- Dec 23, 2014
- 8,592
...
So while technically AG still has some extra's compared to SRP, with win10 and higher you are right AG would not be any different than an IT guy setting up SRP and MD (exploit proytection and whitelist cloud zero tolerance).
..
That is true at home. But, AppGuard used in the Enterprise environment will be usually harder to bypass via lateral movement than SRP.
If the attacker has got high privileges in the Enterprise network, then SRP restrictions and other policies can be remotely removed on the clean computers and next the attacker can infect them. APpGuard uses the kernel driver, so the attacker must additionally exploit something in the Windows kernel. It is not a big deal but requires additional time and effort.