Advanced Plus Security ErzCrz Security Config 2024

Last updated
May 19, 2023
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender + DefenderUI
CyberLock
Comodo Firewall .8012
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Recommended Settings
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
Comodo Firewall - Cruelsister Configuration
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with uBO in Medium Mode - Netcraft/BD:TL
Secondary - Firefox with uBO in Medium Mode - Netcraft/BD:TL
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
KeepassXC
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Active subscriptions
    • None
System recovery
External Drive - Backup of Documents and folders.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
ErzCrz Laptop Specs 2024
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC

11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,635
ErzCrz said:
Ah okay. It's Win 11 as it was shipped and SAC disabled. Doesn't really matter since using MD anyway but just something I noticed when I was trying out a couple of different configurations ;) Thanks for the info.
Click to expand...
In that comment, I was actually talking about the MsMpEng.exe service that always runs on Windows 11. This MpDefenderCoreService.exe is new, and I don't have it yet. Probably pushed to a few users, mainly those who have enabled early updates like you. Even Microsoft Defender's update channel can be changed to a beta build.
 
  • Like
  • Thanks
Reactions: oldschool and ErzCrz
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Hi,

Some info about the new services:
m365admin.handsontek.net

New Microsoft Defender Antivirus services on Windows Devices - M365 Admin

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with two new services: Microsoft Defender Core service. Microsoft Data Loss Prevention Service When this will happen: Preview: Nov ‘23 to Beta channel (Prerelease). Standard: We will begin rolling out mid-January 2024 and...
m365admin.handsontek.net m365admin.handsontek.net
 
  • +Reputation
  • Like
Reactions: CyberTech, SeriousHoax, simmerskool and 2 others
F

ForgottenSeer 100397

SeriousHoax said:
It may not always run on systems that were upgraded to 11 from 10 without freshly installing windows. Or if it was disabled using something like Defender Control or other manual method.
Click to expand...
A clean installation of Windows 11 with no disabling of Defender using any methods!
 
  • Like
Reactions: simmerskool
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,114
Andy Ful said:
Hi,

Some info about the new services:
m365admin.handsontek.net

New Microsoft Defender Antivirus services on Windows Devices - M365 Admin

Microsoft Defender Antivirus on Windows 10 and Windows 11 will be shipping with two new services: Microsoft Defender Core service. Microsoft Data Loss Prevention Service When this will happen: Preview: Nov ‘23 to Beta channel (Prerelease). Standard: We will begin rolling out mid-January 2024 and...
m365admin.handsontek.net m365admin.handsontek.net
Click to expand...
we are shipping the Microsoft Defender Core service which will help with stability and performance of Microsoft Defender Antivirus.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Nevi, CyberTech, Andy Ful and 3 others
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Playing around with CF installed as usual. Just running .8012 while I wait for next stable.

My Asus OEM originated MemCompression (system file) tried to connect out ICMPv6 Neighbour Solicitation. There was a old related bug but was fixed in previous versions. Might try out Beta2 and see if it shows up again. It got blocked by default while I looked up the information.

1701699722869.png
 
Last edited:
  • Like
Reactions: simmerskool and harlan4096
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Did a but more testing CIS/CF Beta. Was wrking quite well but checking logs after full sceen game and firefox running in background, there was a HIPS block of Werfault and checking logs there was a few 1000 application errors. Kind of proves HIPS not ready yet for Win 11 at least with current beta. Haven't had such issue with current stable on my Win 11 machine. I'll just stick with CF with @cruelsister 's setup is the least troublesome route. ;)
Good news on the Beta2 front, the minor program update you get resolves the leftover drivers issue after you uninstall it though the Event Viewer and Startup entries still have to be manually removed.
 
  • Like
Reactions: Nevi, simmerskool, Gandalf_The_Grey and 1 other person
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
oldschool said:
Please link your current config thread to your account. It's still the 2020 Config.
Click to expand...
Thanks, I'd forgotten about changing that.

On a different note, my earlier issue might have been Firefox related as it crashed /shrug. Seems changing things too much on this machine makes it unhappy.
Back to MD H_C etc as indicated in this top post and your exploit settings I think.
 
