- Feb 25, 2017
- 2,597
Oh man, awkward situation. Thanks for letting me know.
Oh man, awkward situation. Thanks for letting me know.
These tools are also available via @askaln's H_C website:... Thanks for letting me know.
It seems that Cylance does not see a difference between a standard Zone.Identifier and malicious Alternate Data Stream.Run by Smartscreen removed by Cylance... Predictable.
Are both needed or recommend?The ON2 settings + H_C setting <Documents Anti-Exploit> = Adobe + VBA can provide a comprehensive protection. Please note: the ON2 settings are user-dependent so have to be applied on any account available on a particular computer. The H_C setting Adobe +VBA is system-wide.
Not needed if MS Office is not installed.Are both needed or recommend?
Currently i only use the recommend H_C Adobe+VBA protection but i also don't have Office or Adobe Reader installed
MBAM WFC is intended to generally harden the Firewall connections (outbound and inbound). FirewallHardening blocks only outbound connections of LOLBins and executables chosen by the user. The predefined MBAM WFC rules do not block LOLBins, but such rules can be made manually.Okay, I have a question about the Firewall Harding tool. Does it do more then MBAM WFC ... or does it do things differently. I ask because I am not sure I want to continue using MBAM WFC? Quit often when I get a warning pop up from WFC, I am not sure if I can block or allow the process to connect out/in. ( Other times I am certain, but still. ) And although I can easily change it in WFC, I get the feeling this could be bad thing not knowing if I should allow or block a process. ( And yeah I could ask here, but doing that every time I get a warning is to much in my opinion. )
So with that in mind would the Firewall Hardening tool be a better match for me?
MBAM WFC is intended to generally harden the Firewall connections (outbound and inbound). FirewallHardening blocks only outbound connections of LOLBins and executables chosen by the user. The predefined MBAM WFC rules do not block LOLBins, but such rules can be made manually.
So, anything done by FirewallHardening can be done by MBAM WFC with some effort. MBAM WFC requires some knowledge, FirewallHardening is much simpler in idea and maintenance.
Core Isolation uses hardware virtualization to protect the critical areas of the Windows kernel against attacks of user-mode processes. Memory Integrity is a subsystem of Core Isolation. Both are important, especially in Enterprises. Core Isolation can be enabled without problems on the machines that support it. The performance change is hardly visible.Please, if possible, I have few simple questions for @Andy Ful :
1) What's your opinion about "Windows Defender Core Isolation" feature?
2) "Memory Integrity" feature?
3) I read several articles/posts/comments etc with negative feedbacks. Are "Core isolation" & "Memory Integrity" really needed/useful?
4) Are efficient?
5) Are (any of/or both) hurting device performance?
I apologize in advance if my questions have already been asked.
Thank you!
Core Isolation will be efficient if there will be attacks on the Windows kernel in the home environment. I did not hear about such attacks, yet. I can guess that such attacks will not be frequent in the near future because there exist many simpler methods of infecting home users.Thank you @Andy Ful for your replay.
Yeah, basically I already knew what you explained (thank you anyway!).
I don't want to push you, but what about specifically questions "3)" and "4)"? Are both efficient in real word - average users? Are both really needed/useful for average users - outside enterprise environments?
Thanks again!
Core Isolation will be efficient if there will be attacks on the Windows kernel in the home environment. I did not hear about such attacks, yet. I can guess that such attacks will not be frequent in the near future because there exist many simpler methods of infecting home users.
I use SysHardener outbound firewall rules. Are they about the same as Recommended H_C rules? Maybe I'm missing something? SysHardener added 71 rules to my firewall. SH is not on my PC anymore, but I kept its rules.