Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,592
Let's suppose that one uses MS Office version, which is not supported by Microsoft (previous to MS Office 2010) and cannot fully apply ASR. In the home environment, the H_C default-deny (enhanced) settings + non-system-wide Documents Anti-Exploit will be required to stop the threats in the wild. But, there is some additional danger, if one is forced to use frequently the documents from the Enterprise. For example, the Enterprise could be under the targeted attack via specially crafted & weaponized document. I can recommend in such situation the below precautions:
- Use <Block Sponsors> in H_C (like @shmu26 did).
- Block the Internet connection to MS Office applications.
- Block the Internet connection to: certutil.exe, cmstp.exe, control.exe, dnscmd.exe, explorer.exe, ie4uinit.exe, rundll32.exe.
Last edited: