Andy Ful

Level 63
Verified
Trusted
Content Creator
I had an update from Tom Tom Home blocked:

The only option to perform this update was switching off Default Deny.
Whitelisting didn't work for me.
How do I whitelist this?
Please use:
<Whitelist By Path> <Add Path*Wildcards> to whitelist the shortcuts. Copy/paste the path:
C:\Users\--------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk
Please replace "----------" with your username. (y)
 
Last edited:

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
What is the blocked entry now in the Log?
I have the same entry four times in the log:
De beheerder heeft de toegang tot C:\Users\----------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk beperkt doordat het niveau van het standaardsoftwarerestrictiebeleid is aangepast.
Unfortunately, I can't retry because I performed the update by switching off default deny after trying four times.
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
I have the same entry four times in the log:

Unfortunately, I can't retry because I performed the update by switching off default deny after trying four times.
You can test it by running the:
C:\Users\----------\AppData\Local\TomTom\HOME3\Updates\InstallerUpdater.lnk
and looking at the Log for a blocked entry correlated by time. (y)
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
I just saw a post, that there was a newbie friendly alternative to HardConfigurator, but it was not whitelisted by all AV companies.
Yes. It was up to a few days after pushing Simple Windows Hardening 1.0.0.2 until it was whitelisted by Bitdefender.
 

Gandalf_The_Grey

Level 36
Verified
Trusted
Content Creator
Excellent. :)
This application is a mystery. Why it uses a shortcut to update???:unsure:
Lazzy/sloppy programming?

This is what C:\Users\----------\AppData\Local\TomTom\HOME3\Updates looks like:
Schermafbeelding 2020-09-17 174045.jpg
 

Andy Ful

Level 63
Verified
Trusted
Content Creator
How to use PowerShell scripts in the H_C Recommended Settings.

Windows system and Hard_Configurator use the below restrictions on PowerShell Scripting:
  1. PowerShell ExecutionPolicy is set to Restricted (default Windows setting)
  2. PowerShell Constrained Language Mode is applied by SRP.
  3. The script blocking policy is applied via the H_C setting <Block PowerShell Scripts> = ON.
Point 3 prevents the user from running manually PowerShell script files from Explorer or desktop (like point 1), but additionally disables running such files via command-line with script interpreters (powershell.exe and powershell_ise.exe).
Points 3 and 1 do not block PowerShell command-lines that do not use script files. Such command-lines are often used in shortcuts and when PowerShell is invoked in non-PowerShell scripts (via Windows Script Host or CMD).

Point 2 allows running PowerShell code, but advanced functions are disabled. These functions are commonly used by malware.

So, what can be done if the user wants to use PowerShell scripting?
The first thing should be removing the PowerShell Execution policy (point 1) and replace it by adding PowerShell script extensions to SRP.

1602360174209.png


1602328243498.png


Next, we must remove the script blocking policy by setting <Block PowerShell Scripts> = OFF.

1602328434839.png


Finally, we should whitelist all PowerShell scripts we want to use.

Now we have a good PowerShell protection which allows running our scripts.
One can also use the <Block PowerShell Scripts> = OFF setting temporarily (to run own scripts) and set it to ON after that.
 
Last edited:

Andy Ful

Level 63
Verified
Trusted
Content Creator
How to blacklist a file from a SRP whitelisted folder? In my case the file is inside system32, but it's not on the list of sponsors.
You cannot. The H_C can only block the LOLBins that are on the list of Sponsors. If the LOLBin can make outbound connections, then you can add it manually to the Blocklist in FirewallHardening.(y)
Why do you want to block LOLBins? Do you use the unpatched system/software?
 

nadis

New Member
Why do you want to block LOLBins?
Just as an additional security step, that's all.

The ability to blacklist specific files or folders should definitely be there, IMO, whether it's for new LOLBins that are not on the list yet, for admin/restrictive purposes or for some other reason.
 
Top