diff --git a/src/org/labkey/test/BaseWebDriverTest.java b/src/org/labkey/test/BaseWebDriverTest.java
index c55d11ca20..dc1cde5951 100644
--- a/src/org/labkey/test/BaseWebDriverTest.java
+++ b/src/org/labkey/test/BaseWebDriverTest.java
@@ -187,8 +187,6 @@ public abstract class BaseWebDriverTest extends LabKeySiteWrapper implements Cle
     protected static boolean _checkedLeaksAndErrors = false;
     private static final String ACTION_SUMMARY_TABLE_NAME = "actions";
 
-    protected static final String PERMISSION_ERROR = "User does not have permission to perform this operation.";
-
     static final Set<String> urlsSeen = new HashSet<>();
 
     static
@@ -1542,12 +1540,6 @@ public void setModuleProperties(List<ModulePropertyValue> values)
         }
     }
 
-    public void assertAtUserUserLacksPermissionPage()
-    {
-        assertTextPresent(PERMISSION_ERROR);
-        assertTitleEquals("403: Error Page -- User does not have permission to perform this operation.");
-    }
-
     public void assertNavTrail(String... links)
     {
         String expectedNavTrail = String.join("", links);
diff --git a/src/org/labkey/test/Locators.java b/src/org/labkey/test/Locators.java
index b1b93cf331..c6cc67510a 100644
--- a/src/org/labkey/test/Locators.java
+++ b/src/org/labkey/test/Locators.java
@@ -20,6 +20,8 @@ public abstract class Locators
     public static final Locator documentRoot = Locator.css(":root");
     public static final Locator.IdLocator folderMenu = Locator.id("folderBar");
     public static final Locator.XPathLocator labkeyError = Locator.byClass("labkey-error");
+    public static final Locator.XPathLocator labkeyErrorSubHeading = Locator.byClass("labkey-error-subheading");
+    public static final Locator.XPathLocator labkeyErrorInstruction = Locator.byClass("labkey-error-instruction");
     public static final Locator.XPathLocator labkeyMessage = Locator.byClass("labkey-message");
     public static final Locator signInLink = Locator.tagWithAttributeContaining("a", "href", "login.view");
     public static final Locator.XPathLocator folderTab = Locator.tagWithClass("div", "lk-nav-tabs-ct").append(Locator.tagWithClass("ul", "lk-nav-tabs")).childTag("li");
diff --git a/src/org/labkey/test/components/html/SiteNavBar.java b/src/org/labkey/test/components/html/SiteNavBar.java
index 1f575af1f4..26cee1d254 100644
--- a/src/org/labkey/test/components/html/SiteNavBar.java
+++ b/src/org/labkey/test/components/html/SiteNavBar.java
@@ -285,10 +285,12 @@ public void impersonate(String fakeUser)
 
             AbstractUserHelper.saveCurrentDisplayName(getWrapper());
 
-            if (getWrapper().isElementPresent(Locator.lkButton("Home")))
+            if (getDriver().getTitle().contains("403"))
             {
-                getWrapper().clickAndWait(Locator.lkButton("Home"));
+                // go to home
+                getWrapper().clickAndWait(Locator.tagWithClass("a", "brand-logo"));
             }
+
         }
 
         public void impersonateRoles(String oneRole, String... roles)
diff --git a/src/org/labkey/test/tests/SecurityTest.java b/src/org/labkey/test/tests/SecurityTest.java
index 7a7970964f..f0439082a9 100644
--- a/src/org/labkey/test/tests/SecurityTest.java
+++ b/src/org/labkey/test/tests/SecurityTest.java
@@ -81,6 +81,8 @@ public class SecurityTest extends BaseWebDriverTest
     protected static final String NORMAL_USER_PASSWORD = PASSWORDS[0];
     protected static final String TO_BE_DELETED_USER = "delete_me@security.test";
     protected static final String SITE_ADMIN_USER = "siteadmin_securitytest@security.test";
+    protected static final String PERMISSION_ERROR = "User does not have permission to perform this operation.";
+    protected static final String NOT_FOUND_ERROR = "notFound";
 
     @Override
     public List<String> getAssociatedModules()
@@ -199,9 +201,9 @@ protected void cantReachAdminToolFromUserAccount()
         //admin site link not available
         assertElementNotPresent(Locator.id("adminMenuPopupText"));
 
-        //can't reach admin urls directly either
+        //can't reach admin urls and invalid urls directly either
         for (String url : unreachableUrls)
-            assertUrlForbidden(url);
+            assertNonReachableUrl(url);
 
         //shouldn't be able to view own history either
         goToMyAccount();
@@ -211,12 +213,15 @@ protected void cantReachAdminToolFromUserAccount()
     }
 
