Andy Ful

Level 41
Content Creator
Trusted
Verified
Using 'Standard User Account + Windows Hardening' is a beautiful idea in its simplicity, effectiveness and low-resources requiring. For example: what for to scan the scripts, if their execution can be restricted/disabled by the system policy? As about Standard User Account, it can mitigate alone, about 80% Windows malware (including exploits and 0-day malware).
The above is a good solution, if the user knows when and how he/she should un-harden the system or can be advised by the more experienced user.

Edit.
The cons is that many users who could use it, are using Administrator Account in fact. They have a strong need to test security software and change system settings frequently, so using Standard User Account is rather painful. But anyway, such security solution can be adopted by an experienced user on computers of family members or friends, if he/she has the ability to advise and help them from time to time.
 
Last edited:
  • Like
Reactions: plat1098

Andy Ful

Level 41
Content Creator
Trusted
Verified
I'm not sure about that, because SmartScreen already has the default to deny that the application is executed.
As it was mentioned by @21eta, AV-Comparatives real world tests "evaluate the suites 'real-world' protection capabilities with default settings (incl. on-execution protection features)". Windows Defender in default settings has no user dependent functions except SmartScreen Application Reputation, which in Windows 10 is a part of Windows Defender.
Defender + SmartScreen can give better results than any antivirus, if the samples are not ignored by SmartScreen. The examples of files ignored by SmartScreen Application Reputation were noted in my previous post : AV-Comparatives: Real-World Protection Test – August 2017
Other examples are the scripts : ps1, js, vbs, wsf, wsh, and many other files like documents: doc, docx, pdf, etc.
So, the results of Defender + SmartScreen security, strongly depend of malware samples.
If someone wants to see not so good results, the "MRG Effitas 360 Assessment & Certification Programme Q2 2017" is the right example, where Defender + SmartScreen scored only about 95% (Blocked in 24h).
 
Last edited: