Guide | How To Easy Application Control on Windows

[cartaphilus]

App Install Control - Easy Application Control on Windows
Post updated/corrected 05.05.2024

1. Can be easily applied in a few seconds (on Windows 11 the Smart App Control must be set to OFF).
2. Blocks files originating from the Internet Zone (files downloaded from the Internet - files with MotW).
   Default Block List includes over 100 file types (executables, scripts, scriptlets, shortcuts, etc.).
3. Allows popular documents, media files, and other files usually downloaded by home users (except application installers).
4. Does not affect already installed applications and software auto-updates.
5. Cannot break anything (installed software, Windows Updates, etc.).
6. No whitelisting, but the blocked file can be easily unblocked from the right-click Explorer context menu.
7. Allows application installations from Microsoft Store and gaming platforms (Steam, Epic Games, etc.).
8. Does not protect from malware distributed via removable drives shared with other people.

Default list of blocked file types (Windows 11):
.ade, .adp, .app, .appref-ms, .asp, .bas, .bat, .cer, .chm, .cmd, .cnt, .com, .cpl, .crt, .csh, .der, .exe, .fxp, .gadget, .grp, .hlp, .hpj, .hta, .img, .inf, .ins, .iso, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mcf, .mda, .mdb, .mde, .mdt, .mdw, .mdz, .msc, .msh, .msh1, .msh1xml, .msh2, .msh2xml, .mshxml, .msi, .msp, .mst, .msu, .ops, .pcd, .pif, .pl, .plg, .prf, .prg, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psm1, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .slk, .theme, .tmp, .vb, .vbp, .vbs, .vhd, .vhdx, .vsmacros, .vsw, .webpnp, .website, .ws, .wsc, .wsf, .wsh, .xnk

Those files are probably related to the IE Unsafe File List:
https://learn.microsoft.com/en-us/t...rivacy/information-about-the-unsafe-file-list

It is possible to extend the Block List to include other filetypes by editing the Registry key:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers
Details can be found in the post:
https://malwaretips.com/threads/easy-application-control-on-windows.130803/post-1085791

It would be recommended to add:
.accda, .accdu, .cab, .csv, .diagcab, .dqy, .ecf, .elf, .fon, .ime, .iqy, .jar, .mdf, .mdn, .oqy, .pa, .ppa, .ppam, .rqy, .rtf, .settingcontent-ms, .wll, .wwl, .xla, .xll, .xlm


View attachment 283170



How to tweak it.

View attachment 283169


How to unblock the file.

View attachment 283168

Easy Application Control can cover almost all initial attack vectors at home if one uses Microsoft Defender + ConfigureDefender, Windows built-in applications (archiver, email-client, etc.), and MS Office. See also:
https://malwaretips.com/threads/easy-application-control-on-windows.130803/post-1085906

If one is using ESET instead of defender then does this security setting still block attacks? What is lost by not using defender?

Thank you

 

[Andy Ful]

If one is using ESET instead of defender then does this security setting still block attacks?

Yes.

What is lost by not using defender?

Defender.

The advantage of using Microsoft Defender over Eset is when you use Defender with advanced settings (ASR rules, Network Protection), especially with Microsoft Office and Adobe Acrobat Reader.

 

[Andy Ful]

Updated the info in OP:
On Windows 11, App Install Control works as explained when SAC is in Evaluate Mode or OFF.

 

[Studynxx]

Super interesting, will read later today