- Apr 5, 2021
- 619
This is what I've come up with, even though it may be seen as overkill for a home user like myself, but I have this inexplicable obsession with securing my hardware to make it as bullet proof as possible against existing threats and future threats as well. I guess I see it as trying to solve a complex crossword puzzle, helping to exercise my brain as I'm getting on in years
So here is my current policy with it's ridiculous, almost "extremist level" set of rules:
Enforcement: All software files, All users, Ignore certificate rules
Designated File Types: Defaults and added PS1, JSE, VBS, SCT, VBE, WSF
Security Levels: Disallowed
Additional Rules: Path Rules as follows...
So here is my current policy with it's ridiculous, almost "extremist level" set of rules:
Enforcement: All software files, All users, Ignore certificate rules
Designated File Types: Defaults and added PS1, JSE, VBS, SCT, VBE, WSF
Security Levels: Disallowed
Additional Rules: Path Rules as follows...
Name | Type | Security Level |
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% | Path | Unrestricted |
C:\$WinREAgent\Scratch\*-*-*-*-*\DismCorePS.dll | Path | Unrestricted |
C:\accesschk64.exe | Path | Unrestricted |
C:\Intel\GfxCPLBatchFiles\{*-*-*-*-*}.bat | Path | Unrestricted |
C:\Program Files | Path | Unrestricted |
C:\Program Files (x86) | Path | Unrestricted |
C:\ProgramData\Lenovo\ImController\* | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{*}\*.dll | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Platform\*\*.dll | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Platform\*\*\*.dll | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Platform\*\MpCmdRun.exe | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Platform\*\MsMpEng.exe | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Platform\*\NisSrv.exe | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows Defender\Scans\*.dll | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk | Path | Unrestricted |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk | Path | Unrestricted |
C:\Users\Public\Desktop\DocumentsAntiExploit(x64).exe | Path | Unrestricted |
C:\Users\Public\Desktop\Firefox.lnk | Path | Unrestricted |
C:\Users\Public\Desktop\Google Chrome Beta.lnk | Path | Unrestricted |
C:\Users\name\AppData\Local\Google\Chrome Beta\User Data\SwReporter\*\software_reporter_tool.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\*\FileSync*.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\*\qjpeg.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\*\qsvg.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\*\qwindows.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\*EAY32.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\ADAL.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\amd64\FileCoAuthLib64.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\ETWLog.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\FileCoAuth.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\FileCoAuthLib.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\FileSync*.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\FileSyncConfig.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\LoggingPlatform.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\LogUploader.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\MSVCP140.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\OneDriveTelemetryStable.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\qml\QtQuick.2\qtquick2plugin.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\qml\QtQuick\Layouts\qquicklayoutsplugin.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\qml\QtQuick\Templates*\qtquicktemplates2plugin.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\qml\QtQuick\Window.2\windowplugin.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\QT5*.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\RemoteAccess.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\SyncEngine.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\Telemetry.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\ucrtbase.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\UpdateRingSettings.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\VCRUNTIME140.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\WnsClient.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\*\WnsClientApi.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\OneDrive.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Temp\*-*-*-*-*\dismhost.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Temp\*-*-*-*\*.dll | Path | Unrestricted |
