Do you use security reg tweaks?

Status
Not open for further replies.

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
If you are happy, it means that maybe you do not need them.:)
Fully agree, I did not knew them as well, have learned 'bout the Win Defender "hack" via internet only, too :)

I've enabled PUP detection on WD via Powershell but as regards any registry tweaks it is necessary to have a copy of the registry or a working OS image backup.
Me 2. The only registry tweak I dare to apply.
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
I was doing some registry tweaks in my system some years ago.
Sometimes i messed up the system:D so after a while i stopped doing it.
Nowadays even if i am tempted i am not proceeding;).
Maybe if i get a second pc but who knows:)
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Set the value (hexadecimal) as e8d4a51000 - test if it works.

Make sure you have a backup of the registry and if it was wrong or causes a problem then revert back and try again, so don't worry much.

This is still to much numbers...

Clipboard01.jpg
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It is a string, I was making DWORD....:oops:

View attachment 122931

You found out this by yourself, so I was late. Every reg tweak I put in my post is exported from the Registry. So, it can be imported via regedit.exe . For example create the file UntrustedFontBlocking.reg in the notepad and copy the text between asterisks:

**********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

**********
then import the UntrustedFontBlocking.reg in regedit.exe (Menu-File-Import) .:)
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
I'm testing this on virtual machine.
On my main PC i use SRP tweak with Basic user from this thread - CLICK
 
  • Like
Reactions: Wave and Andy Ful

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
You found out this by yourself, so I was late. Every reg tweak I put in my post is exported from the Registry. So, it can be imported via regedit.exe . For example create the file UntrustedFontBlocking.reg in the notepad and copy the text between asterisks:

**********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions]
"MitigationOptions_FontBocking"="1000000000000"

**********
then import the UntrustedFontBlocking.reg in regedit.exe (Menu-File-Import) .:)

Or I can use "Merge"...;)

Clipboard01.jpg
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Here is more detailed info:

  1. Block untrusted fonts and log events
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 1000000000000
  2. Do not block untrusted fonts
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 2000000000000
  3. Log events without blocking untrusted fonts
    Registry Hive HKEY_LOCAL_MACHINE
    Registry Path SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions
    Value Name MitigationOptions_FontBocking
    Value Type REG_SZ
    Value 3000000000000
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Or I can use "Merge"...;)

View attachment 122933
Yes, of course. I nearly forgot the simplest methods ('left double click', 'Enter' or 'right click - merge') because I use Software Restriction Policies. With SRP all above methods do not work, when the reg file is outside whitelisted folders.:)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It is time to sum up the thread.

Nearly 50% users do not use reg tweaks. There are several reasons for that:
* The detailed information about reg tweaks is not widely known.
* Many users do not know how to apply tweaks safely.
* Restricted code execution can cause issues when running some programs.
* Learning and adopting some good safety rules may be the better way to system security.
* Tweaks are not needed when using good security software (Emsisoft, Kaspersky, ..., AppGuard, NVT ERP, etc.).
* After some time, it is hard to find out which tweaks are actually applied.
* They are not convenient for people that often use scripts.

Why some people use reg tweaks?
* Experienced users can overcome difficulties listed above.
* Windows built-in security is the best for system compatibility/stability.
* Many people use computers only for basic tasks, utilize Windows Store Applications, and do not install many desktop programs (Windows 8+).
* The reg tweaks listed in this thread, when applied safely, do not mess up the system, and significantly harden its security.
 
W

Wave

It is time to sum up the thread.

Nearly 50% users do not use reg tweaks. There are several reasons for that:
* The detailed information about reg tweaks is not widely known.
* Many users do not know how to apply tweaks safely.
* Restricted code execution can cause issues when running some programs.
* Learning and adopting some good safety rules may be the better way to system security.
* Tweaks are not needed when using good security software (Emsisoft, Kaspersky, ..., AppGuard, NVT ERP, etc.).
* After some time, it is hard to find out which tweaks are actually applied.
* They are not convenient for people that often use scripts.

Why some people use reg tweaks?
* Experienced users can overcome difficulties listed above.
* Windows built-in security is the best for system compatibility/stability.
* Many people use computers only for basic tasks, utilize Windows Store Applications, and do not install many desktop programs (Windows 8+).
* The reg tweaks listed in this thread, when applied safely, do not mess up the system, and significantly harden its security.
Nice work! :)

I noticed you joined in 2014, but I didn't see your posts until recently (sadly), and I also you are also a developer: Run by Smartscreen utility - keep up the great work!

I do not know if you are familiar with the documented stuff regarding the Native API and the such, but if you ever do get into it/need to use it and need help, let me know in a PM and I'll be happy to help you on using functions like NtTerminateProcess and the such.

Keep up the great work, IMO you are a Trusted Member (in my mind at least) even without the badge and a valued member on the community :)
 
Last edited by a moderator:
W

Wave

I've noticed you've been making lots of useful posts, too. Keep it that way.:)
Thank you :) But in reality I do not post as much as I used too (on old account - @kram7750, made some ok posts on rootkits and the such... not the best though haha) due to some personal reasons so I just chill with music and do my programming/reverse engineering work haha. But your posts are very nice and educated, I like them :) some other great members would be all the staff + @DardiM + @tim one (sorry if I didn't mention you here, everyone pretty much makes great posts, I end up spamming the Like button on every post I see) :)

This community is great and really friendly IMO, I doubt there's a better one out there
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top