Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Applocker on Windows Home.
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1012300"><p>When running Standard User (SUA), I don't want sponsors blocked on Admin account. The border between SUA and ADMIN is considered by specialists as a security protection (UAC is not according to Microsoft). For average users (like me and my wife) there is no reason running ADMIN.</p><p></p><p>Your info has changed my initial idea. When my wife's laptop updates to Windows11H2, I will use the SmartAppControl policy as a starting point, with path allow rules for UAC protected folders and enabling the option to exclude DLL's and dotNet protection. Next I will adopt your powershell scripts for AppLocker blocking sponsors and unsigned DLL's for SUA with exe ALLOW for admin and an exception for the folder containing PhotoBook Application in regard to signed DLL's.</p><p></p><p>To deal with the unsigned DLL-folder hole, I will remove access write permissions for that folder except for Admin (that folder will also be protected by Controlled Folder Access). As mentioned earlier adding Code Integrity Guard to all Microsoft user programs (and Windows processes running as SUA) and Denying non Micorosft programs to launch other programs (also with MD Exploit Protection) AND blocking sponsors for SUA only (iclucing RunDLL32 etcera) will provide sufficient protection against staged DLL-injection attacks (I also use your Configure Defender at MAX on my wife's laptop).</p><p></p><p>Thanks for all your feedback and efforts to bring AppLocker to Home users.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1012300"] When running Standard User (SUA), I don't want sponsors blocked on Admin account. The border between SUA and ADMIN is considered by specialists as a security protection (UAC is not according to Microsoft). For average users (like me and my wife) there is no reason running ADMIN. Your info has changed my initial idea. When my wife's laptop updates to Windows11H2, I will use the SmartAppControl policy as a starting point, with path allow rules for UAC protected folders and enabling the option to exclude DLL's and dotNet protection. Next I will adopt your powershell scripts for AppLocker blocking sponsors and unsigned DLL's for SUA with exe ALLOW for admin and an exception for the folder containing PhotoBook Application in regard to signed DLL's. To deal with the unsigned DLL-folder hole, I will remove access write permissions for that folder except for Admin (that folder will also be protected by Controlled Folder Access). As mentioned earlier adding Code Integrity Guard to all Microsoft user programs (and Windows processes running as SUA) and Denying non Micorosft programs to launch other programs (also with MD Exploit Protection) AND blocking sponsors for SUA only (iclucing RunDLL32 etcera) will provide sufficient protection against staged DLL-injection attacks (I also use your Configure Defender at MAX on my wife's laptop). Thanks for all your feedback and efforts to bring AppLocker to Home users.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
