Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
ConfigureDefender utility for Windows 10/11
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 734692"><p>[USER=37647]@shmu26[/USER] Yes, I do recommend enabling both of those. I think it would be a wise decision. However, make sure for all the rules you enable that can be applied without breaking any functionality you require. It wouldn't be a bad idea either to want more insight into how the rules work for the future in-case an issue ever occurs.</p><p></p><p>By the way, the official documentation states the following.</p><p></p><p></p><p></p><p>Therefore, any environment on Windows 10 which is not on that build or higher, will not have access to the following rules.</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>From what I understand of the naming for the rule, it will block all process creation originating from PSExec (from SysInternals) or WMI usage, regardless of how it is being performed by PSExec/WMI usage.</p><p></p><p>However, I believe PSExec became a target by Microsoft for the ASR rules due to the abuse it has within malware attacks from the past (and likely still current). Not to mention that PSExec will be more than happy to spawn any target process under NT Authority Account (SYSTEM) when using the "-s" argument correctly (which is what that argument is for).</p><p></p><p>The note from the official Microsoft documentation is as follows.</p><p></p><p></p><p></p><p></p><p>That appears to be all they provide about it, apart from a brief disclaimer afterwards about functionality of something else.</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 734692"] [USER=37647]@shmu26[/USER] Yes, I do recommend enabling both of those. I think it would be a wise decision. However, make sure for all the rules you enable that can be applied without breaking any functionality you require. It wouldn't be a bad idea either to want more insight into how the rules work for the future in-case an issue ever occurs. By the way, the official documentation states the following. Therefore, any environment on Windows 10 which is not on that build or higher, will not have access to the following rules. From what I understand of the naming for the rule, it will block all process creation originating from PSExec (from SysInternals) or WMI usage, regardless of how it is being performed by PSExec/WMI usage. However, I believe PSExec became a target by Microsoft for the ASR rules due to the abuse it has within malware attacks from the past (and likely still current). Not to mention that PSExec will be more than happy to spawn any target process under NT Authority Account (SYSTEM) when using the "-s" argument correctly (which is what that argument is for). The note from the official Microsoft documentation is as follows. That appears to be all they provide about it, apart from a brief disclaimer afterwards about functionality of something else. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
