Advanced Plus Security ErzCrz Security Config 2024

Last updated
Oct 7, 2024
How it's used?
For home and private use
Operating system
Windows 11
On-device encryption
BitLocker Device Encryption for Windows
Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Security updates
Allow security updates and latest features
Update channels
Allow stable updates only
User Access Control
Always notify
Smart App Control
Off
Network firewall
Enabled
About WiFi router
Sky Router with built-in IPV4/IPv6 Firewall
Real-time security
Microsoft Defender
DefenderUI
CyberLock
WFC
Firewall security
Other - Internet Security (3rd-party)
About custom security
DefenderUI - Reccomended
Cyberlock - ON - Create In/Out Firewall Rules for Unsafe Items. Require Captcha to exit.
Periodic malware scanners
Norton Power Eraser
Malware sample testing
I do not participate in malware testing
Environment for malware testing
N/A
Browser(s) and extensions
Primary: Edge with UBOLite in Complete Mode
Secondary - Firefox with uBO in Medium Mode
Secure DNS
Provided by ISP Sky Shield though occasionally Cloudflare DNS over HTTP.
Desktop VPN
None. Browsing primarily on home private network.
Password manager
Keepass 2.x or KeePassXC whichever is my flavour of the month though they use the same database file.
Maintenance tools
Windows built-in Disk Clean-up and Storage Sense.
File and Photo backup
Seagate - Toolkit - Weekly Backup
Subscriptions
    • None
System recovery
AOMEI System Backup Monthly to external drive.
Risk factors
    • Browsing to popular websites
    • Working from home
    • Making audio/video calls
    • Opening email attachments
    • Buying from online stores, entering banks card details
    • Downloading software and files from reputable sites
    • Gaming
    • Streaming audio/video content from trusted sites or paid subscriptions
Computer specs
Notable changes
22.01.2022 - Reverted to Comodo Internet Security setup with Firefox as default browser and Thunberbird email client.
15.05.2022 - Reverted to Hard_Configurator setup following errors after uninstall and PC reset with Edge as default browser for MD integration while also sticking to Thunderbird for email & Updated backup routine.
13.08.2022 - Swapped to built-in backup solution.
12.09.2022 - General update in line with new guidelines.
29.10.2022 - Edge Exploit Tweaks re-implimented
15.11.2022 - Edge Exploit Tweaks removed. Removed OneDrive backups.
18.11.2022 - Firefox now my primary browser & Thunderbird primary email client.
12.12.2022 - updated Dec 2022 changes, backup now manual and onedrive. Experimenting with Comodo Internet Security but not fully committed to it yet.
11.01.2023 - Updated Security Configuration for new laptop and having won Emisoft giveaway.
22.01.2023 - Reverted to MD, ConfigureDefender - High & Enabled CFA, FWHardener, Added NPE to scanner, Edge exploit tweaks.
01.02.2023 - Now using Seagate Toolkit for Backup of Documents and Folders
18.05.2023 - Using H_C Beta and few unticks/ticks of PC use.
24.06.2023 - Back to Emsisoft Anti-Malware Home, Changed Password Manager to KeepassXC
02.09.2023 - Switched from Emsisoft Setup to CF/MD Configuration
20.10.2023 - Switched to Firefox, no longer using VPN for as work now has Azure cloud servers. Temporarily removed custom exploit settings.
01.11.2023 - Back to MD H_C setup
12.12.2023 - Added Anti-Exploit Tweaks and uBO in Hard Mode with noop rules.
20.12.2023 - Removed custom exploit rules as having some Edge freezes. Moved back to Comodo Firewall with Cruelsister Configuration.
21.12.2023 - Firefox now primary browser.
27.12.2023 - Edge changed to Primary Browser
06.01.2024 - Removed WFC, Implemented WFH & CL create firewall rules for not safe items.
08.01.2024 - Re-Added WFC
03.01.2024 - Firefox now primary browser.
21.01.2024 - Changed Primary Browser to Edge
28.01.2024 - Removed WFC and replaced with CF
05.02.2024 - Returned to WFC
28.02.2024 - Adjusted uBO Rules & Added Netcraft & BD:TL extensions
25.03.2024 - Changed to CIS .8012
10.04.2024 - Reverted to MD/DefenderUI/Cyberlock/WFC Config
11.04.2024 - Reverted to MD/DefenderUI/Cyberlock/CF
21.05.2024 - CIS Final Beta, AOMEI System Backup Monthly - Scheduled, Firefox Primary Browser and uBO only for browser extensions.
31.05.2024 - CIS Premium 2025 Released
18.06.2024 - CF 2025, DefenderUI, CyberLock
27.06.2024 - Swapped KeepassXC to Keepass
04.08.2024 - Swapped uBO for Ghostery in Edge
03.09.2024 - Swapped CF for WFC and Ghostery for UBOL
03.10.2024 - Renewed Emsisoft Anti-Malware Home Subscription and removed DefenderUI and WFC
31.12.2023 - New config for 2024 - MD (DefenderUI), CyberLock,WFC
----------------------------------------
07.10.2024 - Returned to MD (DefenderUI), CyberLock,WFC configuration.

