Do you use security reg tweaks?

  • Total voters
    47
  • Poll closed .

Der.Reisende

Level 40
Verified
Trusted
Content Creator
Malware Hunter
If you are happy, it means that maybe you do not need them.:)
Fully agree, I did not knew them as well, have learned 'bout the Win Defender "hack" via internet only, too :)

I've enabled PUP detection on WD via Powershell but as regards any registry tweaks it is necessary to have a copy of the registry or a working OS image backup.
Me 2. The only registry tweak I dare to apply.
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
It is a string, I was making DWORD....:oops:

View attachment 122931
You found out this by yourself, so I was late. Every reg tweak I put in my post is exported from the Registry. So, it can be imported via regedit.exe . For example create the file UntrustedFontBlocking.reg in the notepad and copy the text between asterisks:

**********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

**********
then import the UntrustedFontBlocking.reg in regedit.exe (Menu-File-Import) .:)
 

Av Gurus

Level 29
Verified
Trusted
Malware Hunter
You found out this by yourself, so I was late. Every reg tweak I put in my post is exported from the Registry. So, it can be imported via regedit.exe . For example create the file UntrustedFontBlocking.reg in the notepad and copy the text between asterisks:

**********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

**********
then import the UntrustedFontBlocking.reg in regedit.exe (Menu-File-Import) .:)
Or I can use "Merge"...;)

Clipboard01.jpg
 
  • Like
Reactions: Andy Ful

Andy Ful

Level 46
Verified
Trusted
Content Creator
Here is more detailed info:

  1. Block untrusted fonts and log events
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 1000000000000
  2. Do not block untrusted fonts
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 2000000000000
  3. Log events without blocking untrusted fonts
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 3000000000000
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
It is time to sum up the thread.

Nearly 50% users do not use reg tweaks. There are several reasons for that:
* The detailed information about reg tweaks is not widely known.
* Many users do not know how to apply tweaks safely.
* Restricted code execution can cause issues when running some programs.
* Learning and adopting some good safety rules may be the better way to system security.
* Tweaks are not needed when using good security software (Emsisoft, Kaspersky, ..., AppGuard, NVT ERP, etc.).
* After some time, it is hard to find out which tweaks are actually applied.
* They are not convenient for people that often use scripts.

Why some people use reg tweaks?
* Experienced users can overcome difficulties listed above.
* Windows built-in security is the best for system compatibility/stability.
* Many people use computers only for basic tasks, utilize Windows Store Applications, and do not install many desktop programs (Windows 8+).
* The reg tweaks listed in this thread, when applied safely, do not mess up the system, and significantly harden its security.
 
W

Wave

It is time to sum up the thread.

Nearly 50% users do not use reg tweaks. There are several reasons for that:
* The detailed information about reg tweaks is not widely known.
* Many users do not know how to apply tweaks safely.
* Restricted code execution can cause issues when running some programs.
* Learning and adopting some good safety rules may be the better way to system security.
* Tweaks are not needed when using good security software (Emsisoft, Kaspersky, ..., AppGuard, NVT ERP, etc.).
* After some time, it is hard to find out which tweaks are actually applied.
* They are not convenient for people that often use scripts.

Why some people use reg tweaks?
* Experienced users can overcome difficulties listed above.
* Windows built-in security is the best for system compatibility/stability.
* Many people use computers only for basic tasks, utilize Windows Store Applications, and do not install many desktop programs (Windows 8+).
* The reg tweaks listed in this thread, when applied safely, do not mess up the system, and significantly harden its security.
Nice work! :)

I noticed you joined in 2014, but I didn't see your posts until recently (sadly), and I also you are also a developer: Run by Smartscreen utility - keep up the great work!

I do not know if you are familiar with the documented stuff regarding the Native API and the such, but if you ever do get into it/need to use it and need help, let me know in a PM and I'll be happy to help you on using functions like NtTerminateProcess and the such.

Keep up the great work, IMO you are a Trusted Member (in my mind at least) even without the badge and a valued member on the community :)
 
Last edited by a moderator:
W

Wave

I've noticed you've been making lots of useful posts, too. Keep it that way.:)
Thank you :) But in reality I do not post as much as I used too (on old account - @kram7750, made some ok posts on rootkits and the such... not the best though haha) due to some personal reasons so I just chill with music and do my programming/reverse engineering work haha. But your posts are very nice and educated, I like them :) some other great members would be all the staff + @DardiM + @tim one (sorry if I didn't mention you here, everyone pretty much makes great posts, I end up spamming the Like button on every post I see) :)

This community is great and really friendly IMO, I doubt there's a better one out there