Do you use security reg tweaks?

Status
Not open for further replies.

Der.Reisende

Level 44
Verified
Trusted
Content Creator
Malware Hunter
Dec 27, 2014
3,350
If you are happy, it means that maybe you do not need them.:)
Fully agree, I did not knew them as well, have learned 'bout the Win Defender "hack" via internet only, too :)

I've enabled PUP detection on WD via Powershell but as regards any registry tweaks it is necessary to have a copy of the registry or a working OS image backup.
Me 2. The only registry tweak I dare to apply.
 

Av Gurus

Level 29
Verified
Trusted
Malware Hunter
Sep 22, 2014
1,768
Set the value (hexadecimal) as e8d4a51000 - test if it works.

Make sure you have a backup of the registry and if it was wrong or causes a problem then revert back and try again, so don't worry much.

This is still to much numbers...

Clipboard01.jpg
 

Andy Ful

Level 69
Verified
Trusted
Content Creator
Dec 23, 2014
5,876
It is a string, I was making DWORD....:oops:

View attachment 122931

You found out this by yourself, so I was late. Every reg tweak I put in my post is exported from the Registry. So, it can be imported via regedit.exe . For example create the file UntrustedFontBlocking.reg in the notepad and copy the text between asterisks:

**********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

**********
then import the UntrustedFontBlocking.reg in regedit.exe (Menu-File-Import) .:)
 

Av Gurus

Level 29
Verified
Trusted
Malware Hunter
Sep 22, 2014
1,768
You found out this by yourself, so I was late. Every reg tweak I put in my post is exported from the Registry. So, it can be imported via regedit.exe . For example create the file UntrustedFontBlocking.reg in the notepad and copy the text between asterisks:

**********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

**********
then import the UntrustedFontBlocking.reg in regedit.exe (Menu-File-Import) .:)

Or I can use "Merge"...;)

Clipboard01.jpg
 
  • Like
Reactions: Andy Ful

Andy Ful

Level 69
Verified
Trusted
Content Creator
Dec 23, 2014
5,876
Here is more detailed info:

  1. Block untrusted fonts and log events
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 1000000000000
  2. Do not block untrusted fonts
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 2000000000000
  3. Log events without blocking untrusted fonts
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 3000000000000
 

Andy Ful

Level 69
Verified
Trusted
Content Creator
Dec 23, 2014
5,876
It is time to sum up the thread.

Nearly 50% users do not use reg tweaks. There are several reasons for that:
* The detailed information about reg tweaks is not widely known.
* Many users do not know how to apply tweaks safely.
* Restricted code execution can cause issues when running some programs.
* Learning and adopting some good safety rules may be the better way to system security.
* Tweaks are not needed when using good security software (Emsisoft, Kaspersky, ..., AppGuard, NVT ERP, etc.).
* After some time, it is hard to find out which tweaks are actually applied.
* They are not convenient for people that often use scripts.

Why some people use reg tweaks?
* Experienced users can overcome difficulties listed above.
* Windows built-in security is the best for system compatibility/stability.
* Many people use computers only for basic tasks, utilize Windows Store Applications, and do not install many desktop programs (Windows 8+).
* The reg tweaks listed in this thread, when applied safely, do not mess up the system, and significantly harden its security.
 
W

Wave

It is time to sum up the thread.

Nearly 50% users do not use reg tweaks. There are several reasons for that:
* The detailed information about reg tweaks is not widely known.
* Many users do not know how to apply tweaks safely.
* Restricted code execution can cause issues when running some programs.
* Learning and adopting some good safety rules may be the better way to system security.
* Tweaks are not needed when using good security software (Emsisoft, Kaspersky, ..., AppGuard, NVT ERP, etc.).
* After some time, it is hard to find out which tweaks are actually applied.
* They are not convenient for people that often use scripts.

Why some people use reg tweaks?
* Experienced users can overcome difficulties listed above.
* Windows built-in security is the best for system compatibility/stability.
* Many people use computers only for basic tasks, utilize Windows Store Applications, and do not install many desktop programs (Windows 8+).
* The reg tweaks listed in this thread, when applied safely, do not mess up the system, and significantly harden its security.
Nice work! :)

I noticed you joined in 2014, but I didn't see your posts until recently (sadly), and I also you are also a developer: Run by Smartscreen utility - keep up the great work!

I do not know if you are familiar with the documented stuff regarding the Native API and the such, but if you ever do get into it/need to use it and need help, let me know in a PM and I'll be happy to help you on using functions like NtTerminateProcess and the such.

Keep up the great work, IMO you are a Trusted Member (in my mind at least) even without the badge and a valued member on the community :)
 
Last edited by a moderator:
W

Wave

I've noticed you've been making lots of useful posts, too. Keep it that way.:)
Thank you :) But in reality I do not post as much as I used too (on old account - @kram7750, made some ok posts on rootkits and the such... not the best though haha) due to some personal reasons so I just chill with music and do my programming/reverse engineering work haha. But your posts are very nice and educated, I like them :) some other great members would be all the staff + @DardiM + @tim one (sorry if I didn't mention you here, everyone pretty much makes great posts, I end up spamming the Like button on every post I see) :)

This community is great and really friendly IMO, I doubt there's a better one out there
 
Status
Not open for further replies.
Top