- Dec 23, 2014
"Allow EXE and TMP" is neither default-deny nor default-allow.I am confused about the exact definition of "H_C default deny setup". I remember a time when we were saying that "allow EXE and TMP" is a variation of default/deny. But it seems that now we are calling such a setup "default allow". Correct?
But, that is my point of view. I do not use default-allow for it because it still uses SRP "Default Security Level" = Disallowed.
SRP is a default-allow when SRP "Default Security Level" = Unrestricted.
"Allow EXE and TMP" is similar to default-allow because most applications and installers are allowed (except blocked Sponsors). So, it behaves as default-allow in typical user actions. It is similar to default-deny because many file types (including MSI installers and scripts) are blocked by default. Furthermore, the PowerShell on Windows 10 runs in Constrained Language mode.
I think that the below post (from a couple of months ago) was about it: