Right. I saw that. Very cool.
Now the million dollar question is which sponsors you really truly don't need as a home user?
Let's ignore powershell and windows script host, because they have their own special settings in Hard_Configurator.
That depends on what applications you are using for managing files with potentially vulnerable content (MS Office and PDF documents, e-mail attachments, etc.).
The recommended Windows security configuration, when using Windows Defender antivirus and Recommended Hard_Configurator settings, is as follows:
1. Protected View - use Universal Applications from Microsoft Store for viewing/printing Office documents and PDF/EPUB... files. Those applications use App Container isolation, so it is hard to exploit them.
2. Use your favorite desktop Office applications and favorite desktop PDF/EPUB... readers/editors for managing documents created by yourself or from trusted sources.
3. Activate ASR in Windows Defender.
3. Use Edge or Chrome as a default web browser - both have strong sandboxes.
4. Use safe DNS (like Adguard DNS) or at least any adblock extension in the web browser.
5. Do not ignore SmartScreen alerts when running application installers via 'Run As SmartScreen' from Explorer context menu.
.
For home users, the above configuration applies a decent prevention against all kinds of malware and exploits. Similar but slightly weakened configuration (no Protected View from point 1.) was tested on Malware Hub and protected against all tested malware samples
including malicious documents.
.
Generally, the more elements from the recommended security configuration are weakened, the stronger should be Hard_Configurator settings. For example, dropping the point 1. in favor of using an unsupported MS Office 2007 for viewing documents, opens many vulnerabilities (OLE, DDE commands, ActiveX Components, etc). Still, even in such case, Hard_Configurator recommended settings + ASR can apply a pretty good protection. But, that can be insufficient to stop more sophisticated malware related to Office documents. So, the user with happy clicker habits, should activate additional restrictions for file execution via <Blocked Sponsors>.
The most wanted will be those sponsors which can compile/run c# code, change the Registry or run scriptlets:
- csc.exe, InstallUtill.exe (c# code),
- reg.exe, powershell.exe, powershell_ise.exe (Registry changes),
- mshta.exe, regsrv32.exe (scriptlets), etc.
.
On many computers, the users can activate without problems all Hard_Configurator restrictions, but in some hardware/software configurations that will not be possible and the optimal protection can be adjusted only by advanced users.
