Yesterday I updated a machine with Windows 10, 1803 to 17134.112 version. This machine has never had a Hard_Configurator installed on it. This morning I downloaded 18.104.22.168 and attempted to install. SmartScreen allowed the download but throws up a blocking screen when I attempt to install it. This blocking screen does not offer any option to allow me to override it. Normally you could override the block but I am stumped how to install 22.214.171.124. Any ideas?
You could alternatively set SmartScreen setting to 'Warn' (Defender default setting).Found the solution, I had to go into Windows Security Center, App and Browser control where I could turn off SmartScreen check of APPS. Then I could install Hard_Conf without a problem and then restart SmartScreen check of APPs. NOTE: SmartScreen was set to block APP install, so it was doing its job.
I actually find the additional log events very helpful, because I can finally see what is being blocked by Controlled Folder Access.
Sounds interesting.I have some ideas about how to make use of Controlled Folder Access for protecting whitelisted folders in the User Space. One can add the whitelisted folder in SRP to protected folders in Controlled Folder Access and exclude executables in that folder. The malware cannot drop files, in the usual way, into such protected whitelisted folders but the whitelisted/excluded applications can be run as usual.
Sometimes, the blocks are tricky. It seems to block even if the parent process is not whitelisted, but it doesn't tell you the parent process. A couple times I had to check logs and find out what the parent process was, and whitelist it too.Controlled Folder Access generates some memory-related alerts, but there is no documentation about its memory protection capabilities. I think, that Controlled Folder Access protection can collide with many hard disk applications, so it is good to use first the Audit setting to recognize the potential problems.
If you want to add a long list of vulnerable processes to be protected, and you don't feel like manually configuring Appguard for that, you could use Hard_Configurator instead.Hello
I remember it was advised I didn't need the WD config program with Appguard. Does that hold true for this program?
The ASR rule for blocking active content will still protect, even if SETTINGCONTENT-MS bypasses the rule for child processes.It seems that the users should add SETTINGCONTENT-MS file extension to Designated File Types list.
I did not test it with all ASR rules, but there is a clever way to bypass some ASR rules to execute cmd.exe via the malicious SETTINGCONTENT-MS file with the reference to AppVLP executable (used in MS Office for Application Virtualization).