Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Advanced Windows hardening with WDAC - Windows Defender Application Control
Message
<blockquote data-quote="Andy Ful" data-source="post: 1029730" data-attributes="member: 32260"><p>I doubt if there are such sources, except for some posts scattered on the MT forum.</p><p></p><p></p><p></p><p>WDAC ISG has got a special treatment of executables with MOTW. If SmartScreen allows the installer downloaded from the Internet, then ISG will also allow the Exe and DLL files executed by the installer (with some exceptions). Without the MOTW, the SmartScreen ignores the installer, and the installation would be broken if some of the Exe or Dll files tried to execute (while not allowed by ISG).</p><p>On the contrary, SAC mostly allows the initial installer if it is allowed by SmartScreen (SmartScreen is a part of SAC), but does not automatically allow the Exe and Dll files dropped/loaded/executed during the installation.</p><p></p><p>I often used this behavior to fool WDAC. Many applications (installed in UserSpace) blocked normally by WDAC ISG, could be still executed by using RunBySmartscreen. This cannot be done for applications installed in %ProgramFiles% because RunBySmartscreen does not add MOTW in this location.</p><p></p><p>Post corrected.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1029730, member: 32260"] I doubt if there are such sources, except for some posts scattered on the MT forum. WDAC ISG has got a special treatment of executables with MOTW. If SmartScreen allows the installer downloaded from the Internet, then ISG will also allow the Exe and DLL files executed by the installer (with some exceptions). Without the MOTW, the SmartScreen ignores the installer, and the installation would be broken if some of the Exe or Dll files tried to execute (while not allowed by ISG). On the contrary, SAC mostly allows the initial installer if it is allowed by SmartScreen (SmartScreen is a part of SAC), but does not automatically allow the Exe and Dll files dropped/loaded/executed during the installation. I often used this behavior to fool WDAC. Many applications (installed in UserSpace) blocked normally by WDAC ISG, could be still executed by using RunBySmartscreen. This cannot be done for applications installed in %ProgramFiles% because RunBySmartscreen does not add MOTW in this location. Post corrected. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
