Andy Ful

Level 52
Verified
Trusted
Content Creator
There is no need, unless your job is editor...
Ha, ha .:) So editors who use Office 2007 (unsupported by Microsoft) have to wait until I finish WDDS (Windows Default-Deny Security) which will block active content (macros, OLE, ActiveX, and DDE) in MS Office or use SysHardener. Even without this, Hard_Configurator default-deny settings apply a pretty good protection against malicious documents (including fileless PowerShell attacks). I analyzed many malicious samples, and so far, all of them could be stopped by default-deny setup. That is because all samples used JS or VBS scripts, or PowerShell with advanced functions, or payloads from the Userspace. I do not think that attackers will change soon their attack techniques, which are so successful against most targets.
Editors who use MS Office 2010+ on Windows 10 FCU have already a decent protection when using Hard_Configurator + Windows Defender ASR.
It is worth to remember that without default-deny setup, the users are still vulnerable, even when all active content in Office documents is blocked. This follows from the ability to control MS Office executables programmatically by external programs. That can be used to defeat the anti-ransomware protection.
Of course, there are many solutions to the Office documents problem (anti-exe, sandboxing, etc.). NVT OSArmor and VoodooShield have very good modules that can protect against malicious documents in MS Office. Also, ReHips are sandboxing by default MS Office executables, and there is also Comodo Firewall with activated sandbox, Excubits drivers, etc.
I like very much two applications: AppGuard (paid) and Sandboxie (paid), which can also apply a decent protection.
 
Last edited:
D

Deleted member 178

I like very much two applications: AppGuard (paid) and Sandboxie (paid), which can also apply a decent protection.
+1.
I use both of them in 2 of my systems, lighter and 1000 times more secure than any AV/suite out-there.
 

shmu26

Level 84
Verified
Trusted
Content Creator
The release notes for the latest Windows 10 cumulative update say that the following bug was fixed:
"Software Restriction Policy Caused Microsoft to stop working"
Any idea what that's all about?
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
The release notes for the latest Windows 10 cumulative update say that the following bug was fixed:
"Software Restriction Policy Caused Microsoft to stop working"
Any idea what that's all about?
They thought about SRP all the time and forgot doing anything else.:ROFLMAO:
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
What about an optional system tray icon, like you have with Excubits memprotect and FIDES?
Hard_Configurator was intended to configure computers of inexperienced users or lock the computers of children. So it should be invisible to them. You can use SwitchDefaultDeny tool to quickly turn ON/OFF default-deny protection. If the protection is OFF, then SwitchDefaultDeny starts with Windows to remember you that you are vulnerable.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
Thanks @shmu26 I did not know it, and this is a good news.:)
The issue with SRP was as follows:
"Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy".
That was related to Enforcement setting when SRP blocked DLLs in the Userspace. It was a bug because in fact SRP, did not block any DLL in Edge, and Edge crashed anyway, probably due to its protection mechanism colliding with SRP DLL filtering.
 
Last edited:

shmu26

Level 84
Verified
Trusted
Content Creator
Thanks @Shmu I did not know it, and this is a good news.:)
The issue with SRP was as follows:
"Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running a software restriction policy".
That was related to Enforcement setting when SRP blocked DLLs in the Userspace. It was a bug because in fact SRP, did not block any DLL in Edge, and Edge crashed anyway, probably due to its protection mechanism colliding with SRP DLL filtering.
Thanks.
Edge is a very touchy creature. Just look at it, and it stops working.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
I have Edge on 5 computers and it never crashed, except the issue mentioned by @shmu26. But, I am a lucky man, because it crashed even for Microsoft guys.
That can be related to the installed software. I do not use any third party security soft, because generally, Windows 10 hates third-party security.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
Edge is like a chameleon. When I read comments on Malwaretips forum and other forums, some people I trust, report the concrete issues. When I look for those issues on my computer, then usually I cannot find them. That probably indicates that my computers' setup is rare among the users (all computers have SSD).
 
D

Deleted member 65228

I promise you, I haven't touched Microsoft Edge in terms of modification on my Host environment which I've been using for browsing MalwareTips for awhile. I'd normally use a Virtual Machine even for browsing the forum, but I wanted to test Microsoft Edge outside of the environment.

I've been using it bare-bones with absolutely no changes to the default settings exclusively for browsing MalwareTips and I've ran into several bugs which do not appear to be related to the forum.

When I'm typing a message about the length of this post, the currently selected position will randomly jump to another position. Therefore, if I start typing "Andy Ful", it might type it within a sentence above instead of where I'm trying to type it. This is more frequent when I try to change something I've already written in the post box.

It's just unusable for me, I've never had such issues with Google Chrome, Firefox, or even Internet Explorer. There's neither no third-party interception, it's literally just bare-bones Microsoft Edge.
 

ticklemefeet

Level 22
Verified
I promise you, I haven't touched Microsoft Edge in terms of modification on my Host environment which I've been using for browsing MalwareTips for awhile. I'd normally use a Virtual Machine even for browsing the forum, but I wanted to test Microsoft Edge outside of the environment.

I've been using it bare-bones with absolutely no changes to the default settings exclusively for browsing MalwareTips and I've ran into several bugs which do not appear to be related to the forum.

When I'm typing a message about the length of this post, the currently selected position will randomly jump to another position. Therefore, if I start typing "Andy Ful", it might type it within a sentence above instead of where I'm trying to type it. This is more frequent when I try to change something I've already written in the post box.

It's just unusable for me, I've never had such issues with Google Chrome, Firefox, or even Internet Explorer. There's neither no third-party interception, it's literally just bare-bones Microsoft Edge.
I have been using Edge along time and never seen this. On this forum I use the midnight 2018.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
Andy I see you also use Appguard. I assume you are not seeing any conflicts with your program?
@shmu26 is right. I am a beta tester of AppGuard and I like the way it uses SRP with light sandboxing (guarded applications). This is a very efficient way to protect users in Windows. I test AppGuard in the VirtualBox, and use Hard_Configurator in the real system.
Sandboxie (paid) is great when one wants to isolate/restrict a vulnerable application. The custom sandbox can be highly restrictive, so for example, any other application cannot run, the Internet access is disabled, the application cannot read from folders but can write to them or can read but cannot write to them, etc.
 
Last edited: