Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Applocker on Windows Home.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1011905" data-attributes="member: 32260"><p>By an accident. The recommended is "*". If I correctly recall there is no functional difference.</p><p></p><p></p><p>I do not know - it is probably better to copy folders from Windows 11 Pro.</p><p></p><p></p><p>It is better to avoid the term "basic users". It is related to the classic SRP and does not have an equivalent in AppLocker. What do you mean by hardening "basic user"? Is it hardening on SUA or hardening any account to block unelevated processes?</p><p></p><p></p><p>Technically, the above protection is very different from SWH settings. For example, SWH settings can prevent many attacks with EXE or DLL executables (introduced as secondary payloads). Anyway, one can probably apply a comparable security level on a home computer, by blocking popular LOLBins, <strong>including powershell.exe and powershell_ise.exe</strong>. Blocking cscript.exe and wscript.exe is not necessary - these LOLBins cannot be run with Applocker Script protection. Still, the above Applocker settings can be easily bypassed by shortcuts using rundll32.exe (to run DLLs) and some other LOLBins which cannot be safely blocked.</p><p></p><p></p><p>I am not sure. Are the unsigned DLLs blocked for Everyone? If so, then OK.</p><p></p><p></p><p>Applocker uses the default rule "Allow for Administrators", for example:</p><p> <FilePathRule Id="64ad46ff-0d71-4fa0-a30b-3f3d30c5433d" Name="Allow for Administrators" Description="" UserOrGroupSid="S-1-5-32-544" Action="Allow"></p><p> <Conditions></p><p> <FilePathCondition Path="*" /></p><p> </Conditions></p><p> </FilePathRule></p><p></p><p>This rule works on SUA in the same way for EXE, DLLs, MSI, and Scripts. But on the default Admin account, it works so, only for MSI, and Scripts. The EXE and DLL files will be allowed on any Administrator account including the default Admin account. The MSI files and Scripts will be still blocked on the default Admin account with the same rule (with a different GUID). That is why I removed this default rule from my scripts in the sections for EXE and DLL.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1011905, member: 32260"] By an accident. The recommended is "*". If I correctly recall there is no functional difference. I do not know - it is probably better to copy folders from Windows 11 Pro. It is better to avoid the term "basic users". It is related to the classic SRP and does not have an equivalent in AppLocker. What do you mean by hardening "basic user"? Is it hardening on SUA or hardening any account to block unelevated processes? Technically, the above protection is very different from SWH settings. For example, SWH settings can prevent many attacks with EXE or DLL executables (introduced as secondary payloads). Anyway, one can probably apply a comparable security level on a home computer, by blocking popular LOLBins, [B]including powershell.exe and powershell_ise.exe[/B]. Blocking cscript.exe and wscript.exe is not necessary - these LOLBins cannot be run with Applocker Script protection. Still, the above Applocker settings can be easily bypassed by shortcuts using rundll32.exe (to run DLLs) and some other LOLBins which cannot be safely blocked. I am not sure. Are the unsigned DLLs blocked for Everyone? If so, then OK. Applocker uses the default rule "Allow for Administrators", for example: <FilePathRule Id="64ad46ff-0d71-4fa0-a30b-3f3d30c5433d" Name="Allow for Administrators" Description="" UserOrGroupSid="S-1-5-32-544" Action="Allow"> <Conditions> <FilePathCondition Path="*" /> </Conditions> </FilePathRule> This rule works on SUA in the same way for EXE, DLLs, MSI, and Scripts. But on the default Admin account, it works so, only for MSI, and Scripts. The EXE and DLL files will be allowed on any Administrator account including the default Admin account. The MSI files and Scripts will be still blocked on the default Admin account with the same rule (with a different GUID). That is why I removed this default rule from my scripts in the sections for EXE and DLL. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
