Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Sandbox (Auto-Containment) have a bug on Windows 10?
Message
<blockquote data-quote="Chimaira" data-source="post: 718525" data-attributes="member: 68951"><p>Also, I think I have managed a way to have UAC turned off while managing to keep admin privileges separate from the user.</p><p></p><p>Step 1: Turn off UAC completely through local security policy.</p><p>Step 2: Create a second user account and make it Administrator and set your main account as a standard user.</p><p>Do both of these steps before restarting your computer.</p><p></p><p>There will be no more UAC elevation, the privileges are completely separated, if you select the Run as administrator option any program simply will fail to acquire admin privilege. BUT while running as standard user if you need to run a program with Admin privileges what you do is hold down shift and then right click on the program .exe or shortcut, you will see an option in the context menu that says Run as different user. It will bring up a screen that asks for the user's name and the password for that account. Windows will then run the program as that user account with Admin privileges. This means that NO program can acquire Admin privileges under your standard user account. There is no UAC to allow it. This means no malware can acquire it either, it is impossible. When you select the run as different user option, the program is not running under the standard user account but your other Admin account. This can only happen when you select that option and enter the correct credentials.</p><p></p><p>I have run things this way and it works and CFW will run everything at the 'Restricted' sandbox level.</p><p></p><p>If you run process explorer it shows you the integrity level of all programs currently running. This shows you which level of privileges each program are allowed.</p><p>Running as standard user you will see all programs usually run at medium which is the default privilege level for a standard user and only programs granted Admin privileges are granted high integrity. Some programs run as low which is even more restricted.</p><p></p><p>If you compare running as a standard user with UAC on and with UAC off set up the way I've just described you will see that the same restricted standard user integrity levels are maintained meaning that standard user privileges are is the only level granted unless you have run that program as your Admin user account as mentioned before.</p><p></p><p>Please let me know what you all think.</p></blockquote><p></p>
[QUOTE="Chimaira, post: 718525, member: 68951"] Also, I think I have managed a way to have UAC turned off while managing to keep admin privileges separate from the user. Step 1: Turn off UAC completely through local security policy. Step 2: Create a second user account and make it Administrator and set your main account as a standard user. Do both of these steps before restarting your computer. There will be no more UAC elevation, the privileges are completely separated, if you select the Run as administrator option any program simply will fail to acquire admin privilege. BUT while running as standard user if you need to run a program with Admin privileges what you do is hold down shift and then right click on the program .exe or shortcut, you will see an option in the context menu that says Run as different user. It will bring up a screen that asks for the user's name and the password for that account. Windows will then run the program as that user account with Admin privileges. This means that NO program can acquire Admin privileges under your standard user account. There is no UAC to allow it. This means no malware can acquire it either, it is impossible. When you select the run as different user option, the program is not running under the standard user account but your other Admin account. This can only happen when you select that option and enter the correct credentials. I have run things this way and it works and CFW will run everything at the 'Restricted' sandbox level. If you run process explorer it shows you the integrity level of all programs currently running. This shows you which level of privileges each program are allowed. Running as standard user you will see all programs usually run at medium which is the default privilege level for a standard user and only programs granted Admin privileges are granted high integrity. Some programs run as low which is even more restricted. If you compare running as a standard user with UAC on and with UAC off set up the way I've just described you will see that the same restricted standard user integrity levels are maintained meaning that standard user privileges are is the only level granted unless you have run that program as your Admin user account as mentioned before. Please let me know what you all think. [/QUOTE]
Insert quotes…
Verification
Post reply
Top