     @LogMethod
-    public void assertUrlForbidden(String url)
+    public void assertNonReachableUrl(String url)
     {
         log("Attempting to reach URL user does not have permission for:  " + url);
         SimpleHttpResponse httpResponse = WebTestHelper.getHttpResponse(url);
-        if (HttpStatus.SC_FORBIDDEN != httpResponse.getResponseCode() ||
-            !httpResponse.getResponseBody().contains(PERMISSION_ERROR))
+
+        if ((HttpStatus.SC_FORBIDDEN != httpResponse.getResponseCode() ||
+                !httpResponse.getResponseBody().contains(PERMISSION_ERROR)) &&
+                (HttpStatus.SC_NOT_FOUND != httpResponse.getResponseCode() ||
+                !httpResponse.getResponseBody().contains(NOT_FOUND_ERROR)))
         {
             // Go to page for better failure screenshot
             beginAt(url);
@@ -858,7 +863,7 @@ public void loginSelfRegistrationDisabledTest()
         assertFalse("Self-registration button is visible", link != null && link.isDisplayed());
 
         beginAt(buildURL("login", "register"));
-        assertElementPresent(Locators.labkeyError.withText("Registration is not enabled."));
+        waitForElement(Locators.labkeyErrorSubHeading.withText("Registration is not enabled."));
 
         // cleanup: sign admin back in
         signIn();
diff --git a/src/org/labkey/test/tests/UserTest.java b/src/org/labkey/test/tests/UserTest.java
index 377be8ca98..7aed4686b9 100644
--- a/src/org/labkey/test/tests/UserTest.java
+++ b/src/org/labkey/test/tests/UserTest.java
@@ -561,7 +561,7 @@ public void testAddUserCSRF()
         setFormElementJS(Locator.name(Connection.X_LABKEY_CSRF), "");
 
         clickButton("Add Users");
-        assertElementPresent(Locators.labkeyError.containing("This request has an invalid security context."));
+        assertElementPresent(Locators.labkeyErrorSubHeading.containing("You do not have the permissions required to access this page."));
     }
 
     @Override
diff --git a/src/org/labkey/test/tests/list/ListTest.java b/src/org/labkey/test/tests/list/ListTest.java
index 1254519453..426e1c72fe 100644
--- a/src/org/labkey/test/tests/list/ListTest.java
+++ b/src/org/labkey/test/tests/list/ListTest.java
@@ -658,7 +658,7 @@ public void testCustomViews()
         assertEquals("Incorrect response code", 404, getResponseCode());
         assertTextPresent("Query '" + LIST_NAME_COLORS + "' in schema 'lists' doesn't exist.");
 
-        clickButton("Folder");
+        clickButton("Back");
         // after the 13.2 audit log migration, we are no longer going to co-mingle domain and list events in the same table
         AuditLogTest.verifyAuditEvent(this, DOMAIN_AUDIT_EVENT, AuditLogTest.COMMENT_COLUMN, "The domain " + LIST_NAME_COLORS + " was deleted", 5);
         AuditLogTest.verifyAuditEvent(this, LIST_AUDIT_EVENT, AuditLogTest.COMMENT_COLUMN, "An existing list record was deleted", 5);
diff --git a/src/org/labkey/test/tests/nab/NabAssayTest.java b/src/org/labkey/test/tests/nab/NabAssayTest.java
index 68064671f2..bf9729b787 100644
--- a/src/org/labkey/test/tests/nab/NabAssayTest.java
+++ b/src/org/labkey/test/tests/nab/NabAssayTest.java
@@ -463,7 +463,6 @@ public void runUITests()
             beginAt(ptid1c_detailsURL);
             assertEquals(403, getResponseCode());
 
-            clickAndWait(Locator.lkButton("Home"));
             stopImpersonating();
 
             doNabApiTest(); // Use NAb study APIs
@@ -849,7 +848,7 @@ protected void testWellAndDilutionData()
 
         clickAndWait(Locator.linkWithText("Download Datafile"));
         assertTextPresent("Data file for run ptid + date was not found.");
-        clickButton("Folder");
+        clickButton("Back");
     }
 
     protected void runNabQCTest()
diff --git a/src/org/labkey/test/util/Crawler.java b/src/org/labkey/test/util/Crawler.java
index 594f98b9b1..d6a54e6a14 100644
--- a/src/org/labkey/test/util/Crawler.java
+++ b/src/org/labkey/test/util/Crawler.java
@@ -203,8 +203,9 @@ protected List<ControllerActionId> getDefaultExcludedActions()
             new ControllerActionId("microarray", "designer"), // assay designer prompts to save design when navigating away
             new ControllerActionId("ms2", "pepSearch"), // TODO: 36995: Check for SQL injection in StatementWrapper is not precise enough
             new ControllerActionId("ms2", "showParamsFile"),
+            new ControllerActionId("ms2", "showList"),
             // Tested directly in XTandemTest
-            new ControllerActionId("ms2", "showPeptide"),
+            new ControllerActionId("ms2", "doProteinSearch"),
             new ControllerActionId("nabassay", "downloadDatafile"),
             new ControllerActionId("nlp", "runPipeline"),
             new ControllerActionId("pipeline-analysis", "analyze"), // Doesn't navigate
@@ -1146,8 +1147,6 @@ private boolean isIgnoredError(int code, UrlToCheck urlToCheck, URL origin)
         {
             if (origin == null || _actionsMayLinkTo404.contains(new ControllerActionId(origin.toString())))
                 return true; // Ignore 404s from the initial set of links
-            if (_test.isElementPresent(Locators.labkeyError.containing("module is not enabled")))
-                return true; // Some modules return 404 when not enabled
         }
 
         if (code == HttpStatus.SC_METHOD_NOT_ALLOWED) // 405