Serious Discussion Do you use default-deny approach in your system?

[devjitdutta2025]

Default-deny has both its pros and cons. For an average user like my parents or grandparents or those who are not so much knowledgeable about computers, it offers great protection. On my family PC, I use light default deny using WHHL. WDAC is set to block unknown files, SRP is used to restrict scripts and SS is forced for files downloaded from the Internet. The browser is also set to run sandboxed and I use only two extensions-Web Advisor and AdGuard. KeyScrambler is set to encrypt key strokes since my parents use the system for online banking. UAC is set to block elevation of unsigned programs while rest of the system is protected by K7 Total Security. Important files are backed up to an external HDD. This layered approach has been working so far for the last couple of years without any problems.

For my gaming PC, default deny will be a headache because my steam library games are constantly being updated. And since I consider myself to be a fairly advanced user I really have no reason for default-deny. I let my brain.exe do much of the work.

 

[LinuxFan58]

On my wife's laptop: SAC (whitelisting) + HardConfigurator (Avast Profile = old SWH + LoLBins block for standard users) + Defender in Zero Tolerance mode (whitelisting)
@Andy Ful now I am writing this I am wondering, What is the difference between SAC and MD in Max mode (of Configure Defender)

On my Linux Laptop: I wished I could restrict program installation to official repo's only (I have enabled this in the update manager, but sofware can also install by user error). Using a vanilla Linux Mint setup with sandboxing (AppArmor, FireJail and Flatpak)

 

[Parkinsond]

On my wife's laptop: SAC (whitelisting) + HardConfigurator (Avast Profile = old SWH + LoLBins block for standard users) + Defender in Zero Tolerance mode (whitelisting)
@Andy Ful now I am writing this I am wondering, What is the difference between SAC and MD in Max mode (of Configure Defender)

On my Linux Laptop: I wished I could restrict program installation to official repo's only (I have enabled this in the update manager, but sofware can also install by user error). Using a vanilla Linux Mint setup with sandboxing (AppArmor, FireJail and Flatpak)

Post in thread 'ConfigureDefender utility for Windows 10/11'

Sunday at 10:11 AM

What can the rule "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" add more than WHHL WDAC for evaluating an exe file?

Not much. However, the ASR rule is more dependent on the file prevalence, and WDAC on file reputation.

Are not both using the same backend?

Yes, but in a slightly different way.

• Andy Ful

• 
• 
• 

 

[oldschool]

What is the difference between SAC and MD in Max mode (of Configure Defender)

SAC uses a slimmed-down version of WDAC where MS does the whitelisting, whereas MD @ Max uses cloud intelligence and ASR rules.

You'd have to check other threads like @Parkinsond referenced above to get more detailed info.

 

[Andy Ful]

@Andy Ful now I am writing this I am wondering, What is the difference between SAC and MD in Max mode (of Configure Defender)

The difference is big.
You can use both.