- Aug 19, 2019
- 1,222
Only Chromium Edge can be most secure configured in anti exploit protection.
For H_C none of that is important
Sure, but only edge still works with one extra protectionAny browser may be configured in Windows 10 anti-exploit protection.
Exploit Protection is also available in Windows10 Home:Thanks. I only have Windows 10 Home so I don't have the advanced anti-exploit but yeah, I'm protected by H_C. I just had some uBO issues with Chromium Edge bt using the Microsoft Store version of it although outdated fixed it so far. I just thought I'd check while testing it and for when I se other browsers occasionally. (1.23.0 Win store version and Chrome store version 1.24.4). Anyway, that's off topic but good to know I'm protected whatever I use
I only have Windows 10 Home so I don't have the advanced anti-exploit
Sure, but only edge still works with one extra protection
Edge (native or Chromium) has the strongest Exploit Protection settings. Most of these settings (but not all) can be applied to any web browser. As for privacy, it is not the best solution (like Google Chrome too). Anyway, it is probably the best web browser (except web browsers with dedicated Banking Protection) for banking. So, you can use Edge as a separate web browser only for Banking.
If you have Windows 10 Pro, then you can also enable WD Application Guard. This would be the best Banking web browser, but I am not sure how is its impact on system performance.
Better use the work around from Microsoft until they publish the update which fix the vulnerability
....This workaround does not prevent exploitation of SMB clients.
Microsoft provide workaround for both client and server.Disabling SMBv3 compression only works on servers.
For some time now I have implemented the guidelines described in FAQ2.
But with this vulnerability I suspect that they are not enough.
The workaround is disabling SMB (recommended by Microsoft). You probably thought about the vulnerability patch via Windows Updates?Microsoft provide workaround for both client and server.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Right.Gentlemen sorry but nothing is understood.
The Powershell command:
disables SMBv3 compression. (server side).
It's the recommend workaround from Microsoft until they finish the update.
Disable SMB via any method, if you do not use devices that rely on SMB protocols. That is a Microsoft recommendation....
@Andy Ful
You instead,suggest to completely disable the SMB3 protocol (and therefore also SMB2) with your tool?
It is not blocked by H_C (FirewallHardening), except If you manually added the file path for msmpeng.exe - simply check the entries visible in the FirewallHardening window. The firewall log shows all outbound connections blocked by Windows Firewall. You probably use something else to restrict the Windows Firewall connections.@Andy Ful Im still on Hard Configurator 5.0.0.0 on Windows 10 pro. When I checked the firewall log I see multiple blocks for MS AV.
Local Time: 2020/03/17 17:15:26
ProcessId: 3612
Application: C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
Direction: Outbound
SourceAddress: 192.168.X.XX
SourcePort: 50439
DestAddress: 40.115.3.210
DestPort: 443
Protocol: 6
FilterRTID: 74420
LayerName: %%14611
LayerRTID: 48
The file is clean on Virus Total and im pretty sure the pc also. I always used HC with nearly everything possible checked, even the firewall rules and never saw these blocks afaik.(Haven't changed my H_C config the last weeks)
So whats with the blocks now?
Thanks Andy, I didn't add anything manually in H_C Firewall besides the options you gave me (recommended + lol bins) but Im using Glaswire as a firewall (ms av not blocked). Since it seems to be my specific software config I will have to tinker around a bit.
Thanks a lot for the fast answer
Edit:
I still seem to have the message in the firewall log every now and then, but I can still let windows defender scan files or search and find protection updates. So any chance to test if ms av is working as intended (without trying an actual malware pack)? I don't care about a log as long as it works