1. Andy Ful

    Tutorial How do Software Restriction Policies work (part 3) ?

    In the parts 1 and 2, I wrote how SRP know which file types should be monitored. This information depends mostly on Enforcement settings: 'No enforcement', 'Skip DLLs', and 'All files'. Yet, it can be modified when the file is opened by the command with Sponsor ('Designated File Types' list is...
  2. Andy Ful

    Tutorial How do Software Restriction Policies work (part 2) ?

    In the part 1 - Secure Windows - How do Software Restriction Policies work (part 1) ? - the first layer of SRP protection was introduced. It is related to 'Designated File Types' list (DFT) and ShellExecute() API function. If the file extension is on DFT list, then ShellExecute() can prevent...
  3. Andy Ful

    Tutorial How do Software Restriction Policies work (part 1) ?

    Windows OS is like a Castle with all doors opened. SRP can close the doors, and only Administrators can open them. Here are some simple facts about Software Restriction Policies (SRP). 1. They can be activated in all Windows versions, starting with Windows XP. 2. In Windows Pro, Enterprise...
  4. TerrakionSmash

    How useful are Application Whitelists when Social-Engineering Risks are Minimal?

    How useful are application whitelists when social-engineering risks are minimal where you don't download and execute random stuff from the internet especially, path/hash based whitelisting like SRP/Bouncer? It seems some of the top 4 mitigation strategies I found from wherever - namely...
  5. Windows_Security

    Tutorial Software restriction Policies to Windows Home

    First create a restore point before applying any of the tweaks mentioned in this post Intro On Wilders Security forum a well know member with the nickname Lucy (helas, she is not active anymore, hope she is well) posted a registry file to use Software Restriction Policies on Windows Home...
  6. Av Gurus

    Tutorial How to protect against malware Ransom32

    Here is tutorial how to protect against this (and some others) malware using SRP (Software Restriction Policies). Configuration is very easy. Go to: Control Panel\All Control Panel Items Administrative Tools Local Security Policy Software Restriction Policies Additional Rules add this...