O
Omnipotent
Thread author
It's the other way around @Umbra, You made a mistake. (ConsentPromptBehaviorAdmin) adds UAC password prompt and (ValidateAdminCodeSignatures) blocks unsigned processes/programs. Just tested it.
Please provide comments and solutions that are helpful to the author of this topic.
hi guys,
So i will put here various tweaks (registry, group policy, etc...) i found around the net to secure Windows more tightly. By doing them , you will reduce the attacks vector and may even remove the need of security solutions.
As a basis there is these articles to secure the network and the system
For Win7: Harden Windows 7 SP1 64bit
For Win10 : Harden Windows 10 - A Security Guide. How to secure Windows 10
not mineIs this your web page or someone else?
If it is yours, are you updating the tweaks?
System Tweaks
Blocking Unsigned Elevation :
90% of malware are unsigned and will request an elevation from UAC, this trick will block the request.
Create a registry file with this lines :
Code:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ValidateAdminCodeSignatures"=dword:00000001
If successfully implemented, the next unsigned process/program; won't be allow to execute, and you will have a error box.
To re-enabled unsigned elevation , use the same line but with "dword:00000000"
No whitelisting possibility. You can run unsigned application using several ways:Is it possible to make some kinda whitelist or something similar with this reg tweak?
I have some portable app who are unsigned and can't run with this tweak (accept change that tweak everytime).
Thanks! I was searching for a link like this one.
Added the second useful link, to my previous post.I see thank you
Can you make that .bat file for me, please?No whitelisting possibility. You can run unsigned application using several ways:
- using the bat files to deactivate/activate this feature via the Registry;
Can you make that .bat file for me, please?
EDIT:
Can I make a quick reg files for change, like this?
Enable.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000001
Disable.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ValidateAdminCodeSignatures"=dword:00000000