I really have no patience for users who don't read manuals or change logs! Oh wait, that's me! Thanks Andy. I'll see if adding exceptions helps with the two small issues (blocks) I see in the log.Look at point f) in my post:
Please, be very careful with adding exclusions for ASR rules. These exclusions will apply for all ASR rules (except 2 rules which do not support exclusions).I really have no patience for users who don't read manuals or change logs! Oh wait, that's me! Thanks Andy. I'll see if adding exceptions helps with the two small issues (blocks) I see in the log.
Thanks to both of you for pointing this out. And also for the warning that the exclusions are applied almost globally.Look at point f) in my post:
Discuss - Hard_Configurator - Windows Hardening Configurator
Which are the two rules that don't support exclusions?
Thanks.And as you said in an earlier post, most of the ASR glitches come from the "lsass.exe" rule. On my system the log shows this rule blocked an operation by Bleachbit but BB seems to be working fine (unless there is some effect I'm not aware of). Same with Brave update. This is puzzling to me.
Edit: Now that I think of it, it was probably Bleachbit performing its occasional update check.
Thanks for the kind words. I will think about it, although it will be risky for some users.
From what I learned about rdpshell.exe it could work only with opened Remote Desktop session. But, H_C blocks it and some other remote features via <Block Remote Access>.Also would you consider to adding rdpshell.exe to the list of sponsors?
From the next version, H_C will stop actively disabling this feature. I do not want to enable it in H_C because when it fails, then the computer is bricked even after restarting into Safe Mode.
I am sure that you do not need to block it. Blocking remote control is very important for home users, so it is applied in H_C by default. The only way to use rdpshell.exe with disabled Remote Desktop could be related to some unknown Windows exploit and installation of some additional modules. But, your requests are always important to me so I will add rdpshell.exe to blocked Sponsors in the next version of H_C.RDPshell. not really at the moment, but when Microsoft starts to advice to block some unneeded programs (thx to @shmu26 Discuss - Microsoft Recommends Default-Deny (Sort of)) why not block this unnessecary (when not using remote also). Remote desktop allows access, RDPshell the (possibly malicious) action, so blocking both is a sort of double lock.
I am thinking about it for a long time, but still not sure. Blocking more than is actively used by malc0ders is dangerous to the system/software stability (H_C can block over 170 programs and modules from Windows folder).Is there a way to make the Sponsors list customizable, sort of like the Whitelist By Path list is? Then, extreme security enthusiasts can torture their own systems as they wish.