Question Firewall Hardening: Should i block all lolbins or just use H_C Recommended?

Azazel · Jun 21, 2023

Will there be any false positives if I block them all?

piquiteco · Jun 21, 2023

@Azazel On my H_C I block all lolbins and have no problems at all.

ScandinavianFish · Jun 22, 2023

FYI: FirewallHardening doesn't include all LOLbins that is abused by malware in it's presets. I have personally manually added every single one and has so far not encountered a single false positive.

ForgottenSeer 97327 · Jun 22, 2023

@Andy Ful posted he will update the sponsors/Lolbin in a future release. My experience:when on Admin it is easier to block enhanced in H_C and all LoLbins in FW hardening. When running as SUA you can max out H_C also.

Andy Ful · Jun 22, 2023

Azazel said:
Will there be any false positives if I block them all?

Most users should apply only H_C Recommended. In this way, you can get 95% of the protection available via FirewallHardening with 5% of the required effort. Of course, you can fight for the last 5% if you like, but your effort can increase to 100%.

I know people who have many blocks related to explorer.exe.

Search

Question Firewall Hardening: Should i block all lolbins or just use H_C Recommended?

Azazel

Level 5

piquiteco

Level 14

ScandinavianFish

Level 7

ForgottenSeer 97327

Andy Ful

From Hard_Configurator Tools

Similar threads