Advanced Plus Security ErzCrz Simple Strong Protection 2020

Last updated
Sep 22, 2020
How it's used?
For home and private use
Operating system
Windows 10
Log-in security
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Microsoft Defender
Firewall security
Microsoft Defender Firewall
About custom security
Hard_Configurator (recommended settings), Configure Defender (high), Firewall Hardening (recommended rules)
Periodic malware scanners
Malwarebytes Free
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Microsoft Edge (Chromium)
UBlock Origin
Tweaked Anti-Exploit settings for Chromium Edge (see change-log for link)
Maintenance tools
BleachBit
File and Photo backup
Macrium Reflect (Free)
System recovery
Macrium Reflect (Free) to External HD Monthly
Risk factors
    • Browsing to popular websites
    • Working from home
    • Gaming
    • Streaming audio/video content from shady sites
Computer specs
Acer Aspire E15
Intel Core i3-400SU
Intel HD Graphics 4400
12 Gig DDR 11 RAM
1TB HDD
Notable changes
20/12/2020 - Reverted back to MD H_C

19/12/2020 - Swapped back to latest Comodo Internet Security stable.

07/10/2020 - Tweaked uBO Removing static rule for object,ping to improve browsing.

22/09/2020 - Changed from KeePassXC to Original KeePass 2.x. Also removed KeePassXC Edge Extension.

19/09/2020 - Changed from Windows Mail to Thuderbird 78.2.2

08/09/2020 - Tweaked Chromium Edge Anti-Exploit settings: SECURITY: Complete - ErzCrz Simple Strong Protection

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Probably just a case of swapping over to the Recommended_Strict profile and there's always CF with CS settings but as @oldschool says, stay safe not paranoid.

A lot of the protect is probably front end really. I could always try UBO with my variation but in Hard_Mode and do OldSchool's Edge exploit protection settings which just keeps stuff out in the first place.

Anyway, I'm probably just paranoid. Time for bed.
 
Last edited:
F

ForgottenSeer 85179

Feeling a little security paranoid at the moment with all this ransomeware stuff going around and spam calls etc. Time to jst check and see if there's any tweaks I should do.
Your system is already good enough protected.
Even without uBlock origin you're safe. Chromium code has a strong sandbox and if you enable Code Integrity for Edge, you're even more safe.
JavaScript exploits are rare in Chromium code so that isn't a problem for you.

In the past I switch from strong uBlock origin + uMatrix to AdGuard, then to blocking Javascript in Edge and now only AdGuard (for some annoying ads). But I also use my 3 browser profile solution.

So yeah, be safe not paranoid (y)
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
So, just did the Edge Chromium anti-exploit tweaks

Source: SECURITY: Complete - oldschool's 2020 laptop setup

DD for Edge Chromium only:

Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)

- for Brave, Edge and Firefox: (* I've opted for these in Chromium Edge as well * )

Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON

So far no issues :)
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Your system is already good enough protected.
Even without uBlock origin you're safe. Chromium code has a strong sandbox and if you enable Code Integrity for Edge, you're even more safe.
JavaScript exploits are rare in Chromium code so that isn't a problem for you.

In the past I switch from strong uBlock origin + uMatrix to AdGuard, then to blocking Javascript in Edge and now only AdGuard (for some annoying ads). But I also use my 3 browser profile solution.

So yeah, be safe not paranoid (y)

Sorted the anti-exploit and now considering your three browser profile solution. Will safe that for later on or another day :D Still using the profiles you detailed in this post ( Edge - Chromium-Edge "3-Browser-Profiles" Solution ) I presume.

Thanks again.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Isn't that a default policy setting in Edge? Quote: If this policy is enabled or left unset, then Renderer Code Integrity is enabled. from the site Enable renderer code integrity

Thanks for you reply. I'm using Chromium Edge (current version 85.0.564.44 I don't have such registry entry and Code Integrity Guard is disabled by default so I have this enabled.

