- Aug 19, 2019
- 1,222
Update @Andy Ful Well, no blockings. Must be something running in the background affecting it instead then. Very odd. Anyway, will investigate further, thanks for the help.
Compatelrunner.exe and Explorer.exe were blocked by LOLBins rules. Some legal applications and services can use Explorer to make outbound connections.Oh ok, thanks. Not sure what it was that was affecting it then. I'll have to re-test it and see what's blocking. The only blocks I can see previously have been svchost, Compatelrunner.exe and Explorer.exe. I'll do a test again. Maybe it was something else affecting it. Will update you in a few.
Compatelrunner.exe and Explorer.exe were blocked by LOLBins rules. Some legal applications and services can use Explorer to make outbound connections.
Windows Defender Exploit Guard heeft een bewerking geblokkeerd die niet is toegestaan door uw IT-beheerder.
Neem voor meer informatie contact op met uw IT-beheerder.
ID: 26190899-1602-49E8-8B27-EB1D0A1CE869
Detectietijd: 2019-11-06T17:56:39.752Z
Gebruiker:
Pad: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Procesnaam: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12130.20272.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE
Versie van beveiligingsinformatie: 1.305.1539.0
Engineversie: 1.1.16500.1
Productversie: 4.18.1910.4
What version of Outlook? What level have you set ConfigureDefender to?Can somebody help me with this error when clicking a link in Outlook I get an error instead of opening Edge.
Not having that problem with outlook.com on the web.
Outlook 2016 (version 1910 build 12130.20272 Microsoft Store).What version of Outlook? What level have you set ConfigureDefender to?
No issue with Outlook 2010 at my end with H_C at recommended, ConfigureDefender at High. Tried with several links.
Erz
This block comes from the ASR rule: "Block only Office communication applications from creating child processes". It is a protection against exploiting Outlook. If you did not have this issue before, then it means that Microsoft did not whitelist your version of Edge Chromium, yet.Can somebody help me with this error when clicking a link in Outlook I get an error instead of opening Edge.
Not having that problem with outlook.com on the web.
I use Edge Chromium Stable 79.0.309.14.This block comes from the ASR rule: "Block only Office communication applications from creating child processes". It is a protection against exploiting Outlook. If you did not have this issue before, then it means that Microsoft did not whitelist your version of Edge Chromium, yet.
Do you use Edge Chromium Dev or another non-stable version?
Do you have the same problem if you change the default web browser to native Edge?
Can you open the web links from Word?
Sounds very interesting. Would Avast be a more secure combo with H_C , better than Windows Defender with H_C?While working on new H_C features, I realized that adding MOTW to the file can force CyberCapture feature in Avast - similarly to forcing the SmartScreen. CyberCapture is turned on by default, but normally is triggered only for files downloaded from the Internet (just like for Windows SmartScreen Application Reputation).
View attachment 229427
The suspicious EXE file is blocked, uploaded to the Avast cloud, and detonated in Sandbox. This feature is similar to the WD feature available only on Windows E5 editions.
For now, there are Avast_Hardened_Mode_Aggressive profiles in H_C to work with Avast set to Hardened Mode Aggressive. This setting is not available via modern Avast GUI, because the option "Enable Hardened Mode" can apply only Hardened Mode Moderate settings. The Hardened Mode Aggressive settings can be still activated via:
Menu > Settings > Troubleshooting > Open old settings
I can create an additional H_C profile that will force Avast CyberCapture instead of using Hardened Mode Aggressive settings. This profile will also apply the lowered EXE / MSI Restrictions which will be introduced in the new H_C version, so the applications will be allowed to auto-update without problems. This profile will work with Avast on Windows Vista, 7, 8, 8.1, and 10 as the set-and-forget smart-default-deny setup.
The most advantage will be on Windows Vista and Windows 7, because CyberCapture will work and SmartScreen is not available.Sounds very interesting. Would Avast be a more secure combo with H_C , better than Windows Defender with H_C?
Is this feature basically the same as whitelisting the AppData and ProgramData directories?<Lower EXE Restrictions> feature
CyberCapture is very strong for EXE files, stronger than WD MAX Protection Level and probably
Not exactly. It can do the below things:Is this feature basically the same as whitelisting the AppData and ProgramData directories?
If the user respects SmartScreen then there is no real difference in the preventive protection on Windows 8+, because SmartScreen is probably stronger than WD MAX Protection level and Avast CyberCapture.Are you referring to Windows 8 (it's in the same block as for Windows 8 but it's unclear to me if that's the context) ?
If you mean the ASR rule "Block executable files from running unless they meet a prevalence or trusted list criteria", then no one knows the criteria used by Microsoft for EXE files. So, it is hard to say if it is stronger than the Avast CyberCapture feature (I do not know).On Windows 10 such functionality exists in ASR for runtime checks.
It seems that Intel® RealSense™ SDK Runtime : Lantern Rock, is blocked. But, it is probably not related to FirewallHardening block rules, except when it uses scripts or one of LOLBins.Hello. Is this a direct result of the work of the Firewall Hardening Tool? Have not done anything to the System otherwise.
Edit: Previously and currently, I use this to block outbound telemetry-related connections. Clearly this method is no longer optimum. Perhaps Microsoft added new paths (wouldn't be a major surprise there)? Re-edit: yes, just checked, this is a "new" one.