  • Like
Reactions: simmerskool, Jonny Quest, Gandalf_The_Grey and 1 other person
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Anti-Exploit settings in line with @oldschool 's config

-------------------------
Complete Exploit Protection settings

System settings:

Control flow guard (CFG) - Use default (On)
Data execution prevention (DEP) - Use default (On)
Force randomization for images (Mandatory ASLR) - On by default
Randomize memory allocations (Bottom-up ASLR) - Use default (On)
High entropy ASLR - Use default (On)
Validate exception chains (SEHOP) - Use default (On)
Validate heap integrity - Use default (On)

Edge:

Block low integrity images - On
Block remote images - On
Validate image dependency integrity - ON
Block untrusted fonts - On
Code integrity guard - On | Also allow images signed by MS Store - Unchecked
Mandatory ASLR (default above) > Do not allow stripped images - Checked
Hardware enforced stack protection - On | Enforce for all modules ... - Checked
Validate handle usage - On
---------------------------------
 
  • Like
Reactions: Nevi, simmerskool, Moonhorse and 3 others
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Haven't been able to replicate that issue I had with CIS Beta2. Got a fair bit of time on my hands since i'm off on sick leave re: ErzCrz Status Update 30.11.2023 so time to try out different things. I expect I'll not be instructed not to be back at work until after Chrismas as waiting on a date for a treatment.
Anyway, TMI. Just trying out different things that won't mess up the system. THe Hard_Configurator setup is good though I don't like Microsoft Store updates not updating automatically. The workaround is to turn off the instealler SRP rule but that's a security risk. I'll just thave to check the store manually now and then if going down that route but CF & MD or similar best of both worlds.
 
  • Like
Reactions: Nevi, simmerskool and Gandalf_The_Grey
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Given my old Office 2013 ended support back in April I've just been using work system for any document writing/handling but have occasionally ended up using word etc via Edge. Thinking of going more local application now. Office365 is £60.00 for the year and I'm just not sure, that's quite a chunk of change. Might give Libre Office another go.
 
  • Like
Reactions: Nevi, simmerskool, micasayyo and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
ErzCrz said:
Given my old Office 2013 ended support back in April I've just been using work system for any document writing/handling but have occasionally ended up using word etc via Edge. Thinking of going more local application now. Office365 is £60.00 for the year and I'm just not sure, that's quite a chunk of change. Might give Libre Office another go.
Click to expand...
You could also try FreeOffice:

FreeOffice: The best free alternative to Microsoft Office

FreeOffice, the best free alternative to Microsoft Office (Word, Excel, PowerPoint) for Windows, Mac and Linux
www.freeoffice.com www.freeoffice.com
Installed that for my father (when he was still alive) and he really liked that.
 
  • Like
Reactions: Nevi, simmerskool, ZeroDay and 1 other person
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
  • Like
Reactions: simmerskool, micasayyo, ZeroDay and 1 other person
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Just changing things up again some. Back to Comodo Firewall with @cruelsister configuration.
Removed custom exploit rules as having some Edge freezes.
I'm trialling ConfigureDefender - High and WindowsFirewallHardening - Recommended as an additional tweak not noted above but want to ensure no conflicts before confirming the setup. I know neither is necessary so undecided about CD and WFH at the moment.
 
  • Like
Reactions: Nevi, simmerskool, Kongo and 2 others
F

ForgottenSeer 100397

rhythm said:
There is no instance of MsMpEng running on our Windows 11 systems with Kaspersky. I'll confirm and update here regarding this and the new service.
Click to expand...
Today, I checked the system and found that MsMpEng is not running with Kaspersky installed, and the new service is not present. I had performed a clean Win 11 install without disabling Defender manually or with third-party software.
 
  • Like
  • Thanks
Reactions: simmerskool, oldschool, ErzCrz and 2 others
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
rhythm said:
Today, I checked the system and found that MsMpEng is not running with Kaspersky installed, and the new service is not present. I had performed a clean Win 11 install without disabling Defender manually or with third-party software.
Click to expand...
Hmm, interesting. Will have to check again next time I do a full CIS install. Just running CF and MD at the moment until another beta or eventual stable.

Thanks and Merry Christmas
 
  • Like
Reactions: Nevi, simmerskool, oldschool and 1 other person
ErzCrz

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,023
Enjoying Firefox though had a couple of catch up telly playback errors but that may have been ublock rules related. It does use some more resources than Edge though not an issue with my laptop. I did find that Edge's power efficiency particularly good in comparison when i ran a full screen game and had browser windows opened in the background which I know isn't the norm for playing games but Edge used half the resources of Firefox in that instance. Having seen a couple of articles on reducing Edge bloat I am considering making Edge default again but it's apples and oranges I guess it's just a case of using what works best for us.
 
  • Like
Reactions: Nevi, simmerskool, Gandalf_The_Grey and 2 others

Similar threads

ErzCrz
    • Like
    • Applause
    • +Reputation
Advanced Plus Security ErzCrz config 2021
Replies
54
Views
11,825
CSC Archive
ErzCrz
ErzCrz
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
75
Views
10,406
Other security for Windows, Mac, Linux
Warencom
W
4
    • Like
    • Thanks
    • +Reputation
Reverse Engineering Rogue Kaspersky browser extension
Replies
12
Views
2,911
Malware Analysis
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top