Disclaimer we use date format DD/MM/YYYY here in the UK
What I'm looking for?

Looking for minimum feedback.

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Had Local Security Authority Protection warning this morning. It was turned off. Turned it on and restarted twice but had to dismiss the warning message in the end and pagece still says "This change requires you to restart your device" but at least it's enabled. A new feature or something else going on?? Win 11

1677262707107.png
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Had Local Security Authority Protection warning this morning. It was turned off. Turned it on and restarted twice but had to dismiss the warning message in the end and pagece still says "This change requires you to restart your device" but at least it's enabled. A new feature or something else going on?? Win 11

View attachment 273131
I have the same issue. It's mentioned here Redirecting
The fix, which I haven't tried, is here: Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
I'm hoping that MS fixes this with a future update.
 

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
I have the same issue. It's mentioned here Redirecting
The fix, which I haven't tried, is here: Enable or Disable Local Security Authority (LSA) Protection in Windows 11 Tutorial
I'm hoping that MS fixes this with a future update.
Ah okay thanks! It had me going there for a minute this morning LOL.

EDIT: The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.

Registry entries from your Enable/Disable link:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"RunAsPPL"=dword:00000002
"RunAsPPLBoot"=dword:00000002
 
Last edited:

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Been a bit manic at this end. Reverted to complete default MD setup a bit undecided about what to go with lately. Probably Comodo's announcement of future updates has me thinking about that again and not been using the Emsisoft subscription I won much. Just kind of in limbo security wise. Bear (or bare) with me :D

I probably just need to stick with the basics of CD on High at the moment or until I do a fresh install for SAC which isn't happening soon.
 
Last edited:

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,638
EDIT: The RunAsPPL entry was there in the registry but not the RunAsPPLBoot. Adding this entry fixed the issue.
Was it 1 or 2? I am wondering, whether RunAsPPLBoot entry is required. I am using (more secure?) RunAsPPL=1 and since it is UEFI locked, it should be enabled at boot? :unsure:
 
  • Like
Reactions: oldschool

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Was it 1 or 2? I am wondering, whether RunAsPPLBoot entry is required. I am using (more secure?) RunAsPPL=1 and since it is UEFI locked, it should be enabled at boot? :unsure:
I think it was 2 and still is.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
@TairikuOkami
I think it was 2 and still is.
Yes. I think both key values are the default value 2 when you enable LSA in Windows Security. The bug in Windows 11 22H2 is that the 2nd key isn't created and users get the "This change requires ..." message even after restarting machine. At least that's how I understand it.

For those who aren't so computer savvy, like myself, I found these detailed directions (Method 2) for manually adding the new key so I wouldn't have to rely on a .reg file.
 
Last edited:
  • Like
  • +Reputation
Reactions: Nevi and ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Doing my usual chopping and changing while I wait for H_C 6.1.1.1 to come out of beta. Running CF with @cruelsister 's settings and MD with CD set to High. Will update configuration on top of thread once I've been using it for a few.
 

