Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Best solution for PC-prebuilts at bigger scale?
Message
<blockquote data-quote="AXYZE" data-source="post: 976218" data-attributes="member: 85827"><p>Thank you for replying Andy!</p><p></p><p>I applied 4 rules:</p><p>Block Office applications from creating executable content</p><p>Block Office applications from injecting code into other processes</p><p>Use advanced protection against ransomware</p><p>Block Adobe Reader from creating child processes</p><p></p><p>Turned on PUA protection.</p><p></p><p>Other than that I blocked mshta, regsrv32 etc. with Windows Firewall as recommended by my friend working in Azure/Microsoft, althrough he is not in anything related in cybersec so maybe I could block more things. I found out this <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules" target="_blank">Microsoft recommended block rules (Windows) - Windows security</a> and I'll test if this doesn't create any problems.</p><p></p><p>I didn't touch anything else from whats available in ConfigureDefender, because either I found some compatibility errors (network protection, script detection, other Office ASR rules - some company had legit macros that were blocked by it), performance problems (high+ cloud protection), I didn't know about them (for example I didnt know about WMI one) or create too much hassle for people (block executables unless they meet criteria). I'm not sure about "untrusted and unsigned processes that run from USB" - is infecting by USB even a thing? I asked couple of friends and nobody saw it in years, its always from web. Maybe someone who has statistics/works in AV company could tell me if this still happens?</p><p></p><p>BAFS, automatic file submission turned on.</p><p>Cloud Check Limit 10s (longer ones can give impression that our PCs are slow, already had this problem when I made env with heavily throttled internet which can happen for those who use all of their LTE data, AFAIK you are Polish so you know how "unlimited" LTE works here)</p><p></p><p>Also, we are currently preinstalling 7zip which still doesn't add MOTW - does that makes any difference in Windows 11/SmartScreen today? Should we switch to something else instead?</p><p></p><p></p><p>Now I'm thinking how I can implement your idea " you should also make a script or application that can restore Windows default settings" with good user experience and to not create any confusion. Script that just sits on desktop is not great idea, maybe this script should be available on computer's support page to which link would be printed on box. And there I would put FAQ with information what we changed, how to revert that and how to apply it again. I need to think a lot about this stuff, because non-techy people need to understand everything perfectly and in the same time I cant take too much time from them. Its harder than it sounds tbh</p><p>Your piece of software is great, but when computer is for 10yr kid or 60yr old complete non-techy person it can create too much confusion, they could block too much and then complain etc. and costs of managing that can be too large, especially because we have free D2D warranty and free call support for 2 years.</p><p>Our competition just preinstall Norton 30days, gets money from revshare and calls it a day, they already have advantage as they earn from it so I need to be very careful to not make anything that will require us to do additional work, because people didn't understand what specific thing in ConfigureDefender meant. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite111" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" /></p></blockquote><p></p>
[QUOTE="AXYZE, post: 976218, member: 85827"] Thank you for replying Andy! I applied 4 rules: Block Office applications from creating executable content Block Office applications from injecting code into other processes Use advanced protection against ransomware Block Adobe Reader from creating child processes Turned on PUA protection. Other than that I blocked mshta, regsrv32 etc. with Windows Firewall as recommended by my friend working in Azure/Microsoft, althrough he is not in anything related in cybersec so maybe I could block more things. I found out this [URL='https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules']Microsoft recommended block rules (Windows) - Windows security[/URL] and I'll test if this doesn't create any problems. I didn't touch anything else from whats available in ConfigureDefender, because either I found some compatibility errors (network protection, script detection, other Office ASR rules - some company had legit macros that were blocked by it), performance problems (high+ cloud protection), I didn't know about them (for example I didnt know about WMI one) or create too much hassle for people (block executables unless they meet criteria). I'm not sure about "untrusted and unsigned processes that run from USB" - is infecting by USB even a thing? I asked couple of friends and nobody saw it in years, its always from web. Maybe someone who has statistics/works in AV company could tell me if this still happens? BAFS, automatic file submission turned on. Cloud Check Limit 10s (longer ones can give impression that our PCs are slow, already had this problem when I made env with heavily throttled internet which can happen for those who use all of their LTE data, AFAIK you are Polish so you know how "unlimited" LTE works here) Also, we are currently preinstalling 7zip which still doesn't add MOTW - does that makes any difference in Windows 11/SmartScreen today? Should we switch to something else instead? Now I'm thinking how I can implement your idea " you should also make a script or application that can restore Windows default settings" with good user experience and to not create any confusion. Script that just sits on desktop is not great idea, maybe this script should be available on computer's support page to which link would be printed on box. And there I would put FAQ with information what we changed, how to revert that and how to apply it again. I need to think a lot about this stuff, because non-techy people need to understand everything perfectly and in the same time I cant take too much time from them. Its harder than it sounds tbh Your piece of software is great, but when computer is for 10yr kid or 60yr old complete non-techy person it can create too much confusion, they could block too much and then complain etc. and costs of managing that can be too large, especially because we have free D2D warranty and free call support for 2 years. Our competition just preinstall Norton 30days, gets money from revshare and calls it a day, they already have advantage as they earn from it so I need to be very careful to not make anything that will require us to do additional work, because people didn't understand what specific thing in ConfigureDefender meant. :( [/QUOTE]
Insert quotes…
Verification
Post reply
Top
