Do we actually need so many security programs?

Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
erreale said:
You forgot VoodooShield!

:):)
Click to expand...
I did not. :giggle:
VS is anti-exe, and CF is set as anti-exe and has HIPS and firewall (3 elements in one application).

In fact, I totally agree with @Lockdown (he knows it). Sometimes, I try to look at the problem from the opposite point of view to find some sense in the apparent nonsense (twisted bot-logic).
I think that two years ago, I would like such a layered protection.
 
Last edited:
  • Like
Reactions: bribon77, KonradPL, ForgottenSeer 72227 and 3 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
KonradPL said:
What is the best and simple way to disable script interpreters in windows 10 pro?
Click to expand...
There isn't one.
This is the fine art of OS hardening, and of SRP/anti-exe.
Poke around the forum, you will find a lot on the subject. But I can tell you right now, there isn't a button you can press to effortlessly and safely disable all interpreters.
 
  • Like
Reactions: Jack, FrankN209, KonradPL and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
You can use SysHardener to:
  • disable VBScript and JScript interpreters (wscript.exe and cscript.exe which can host JS, JSE, VBS, VBE, WSF, WSH files),
  • block PowerShell scripts execution from local drives,
  • block fileless PowerShell script execution (from remote locations) and other advanced functions via Constrained Language Mode.
But there are some other script Interpreters like JavaScript (mshta.exe for HTA files and hh.exe CHM files), etc. which cannot be disabled by the SysHardener ver. 1.5 (actual version). Furthermore, SysHardener does not allow whitelisting.

On Windows Pro (GPO or external configurator), one can use SRP and Windows policies to block any Interpreter. Windows Policies do not allow whitelisting, but SRP allows whitelisting VBScript, JScript, and also CMD scripts (BAT and CMD files). SRP has some advantage of compatibility and system stability, because it can block Interpreters started with medium rights and allow those started with higher rights (may be used sometimes by task scheduler).

When using OSArmor, the user can disable or restrict many Interpreters like VBScript, JScript, JavaScript, PowerShell, etc. OSArmor allow whitelisting the execution of the particular scripts by whitelisting (adding exclusions). Yet, some Interpreters are still allowed, like hh.exe (for CHM files).

There are some other options, like Excubits Bouncer driver, or Anti-Exe applications.
 
Last edited:
  • Like
Reactions: Handsome Recluse, Tiny, mlnevese and 6 others
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I always go with this graph. Do you have every layer covered? Some programs cover multiple layers like security suites. Others only cover one. If you have a security suite and a good brain capable of being a careful and skeptical Internet user, you really don't have to worry about anything other than intrusion detection and even that is pretty rare in a home environment if you don't draw attention to yourself on the Internet.

iu


But like the graph is showing, the best security is you the user, brain.exe. Everything depends on brain.exe. All the other programs are just for your convenience and automation. I think the most underrated security software is Windows Update, Group Policy and your favorite backup program of your choice. I recommend Group Policy to everyone because it's just like registry tweaks but your security tweaks persists through feature updates and across the entire computer no matter how many users you add or remove.
 
  • Like
Reactions: erreale, oldschool, bribon77 and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
DeepWeb said:
...
I recommend Group Policy to everyone because it's just like registry tweaks but your security tweaks persists through feature updates and across the entire computer no matter how many users you add or remove.
Click to expand...
The same is true for any configurator program or even the reg tweaks which can apply Windows policies directly into the Windows Registry. The problem with GPO is that there are many security settings scattered in different places. Many of those settings are prepared for managing local networks. I think that over 90% settings are not required in the home environment, and they are already properly set by default.
If the user wants to check the actual setup, that can take a long time, unless he/she remembers exactly where the required settings are located in gpedit. GPO is good for the locked system (little or no changes), but not when the user wants to make quick changes of many policies.
 
  • Like
Reactions: oldschool, Handsome Recluse, bribon77 and 2 others
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Andy Ful said:
The same is true for any configurator program or even the reg tweaks which can apply Windows policies directly into the Windows Registry. The problem with GPO is that there are many security settings scattered in different places. Many of those settings are prepared for managing local networks. I think that over 90% settings are not required in the home environment, and they are already properly set by default.
If the user wants to check the actual setup, that can take a long time, unless he/she remembers exactly where the required settings are located in gpedit. GPO is good for the locked system (little or no changes), but not when the user wants to make quick changes of many policies.
Click to expand...
Well it's less complicated than registry but I agree that they should at least have a search function in Group Policy so people can quickly jump to what they are looking for. Thankfully there are guides that tell people what to configure step by step. I learned from this one:
Penetration Testers’ Guide to Windows 10 Privacy & Security

And since then I've been googling and adding more and more to my Group Policy. But you are right. Thankfully Windows 10's feature updates do a pretty good job at implementing the best policies but there are others where I'm scratching my head.
 
  • Like
Reactions: oldschool, Andy Ful and bribon77
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
  • Like
Reactions: shmu26, oldschool, DeepWeb and 1 other person
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Andy Ful said:
Applying the policy settings via Windows Security Baseline is not suited to the home users. Those settings are prepared for Enterprises. For example, the settings for MS Office do not block macros, OLE etc.
Click to expand...
Eh I didn't apply THAT part. It's indeed too strict. But the rest of the guide is still great. But it's not about applying the things what make this guide good. It's about how it introduces users to what these Group policy objects are doing. Note this guide was created when 1607 came out and many many of the security configurations were not in place in Windows 10 and EMET was still a thing LMAO. I've seen Microsoft adopt these settings with each feature update. But personally I'm a tinfoil hat kind of person and I don't trust the default. I make sure that the Group Policy enforces it as well so nothing can change the "default". (y)
 
  • Like
Reactions: Andy Ful and oldschool
Cortex

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I've been looking at 'EXE Radar Pro' which is a pay product @ version 3 - From my reading version 4 is in beta but may be free. Anyone know if that's true. My VooDoo Shield is near to expire & although I could use the free version, I just wondered about Radar? I really want to put a similar program on my other half's laptop & to buy either program is a bit much for 2 or 3 licences.
 
  • Like
Reactions: oldschool
5

509322

DeepWeb said:
they should at least have a search function in Group Policy so people can quickly jump to what they are looking for.
Click to expand...

There is a search\filtering function. It can be found in the File sub-menu.

Most admins don't use Group Policy precisely because they don't want to be bothered with having to spend hours researching only to find tid-bits of infos here and there all across the web. There's no official in-depth Microsoft documentation. That is a huge problem with all things Microsoft.
 
  • Like
Reactions: FrankN209 and harlan4096

Similar threads

S
    • Wow
Serious Discussion Do we have official - of any date - proof that BitLocker has a backdoor?
Replies
8
Views
442
General Security Discussions
Wrecker4923
Wrecker4923
Digmor Crusher
    • Like
    • Applause
Serious Discussion Best Software For Identity Protection
Replies
16
Views
1,101
General Security Discussions
Kubla
K
pithlyx
    • Like
Advice Request Do I Need an Anti-Malware?
Replies
20
Views
2,336
General Security Discussions
JordanMason8
J

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top