Do you use security reg tweaks?

[koko]

From my experience, the hardest thing to teach grandpa may be not ignoring SmartScreen alerts.

True, but I mean things like, disable CMD and only allow elevated exe if they are signed and so on

 

[Tony Cole]

No, as I have set AppGuard to block a huge majority of the above.

 

[Tony Cole]

Wow, they teach computer science now at GCSE (didn't in my day, but then I did finish mine in 2000)

@Andy Ful I think that in schools instead of the students being educated on how to use Microsoft Office products (which they most likely can already use very well) and the similar, they should crack down on educating people more about cyber-security and how they can keep themselves safe when using a computer altogether - at least educate them on some basic good security practises, such as making sure to use an ad-blocker to reduce the chances of them being a victim of malvertising, validating digital signatures, scanning new downloads on services like VirusTotal (you'd be surprised - many people won't even know of these services or now how to use them/understand the results), working with sandboxing/virtualisation and reverting with snapshots, etc.

As an addition to this, I think that workplace companies should start enforcing their employees (who have access to the systems) to take a custom cyber security/computing education course within the company itself which will be more advanced and focused on making the employees general knowledge on cyber-security much tougher, but also focusing on other topics such as social engineering.

I remember when I was still at school last year finishing my GCSEs and in computer science we were forced to study a bunch of rubbish; instead of wasting time and testing us on things which don't matter that much, they could have started educating people on important topics such as cyber-security. Since if you get a job at a company and do not know what you are doing, all it takes is the attacker to send one e-mail and if the user opens this e-mail he/she then becomes vulnerable to the social engineering and can potentially end up compromising the systems by handling one of the e-mail attachments (just added this part as a base example). Whereas, if they were trained properly and were stronger in cyber-security, they may have either not opened the e-mail at all (or deleted it), or opened it and then reported it for spam/untrusted purposes and left the attachments alone, not resulting in the systems becoming compromised.

Sorry for going a bit off-topic.

 

[Wave]

Wow, they teach computer science now at GCSE (didn't in my day, but then I did finish mine in 2000)

They teach "computer science" but it's not the stuff you'd want to be learning. They taught a bit about hardware (very basic things) and some VB.NET; I actually kind of failed because I refused to spend my time doing it as I had studied this years beforehand and at the time I was already developing device drivers and doing these sorts of things.

For someone who wants to go into computing as a software engineer or the such, they will want to study computer science at University as opposed to school/college; chances are you'd be studying languages like C, C++ and x86/x64 Assembly. With school/college for computer science I think you'd just be wasting your time as you can achieve better results from home at ease.

 

[Av Gurus]

"Prevent programs from loading untrusted fonts (only Windows 10):
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

Is this number right?

 

[Tony Cole]

Ah, cool. I'm a doctor so I focused on science's.

 

[Wave]

"Prevent programs from loading untrusted fonts (only Windows 10):
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

Is this number right?

Yes, however make sure to have a backup of the registry at all times no matter how small the change you are making say on case; it's always good practise to be able to revert back at ease and safely.

 

[Av Gurus]

Is this DWORD?
Hexa or..?

 

[Wave]

Is this DWORD?
Hexa or..?

Set the value with hexadecimal.

 

[shmu26]

I also noticed problems with loading igfx tray module (Intel HD Graphics)... when command prompt is disabled

that's an interesting fact. I have noticed that after installing certain security softs, namely Kaspersky Internet Security or COMODO, that there is a problem with the igfx loading right.

 

[Av Gurus]

I tried but there are too many numbers?

 

[Wave]

Is this DWORD?
Hexa or..?

I tried but there are too many numbers?

Set the value (hexadecimal) as e8d4a51000 - test if it works.

Make sure you have a backup of the registry and if it was wrong or causes a problem then revert back and try again, so don't worry much.

 

[shmu26]

you can disable CMD and powershell and wscript, etc, in Kaspersky Application Control, or make a block rule in Emsisoft or in COMODO.
You can also do this in Process Lasso (although I had an issue with it forgetting my rules)
If you block these processes through your security softs, it is a lot easier to renable them when you need them...

 

[Wave]

I tried but there are too many numbers?

If you're running Windows 10 Pro or better you can use the Group Policies to achieve what you want to do, so you won't need to touch the registry at all yourself manually.

 

[ForgottenSeer 55474]

I have never used registry tweaks,perhaps if i knew they existed

 

[_CyberGhosT_]

you can disable CMD and powershell and wscript, etc, in Kaspersky Application Control, or make a block rule in Emsisoft or in COMODO.
You can also do this in Process Lasso (although I had an issue with it forgetting my rules)
If you block these processes through your security softs, it is a lot easier to renable them when you need them...

You can also disable CMD via Process Lasso
Like I said, I have a ton of RegTweaks but most of them are being made obsolete because
you can do so much more with software these days, if you know which software to use

 

[tim one]

That was a great choice IMO, and I fully agree with you!

Thanks, if someone is interested :

Start PowerShell (powershell.exe) as administrator.
Run the following command and press ENTER:

Set-MpPreference -PUAProtection 1

 

[Av Gurus]

This is the same thing as reg tweak or...?

 

[tim one]

This is the same thing as reg tweak or...?

Yes you get the same results, I tested WD with Opencandy and it detected It without problems.
Just reboot after that command

 

[Av Gurus]

I already have reg tweak and testing everyday in VM (Win Def + PUP enable) with malware pack from Malware Hub.