C:\Users\name\AppData\Local\Temp\*.tmp\GoogleUpdate.exe | Path | Unrestricted |
C:\Users\name\AppData\Local\Temp\*.tmp\System.dll | Path | Unrestricted |
Path | Unrestricted | |
Unrestricted | ||
C:\Users\name\AppData\Local\Temp\n*.tmp\nsRandom.dll | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk | Path | Unrestricted |
Path | Unrestricted | |
C:\Users\name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome Beta.lnk | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneDrive.lnk | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\gmp-widevinecdm\*\widevinecdm.dll | Path | Unrestricted |
C:\Users\name\Desktop\accesschk.bat | Path | Unrestricted |
C:\Users\name\Desktop\Autoruns64.exe | Path | Unrestricted |
C:\Users\name\Desktop\Command Prompt.lnk | Path | Unrestricted |
C:\Users\name\Desktop\ConfigureDefender.exe - Shortcut.lnk | Path | Unrestricted |
C:\Users\name\Desktop\Event Viewer.lnk | Path | Unrestricted |
C:\Users\name\Desktop\gpedit - Shortcut.lnk | Path | Unrestricted |
C:\Users\name\Desktop\Lock-R.bat | Path | Unrestricted |
C:\Users\name\Desktop\procexp64 - Shortcut.lnk | Path | Unrestricted |
C:\Users\name\Desktop\SRPLogs.txt - Shortcut.lnk | Path | Unrestricted |
C:\Users\name\Downloads\ConfigureDefender-master\ConfigureDefender-master | Path | Unrestricted |
C:\Users\name\Downloads\CR_*.tmp\setup.exe | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook.lnk | Path | Unrestricted |
C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk | Path | Unrestricted |
C:\Users\name\Desktop\Microsoft Update sever IP addresses-WFC.txt - Shortcut.lnk | Path | Unrestricted |
C:\Users\name\Desktop\powershell.bat | Path | Unrestricted |
C:\Users\name\Desktop\SRPLogs delete.bat | Path | Unrestricted |
C:\Windows\*.dll | Path | Unrestricted |
C:\Windows\*.exe | Path | Unrestricted |
C:\WINDOWS\assembly\NativeImages_*\* | Path | Unrestricted |
C:\Windows\CbsTemp | Path | Disallowed |
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe | Path | Unrestricted |
C:\WINDOWS\Microsoft.Net\assembly\GAC_64\CustomMarshalers\*\*.dll | Path | Unrestricted |
C:\WINDOWS\Microsoft.Net\assembly\GAC_64\System.Transactions\*\*.*.dll | Path | Unrestricted |
C:\Windows\Microsoft.NET\Framework\*\*.dll | Path | Unrestricted |
C:\Windows\Microsoft.NET\Framework\*\mscoreei.dll | Path | Unrestricted |
C:\Windows\Microsoft.NET\Framework64\*\* | Path | Unrestricted |
C:\Windows\Panther | Path | Disallowed |
C:\Windows\Registration | Path | Unrestricted |
C:\Windows\Sys*\FxsTmp | Path | Disallowed |
C:\Windows\Sys*\Tasks\Microsoft\Windows\PLA\System | Path | Disallowed |
C:\Windows\system32\*.dll | Path | Unrestricted |
C:\Windows\system32\*.exe | Path | Unrestricted |
C:\WINDOWS\SYSTEM32\CRYPTSP.dll | Path | Unrestricted |
c:\windows\system32\drivers\umdf\*.dll | Path | Unrestricted |
C:\WINDOWS\System32\DriverStore\FileRepository\* | Path | Unrestricted |
C:\Windows\System32\Microsoft\Crypto\RSA\MachineKeys | Path | Disallowed |
c:\Windows\System32\spool | Path | Disallowed |
C:\Windows\System32\spool\drivers\* | Path | Unrestricted |
C:\WINDOWS\system32\spool\PRTPROCS\x64\us008pc.dll | Path | Unrestricted |
C:\WINDOWS\system32\spool\PRTPROCS\x64\winprint.dll | Path | Unrestricted |
C:\WINDOWS\system32\wbem\*.dll | Path | Unrestricted |
C:\WINDOWS\system32\wbem\*.exe | Path | Unrestricted |
C:\WINDOWS\SYSTEM32\wbemcomn.dll | Path | Unrestricted |
C:\WINDOWS\SysWOW64\*.exe | Path | Unrestricted |
C:\Windows\SysWOW64\com\*.dll | Path | Unrestricted |
C:\Windows\SysWOW64\com\*.exe | Path | Unrestricted |
C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\*.exe | Path | Unrestricted |
C:\Windows\Temp | Path | Disallowed |
C:\WINDOWS\Temp\*-*-*-*-*\mpengine.dll | Path | Unrestricted |
C:\WINDOWS\TEMP\*-*-*-*-*\MpUpdate.dll | Path | Unrestricted |
C:\WINDOWS\Temp\*-*-*-*\mpgear.dll | Path | Unrestricted |
C:\WINDOWS\Temp\*\*\ConfigureDefender_x64.exe | Path | Unrestricted |
C:\WINDOWS\TEMP\__PSScriptPolicyTest_*.*.ps1 | Path | Unrestricted |
C:\WINDOWS\TEMP\nsi????.tmp\System.dll | Path | Unrestricted |
C:\Windows\tracing | Path | Disallowed |
C:\WINDOWS\WinSxS\* | Path | Unrestricted |
C:\$WinREAgent\Scratch\*-*-*-*-*\dismprov.dll | Path | Unrestricted |
Last edited: