming the setup. I know neither is necessary so undecided about CD and WFH at the moment.
 
  • Like
Reactions: Nevi, simmerskool, Kongo and 2 others
F

ForgottenSeer 100397

rhythm said:
There is no instance of MsMpEng running on our Windows 11 systems with Kaspersky. I'll confirm and update here regarding this and the new service.
Click to expand...
Today, I checked the system and found that MsMpEng is not running with Kaspersky installed, and the new service is not present. I had performed a clean Win 11 install without disabling Defender manually or with third-party software.
 
  • Like
  • Thanks
Reactions: simmerskool, oldschool, ErzCrz and 2 others
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
rhythm said:
Today, I checked the system and found that MsMpEng is not running with Kaspersky installed, and the new service is not present. I had performed a clean Win 11 install without disabling Defender manually or with third-party software.
Click to expand...
Hmm, interesting. Will have to check again next time I do a full CIS install. Just running CF and MD at the moment until another beta or eventual stable.

Thanks and Merry Christmas
 
  • Like
Reactions: Nevi, simmerskool, oldschool and 1 other person
ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Enjoying Firefox though had a couple of catch up telly playback errors but that may have been ublock rules related. It does use some more resources than Edge though not an issue with my laptop. I did find that Edge's power efficiency particularly good in comparison when i ran a full screen game and had browser windows opened in the background which I know isn't the norm for playing games but Edge used half the resources of Firefox in that instance. Having seen a couple of articles on reducing Edge bloat I am considering making Edge default again but it's apples and oranges I guess it's just a case of using what works best for us.
 
  • Like
Reactions: Nevi, simmerskool, Gandalf_The_Grey and 2 others

Similar threads

ErzCrz
    • Like
    • Applause
    • +Reputation
Advanced Plus Security ErzCrz config 2021
Replies
54
Views
13,069
CSC Archive
ErzCrz
ErzCrz
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
13,858
Other security for Windows, Mac, Linux
Warencom
W
4
    • Like
    • Thanks
    • +Reputation
Reverse Engineering Rogue Kaspersky browser extension
Replies
12
Views
3,221
Malware Analysis
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top