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
I'm typically indecisive and a bit at a crossroads. I think I should really take advantage of that Emsisoft AV subscription and stick with that for now. It's a good product and even though it uses 600+meg of ram, it doesn't really affect my system performance with 16gb on board. Will update config tomorrow.
 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
I'm typically indecisive and a bit at a crossroads. I think I should really take advantage of that Emsisoft AV subscription and stick with that for now. It's a good product and even though it uses 600+meg of ram, it doesn't really affect my system performance with 16gb on board. Will update config tomorrow.
I'm pretty sure the high RAM usage is just temporary just like with pretty much every Bitdefender Engine-based AV. I installed G-Data and had 1gb RAM usage. Now after like 3 days, it dropped down to 400 mb. Just do a full scan and dont shut down your PC for a night.
 

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
I'm pretty sure the high RAM usage is just temporary just like with pretty much every Bitdefender Engine-based AV. I installed G-Data and had 1gb RAM usage. Now after like 3 days, it dropped down to 400 mb. Just do a full scan and dont shut down your PC for a night.
Thanks. It's settled into the 400s now. I really want to use CF but have to do a fair bit of whitelisting and allow rules. Will pick it back up again when I've had time to some more research on that ;)
 
  • Like
Reactions: Kongo

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Done a lot of bouncing around between security configs this year. Trying to go back to a more simplistic route with H_C and MD or just CF and MD. Fort Firewall also a possibility if you can default block outgoing.

CF takes some tweaking apart from cruelsister settings. Firewall rules for 443 outgoing windows host apps and ports 53, 5353, 1900 & 443 outbound rules as default CF web browser preset doesn't include HTTPS, DNS, SSDP or IPv6 Neighbourhood Solicitation but maybe that's as I'm filtering IPv6 along with IPv4.

Anyway, will update the config when I settle on one :)
 

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Getting lots of spam lately. No new haveibeenpwned breaches must just be that time of year. The usual you've been watching... some fake tinder and other random stuff. Thankfully domain host provider spam filter is quite effective and Thunderbird catches what's missed. Does always make me paranoid but in reality it's just data from old breaches and my protection levels cover things ;)

CFW working okay though saw it not registering in Security Centre a few times but it's still doing it's job at least containing malware in simple tests. I like Emsisoft which will block malware connections and full scans taking less than 5 minutes so maybe just go with that if there's further CFW issues.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
CFW working okay though saw it not registering in Security Centre a few times but it's still doing it's job at least containing malware in simple tests.
I like the CFW, but I hate it when the Security Center keeps reporting that the firewall is disabled and when it was the CIS that the AV is outdated and this is old this bug, although it is not so often these notifications. Me if I do not fail memory the build 6888 did not have this. I thought it was only with me that this occurred.😞
 
  • Like
Reactions: ErzCrz

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
Getting lots of spam lately.
I was getting barraged with spam texts on my phone, multiple times a day. It took weeks of continual reporting and then they tailed off, to be very sporadically replaced by texts in Chinese. After more reporting they seem to have stopped.
 
  • Wow
Reactions: ErzCrz

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
I refuse to use anything with these kinds of bugs, even though they're minor they drive my OCD wild. 😄 Which is why I'm sticking with Windows Security.
Yes, I have a hard time committing to Comodo fully until the apparent 2024 update that we're meant to see this summer. I'm trying out the H_C Beta 2 at the moment.
 
  • Like
Reactions: Nevi and oldschool

ErzCrz

Level 22
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,170
Quick update to config. Using Hard_Configurator Beta 3. Oh and a few swaps of ticks relating to PC use.

That issue I thought was H_C related regarding Thunderbird slow server issue turned out to be a email server issue and not directly related to H_C,CD,FWH.

Anyway, played around a fair bit with Comodo but had to add a lot of allow rules and I'm just sticking with MD/H_C until at least this "summer release" happens or I get more clarification about Firewall rules relating to svchost and windows apps connecting out to port 443.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top