About 'Allow only app installations from Windows Store'

brod56

Level 15
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
737
I read somewhere that this new feature in Windows 10 Creators Update could protect from ransomware, acting like a default deny solution. This is obviously true if the malicious file is simply an .exe, but I would like to know what would happen if the malicious payload was launched via Office or a .js file.
Would it still be blocked?
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
This applies to apps only, you can still install desktop software regardless of the setting, unless you have Windows S.
Fall Update should bring a better app control as well as anti-ransomware/anti-exploit features, just wait a few weeks.
 
  • Like
Reactions: enaph

brod56

Level 15
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
737
This applies to apps only, you can still install desktop software regardless of the setting, unless you have Windows S.
I can not run any .exe file with that setting enabled here. Windows 10 Pro.

Fall Update should bring a better app control as well as anti-ransomware/anti-exploit features, just wait a few weeks.
Nice. Are those features already available in the Fast Ring builds?
 
  • Like
Reactions: TairikuOkami

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
  • Like
Reactions: Trooper and brod56

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
What if one runs a JS file which downloads an EXE? The EXE won't be allowed to run?
 
  • Like
Reactions: brod56

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
We should ask some tester to apply the setting and make a test against malware. This feature is pretty interesting and easy to enable by a beginner. Is it possible to survive only with Windows Store apps?
 

brod56

Level 15
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
737
We should ask some tester to apply the setting and make a test against malware.
Absolutely. That was the original purpose of my post. I would want to check this setting against a .js malicious downloader.

This feature is pretty interesting and easy to enable by a beginner. Is it possible to survive only with Windows Store apps?
I would say yes for a basic user. Many essential Win32 apps are already in the Windows Store, like Spotify or Evernote. But of course an impossible task for an advanced user.
We can use the intermediate option, though, which just alerts us about it and lets us allow manually if we know it's safe. This is nice, because, for example, we wouldn't allow if something appears from the background without our knowledge.
 
  • Like
Reactions: TheMalwareMaster

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top