Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Applocker on Windows Home.
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1011887"><p>[USER=32260]@Andy Ful[/USER] two questions</p><p></p><p>1. Why do you use filepath *.* with MSI and filepath * with scripts?</p><p>2. Will your suggested workaround also work when copying the folders from Windows10 Pro to Windows11 Home?</p><p></p><p></p><p>Thanks for all the information and help <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /> I did not know about Aaronlocker, downloaded the Word file and reading it now.</p><p></p><p>I am playing with an idea at the moment which aims to implement SWH-like hardening for basic users with two levels of hardening</p><p></p><p>1. Creating SWH-like AppLocker policies for</p><p>A) Basic user blocking scripts in user space and blocking Microsoft Recommended (and all old obsolete scriptors like CMD, Wscript and Cscript)</p><p>B) Admin also allowing signed scripts</p><p></p><p>2. Creating crossover of SWH and H_C like AppLocker policies for </p><p>A) Basic user blocking in user space all scripts and unsigned programs in user space and blocking Microsoft Recommended (and all old obsolete scriptors like CMD, Wscript and Cscript)</p><p>B) Admin blocking in user space all, except (allowing) signed scripts, signed programs and signed DLL''s</p><p>C) Blocking execution of user writeable folders in Windows for everyone</p><p></p><p>From what I remember AppLocker differentiating Admin and Basic user rules, one needs to run as Basic User to apply them, but with UAC on default, blocking unsigned to elevate, I think this would be together with ConfigureDefender on Max a solid security setup for the average user. My wife's laptop came with Windows11, so all essential stuff is (Windows) signed.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1011887"] [USER=32260]@Andy Ful[/USER] two questions 1. Why do you use filepath *.* with MSI and filepath * with scripts? 2. Will your suggested workaround also work when copying the folders from Windows10 Pro to Windows11 Home? Thanks for all the information and help (y) I did not know about Aaronlocker, downloaded the Word file and reading it now. I am playing with an idea at the moment which aims to implement SWH-like hardening for basic users with two levels of hardening 1. Creating SWH-like AppLocker policies for A) Basic user blocking scripts in user space and blocking Microsoft Recommended (and all old obsolete scriptors like CMD, Wscript and Cscript) B) Admin also allowing signed scripts 2. Creating crossover of SWH and H_C like AppLocker policies for A) Basic user blocking in user space all scripts and unsigned programs in user space and blocking Microsoft Recommended (and all old obsolete scriptors like CMD, Wscript and Cscript) B) Admin blocking in user space all, except (allowing) signed scripts, signed programs and signed DLL''s C) Blocking execution of user writeable folders in Windows for everyone From what I remember AppLocker differentiating Admin and Basic user rules, one needs to run as Basic User to apply them, but with UAC on default, blocking unsigned to elevate, I think this would be together with ConfigureDefender on Max a solid security setup for the average user. My wife's laptop came with Windows11, so all essential stuff is (Windows) signed. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
