Advanced Plus Security ErzCrz Security Config 2024

Last updated
May 19, 2023
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
CyberLock
Malwarebytes WindowsFirewallControl
Firewall security
Other - Internet Security (3rd-party)
About custom security
Microsoft Defender with DefenderUI (Recommended)
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items.
WFC - Medium Filtering - Display Notifications - Secure Profile
Periodic malware scanners
Emisoft Emergency Kit / Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Firefox with uBO in Hard Mode with noop rules
Secondary - Edge with uBO in Hard Mode with noop rules
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
KeepassXC
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
System recovery
External Drive - Backup of Documents and folders.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
05.02.2024 - Returned to WFC

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,619
Ah okay. It's Win 11 as it was shipped and SAC disabled. Doesn't really matter since using MD anyway but just something I noticed when I was trying out a couple of different configurations ;) Thanks for the info.
In that comment, I was actually talking about the MsMpEng.exe service that always runs on Windows 11. This MpDefenderCoreService.exe is new, and I don't have it yet. Probably pushed to a few users, mainly those who have enabled early updates like you. Even Microsoft Defender's update channel can be changed to a beta build.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
7,896
Hi,

Some info about the new services:
 
F

ForgottenSeer 100397

It may not always run on systems that were upgraded to 11 from 10 without freshly installing windows. Or if it was disabled using something like Defender Control or other manual method.
A clean installation of Windows 11 with no disabling of Defender using any methods!
 
  • Like
Reactions: simmerskool

oldschool

Level 80
Verified
Top Poster
Well-known
Mar 29, 2018
6,964
Hi,

Some info about the new services:
we are shipping the Microsoft Defender Core service which will help with stability and performance of Microsoft Defender Antivirus.
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Playing around with CF installed as usual. Just running .8012 while I wait for next stable.

My Asus OEM originated MemCompression (system file) tried to connect out ICMPv6 Neighbour Solicitation. There was a old related bug but was fixed in previous versions. Might try out Beta2 and see if it shows up again. It got blocked by default while I looked up the information.

1701699722869.png
 
Last edited:

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Did a but more testing CIS/CF Beta. Was wrking quite well but checking logs after full sceen game and firefox running in background, there was a HIPS block of Werfault and checking logs there was a few 1000 application errors. Kind of proves HIPS not ready yet for Win 11 at least with current beta. Haven't had such issue with current stable on my Win 11 machine. I'll just stick with CF with @cruelsister 's setup is the least troublesome route. ;)
Good news on the Beta2 front, the minor program update you get resolves the leftover drivers issue after you uninstall it though the Event Viewer and Startup entries still have to be manually removed.
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Please link your current config thread to your account. It's still the 2020 Config.
Thanks, I'd forgotten about changing that.

On a different note, my earlier issue might have been Firefox related as it crashed /shrug. Seems changing things too much on this machine makes it unhappy.
Back to MD H_C etc as indicated in this top post and your exploit settings I think.
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Anti-Exploit settings in line with @oldschool 's config

-------------------------
Complete Exploit Protection settings

System settings:

Control flow guard (CFG) - Use default (On)
Data execution prevention (DEP) - Use default (On)
Force randomization for images (Mandatory ASLR) - On by default
Randomize memory allocations (Bottom-up ASLR) - Use default (On)
High entropy ASLR - Use default (On)
Validate exception chains (SEHOP) - Use default (On)
Validate heap integrity - Use default (On)

Edge:

Block low integrity images - On
Block remote images - On
Validate image dependency integrity - ON
Block untrusted fonts - On
Code integrity guard - On | Also allow images signed by MS Store - Unchecked
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On | Enforce for all modules ... - Checked
Validate handle usage - On
---------------------------------
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Haven't been able to replicate that issue I had with CIS Beta2. Got a fair bit of time on my hands since i'm off on sick leave re: ErzCrz Status Update 30.11.2023 so time to try out different things. I expect I'll not be instructed not to be back at work until after Chrismas as waiting on a date for a treatment.
Anyway, TMI. Just trying out different things that won't mess up the system. THe Hard_Configurator setup is good though I don't like Microsoft Store updates not updating automatically. The workaround is to turn off the instealler SRP rule but that's a security risk. I'll just thave to check the store manually now and then if going down that route but CF & MD or similar best of both worlds.
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Given my old Office 2013 ended support back in April I've just been using work system for any document writing/handling but have occasionally ended up using word etc via Edge. Thinking of going more local application now. Office365 is £60.00 for the year and I'm just not sure, that's quite a chunk of change. Might give Libre Office another go.
 

Gandalf_The_Grey

Level 75
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,446
Given my old Office 2013 ended support back in April I've just been using work system for any document writing/handling but have occasionally ended up using word etc via Edge. Thinking of going more local application now. Office365 is £60.00 for the year and I'm just not sure, that's quite a chunk of change. Might give Libre Office another go.
You could also try FreeOffice:
Installed that for my father (when he was still alive) and he really liked that.
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Just changing things up again some. Back to Comodo Firewall with @cruelsister configuration.
Removed custom exploit rules as having some Edge freezes.
I'm trialling ConfigureDefender - High and WindowsFirewallHardening - Recommended as an additional tweak not noted above but want to ensure no conflicts before confirming the setup. I know neither is necessary so undecided about CD and WFH at the moment.
 
F

ForgottenSeer 100397

There is no instance of MsMpEng running on our Windows 11 systems with Kaspersky. I'll confirm and update here regarding this and the new service.
Today, I checked the system and found that MsMpEng is not running with Kaspersky installed, and the new service is not present. I had performed a clean Win 11 install without disabling Defender manually or with third-party software.
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Today, I checked the system and found that MsMpEng is not running with Kaspersky installed, and the new service is not present. I had performed a clean Win 11 install without disabling Defender manually or with third-party software.
Hmm, interesting. Will have to check again next time I do a full CIS install. Just running CF and MD at the moment until another beta or eventual stable.

Thanks and Merry Christmas
 

ErzCrz

Level 20
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
951
Enjoying Firefox though had a couple of catch up telly playback errors but that may have been ublock rules related. It does use some more resources than Edge though not an issue with my laptop. I did find that Edge's power efficiency particularly good in comparison when i ran a full screen game and had browser windows opened in the background which I know isn't the norm for playing games but Edge used half the resources of Firefox in that instance. Having seen a couple of articles on reducing Edge bloat I am considering making Edge default again but it's apples and oranges I guess it's just a case of using what works best for us.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top