Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Do you use Smart App Control? I know, not many of you!
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1057893"><p>Voted OTHER: using the slightly dumber but easy to customize and control sibling of SAC called ISG (Windows Defender Application Control)</p><p></p><p>I am still on Windows 10 (old desktop PC) and am using ISG (Intelligent Security Graph) which shares the same backend with SmartScreen and Smart Application Control.</p><p></p><p>When I am moving to Windows 11 (next year when I buy new CPU+Mobo) I will remain on WDAC - ISG because I can make allow exceptions on signer, hash and file/folder similar to SRP and AppLocker. Improvement of WDAC over AppLocker is that it has ISG (sort of similar to SAC). With ISG you can li decide to include or exclude dynamic code (dotNet and DLL's) and scripts</p><p></p><p>Good think about WDAC is that when you have a WINDOWS PRO version in your household, you can create a WDAC-policy for any another Windows 10 or 11 machine. I created a WDAC for my wife's Windows11 Home laptop and it works flawlessly. Microsoft released a WDAC wizard (<a href="https://github.com/MicrosoftDocs/WDAC-Toolkit/blob/main/WDAC-Policy-Wizard/docs/using/base-policy.md" target="_blank">link</a>) to create you own policies. Anyone who has used Hard_Configurator should be able to create one.</p><p></p><p>Some tips</p><p>1. Choose signed and reputable mode</p><p>2. Create explicit (redundant) allow rule for Program Files (also x86) folders ***</p><p>3. Enable the 'boot audit on failure' AND 'advanced boot options menu' option, to prevent locking you out.</p><p>4. Include scripts (runs powershell in Constrained Language Mode, blocks mshta, msxml, vbscript, cscript, jscript and only allows a few 'safe' COM-objects)</p><p>5. Include Store Apps</p><p></p><p>WDAC like SAC works along side your third-party anti-virus, so when you add SimpleWindowsHardening to block risky file extensions in user folders, you have created a strong second safety net for your computer to be used alongside your favourite security software.</p><p></p><p>NOTE ***</p><p>2. When Core Isolation is disabled because of incompatible drivers also add Windows folder to redundant allow</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1057893"] Voted OTHER: using the slightly dumber but easy to customize and control sibling of SAC called ISG (Windows Defender Application Control) I am still on Windows 10 (old desktop PC) and am using ISG (Intelligent Security Graph) which shares the same backend with SmartScreen and Smart Application Control. When I am moving to Windows 11 (next year when I buy new CPU+Mobo) I will remain on WDAC - ISG because I can make allow exceptions on signer, hash and file/folder similar to SRP and AppLocker. Improvement of WDAC over AppLocker is that it has ISG (sort of similar to SAC). With ISG you can li decide to include or exclude dynamic code (dotNet and DLL's) and scripts Good think about WDAC is that when you have a WINDOWS PRO version in your household, you can create a WDAC-policy for any another Windows 10 or 11 machine. I created a WDAC for my wife's Windows11 Home laptop and it works flawlessly. Microsoft released a WDAC wizard ([URL='https://github.com/MicrosoftDocs/WDAC-Toolkit/blob/main/WDAC-Policy-Wizard/docs/using/base-policy.md']link[/URL]) to create you own policies. Anyone who has used Hard_Configurator should be able to create one. Some tips 1. Choose signed and reputable mode 2. Create explicit (redundant) allow rule for Program Files (also x86) folders *** 3. Enable the 'boot audit on failure' AND 'advanced boot options menu' option, to prevent locking you out. 4. Include scripts (runs powershell in Constrained Language Mode, blocks mshta, msxml, vbscript, cscript, jscript and only allows a few 'safe' COM-objects) 5. Include Store Apps WDAC like SAC works along side your third-party anti-virus, so when you add SimpleWindowsHardening to block risky file extensions in user folders, you have created a strong second safety net for your computer to be used alongside your favourite security software. NOTE *** 2. When Core Isolation is disabled because of incompatible drivers also add Windows folder to redundant allow [/QUOTE]
Insert quotes…
Verification
Post reply
Top