1599571717445.png
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Isn't that a default policy setting in Edge? Quote: If this policy is enabled or left unset, then Renderer Code Integrity is enabled. from the site Enable renderer code integrity
This Edge policy protects the attacks from inside the web browser. The anti-exploit mitigation (via "Exploit protection" from Security Center) proposed by @security123 can protect the msedge.exe from malware already running in the system (DLL injections, etc.). It should be OK with WD but some AVs and security applications usually try to make such injections and this can cause the issues.(y)
 

Jan Willy

Level 11
Verified
Top Poster
Well-known
Jul 5, 2019
544
This Edge policy protects the attacks from inside the web browser. The anti-exploit mitigation (via "Exploit protection" from Security Center) proposed by @security123 can protect the msedge.exe from malware already running in the system (DLL injections, etc.). It should be OK with WD but some AVs and security applications usually try to make such injections and this can cause the issues.(y)
Thanks for the explanation. The discussion on Guide to Tweak of built-in Exploit protection in Windows Security has also made it more clear. I understand that some confusion is possible.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
The anti-exploit mitigation (via "Exploit protection" from Security Center) proposed by @security123 can protect the msedge.exe from malware already running in the system (DLL injections, etc.).
In this case, Windows usually displays an error message re: DLL injection to alert the user, e.g. if exploit settings are customized and then the user installs Malwarebytes Anti-Exploit Beta.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Just a quick update. Swapped out Windows Mail in Windows 10 for Thunderbird. Windows Mail just doesn't quite work half the time, the cursor changes or there's a glitch in selecting text and no proper organization or ability to change the layout much. Finally got Thunderbird working properly so swapped to that for ease of use and still secure as it's updated. Thunderbird latest version running well.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Changed from KeePassXC to Original KeePass 2.x. Also removed KeePassXC Edge Extension.

The idea being to remove browser integration and KeePass 2.x uses a separate secure database for the TOTP plugin. Incidentally, the one to use is: Rookiestyle/KeePassOTP which is quite easy to setup.

* I know this isn't technically Two-Factor authentication as such but my birthday is in a couple of weeks so might add that to my list of things to get though I'd have to order one as I couldn't see one available locally in a shop.
 

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
Changed from KeePassXC to Original KeePass 2.x. Also removed KeePassXC Edge Extension.

The idea being to remove browser integration and KeePass 2.x uses a separate secure database for the TOTP plugin. Incidentally, the one to use is: Rookiestyle/KeePassOTP which is quite easy to setup.

* I know this isn't technically Two-Factor authentication as such but my birthday is in a couple of weeks so might add that to my list of things to get though I'd have to order one as I couldn't see one available locally in a shop.
which version of keepass 2 you are using? note that some plugins for version 2 are no longer supported with the latest version of keepass (one being the one to import passwords from browsers)
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
which version of keepass 2 you are using? note that some plugins for version 2 are no longer supported with the latest version of keepass (one being the one to import passwords from browsers)

Version 2.4.6 (Latest)

1600813715328.png


There are several OTP extensions but the one I linked was updated recently and a live github project. Seems to work fine and quite easy to use. I don't use the browser extensions anymore. While it was a convenience, half the time the KeepassXC one didn't work properly and it took just as long to open the database anyway so I feel it's safer just using the desktop app.
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
Just a tweak on mu uBO setup. I removed the below which seems to have been slowing some pages and making some parts of Facebook not work. Flash is disabled anyway.

! Block (obselete flash) plugins and (hyperling auditing & sending beacons) pings
||*$object,ping

Enjoying a quiet birthday today, time to treat myself to a drink :D
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Things a bit slow as of late on my laptop. Brought WD back out of Sandbox and doing a fresh H_C install to see if that helps :)
If you had H_C installed, then reinstalling it is not necessary. Just apply the settings you like most. The H_C cannot slow down anything because it is not running in your system, except when you will run it manually.
Some settings made by H_C can slightly slow down something, for example, a few ASR rules or Network Protection in ConfigureDefender.(y)
 

ErzCrz

Level 21
Thread author
Verified
Top Poster
Well-known
Aug 19, 2019
1,004
If you had H_C installed, then reinstalling it is not necessary. Just apply the settings you like most. The H_C cannot slow down anything because it is not running in your system, except when you will run it manually.
Some settings made by H_C can slightly slow down something, for example, a few ASR rules or Network Protection in ConfigureDefender.(y)
Thanks :D
That may help. I quit using it long ago. If M$ was invested in this feature, it would implement it by default. It will continue as another hidden, neglected Windows feature.
Yeah, I think that was the cause. Just some things weren't running as smoothly.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top