Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1032327"><p>Blocking the entire list above will cause very few problems for a typical home user. For the type of person that is inclined to use H_C they should be able to resolve whatever issue they might run into. Actually, except for runonce to permit tray icons to launch, a person can block the entire 250+ extended LOLBin block list and have few sporadic issues.</p><p></p><p>On a typical home user setup of Windows, I can block that entire list you give above and not run into a problem for years. Only if I use some enterprise software do I have to enable something like the compiler csc.exe - and that is a rare allow exception.</p><p></p><p>If a user has to create allow exceptions for things such as wmic, cmstp, windbg, MSBuild, PowerShellCustomHost, ntkd, etc - then that user is definitely doing stuff at a level where they should be able to figure out any problems and create any needed allow exceptions with ease.</p><p></p><p>Not having access to Control Panel (rundll32 blocked) while protection is enabled is not a valid usability problem. An MT H_C user knows how to turn the block policy for rundll32 ON\OFF.</p><p></p><p>I'd say it is more important that a user running an Administrative privileged Windows account is best served by installing H_C with the -p switch. Afterall, the main point is to protect also against a post-exploit environment. The standard H_C install method might or might not provide sufficient protection if an exploit leads to localsystem RCE. It depends upon the post-exploit kill chain.</p><p></p><p>I could care less about users that want to install stuff without having to anything blocked or want to download and run game DLL cheats. Any user that is going to employ SRP will have to learn the procedure of ON\OFF and how to create allow exceptions from log block events. If they cannot master those very basic skills, then they should not use ANY default deny. They are much better served by depending upon a quality default allow solution.</p><p></p><p></p><p>Blocking typically downloaded file types and blocking the top 20 LOLBins provides much security - more or less along the concept of Simple Software Restriction Policy.</p><p></p><p>How far a user wants to take system lockdown is a matter of personal choice.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1032327"] Blocking the entire list above will cause very few problems for a typical home user. For the type of person that is inclined to use H_C they should be able to resolve whatever issue they might run into. Actually, except for runonce to permit tray icons to launch, a person can block the entire 250+ extended LOLBin block list and have few sporadic issues. On a typical home user setup of Windows, I can block that entire list you give above and not run into a problem for years. Only if I use some enterprise software do I have to enable something like the compiler csc.exe - and that is a rare allow exception. If a user has to create allow exceptions for things such as wmic, cmstp, windbg, MSBuild, PowerShellCustomHost, ntkd, etc - then that user is definitely doing stuff at a level where they should be able to figure out any problems and create any needed allow exceptions with ease. Not having access to Control Panel (rundll32 blocked) while protection is enabled is not a valid usability problem. An MT H_C user knows how to turn the block policy for rundll32 ON\OFF. I'd say it is more important that a user running an Administrative privileged Windows account is best served by installing H_C with the -p switch. Afterall, the main point is to protect also against a post-exploit environment. The standard H_C install method might or might not provide sufficient protection if an exploit leads to localsystem RCE. It depends upon the post-exploit kill chain. I could care less about users that want to install stuff without having to anything blocked or want to download and run game DLL cheats. Any user that is going to employ SRP will have to learn the procedure of ON\OFF and how to create allow exceptions from log block events. If they cannot master those very basic skills, then they should not use ANY default deny. They are much better served by depending upon a quality default allow solution. Blocking typically downloaded file types and blocking the top 20 LOLBins provides much security - more or less along the concept of Simple Software Restriction Policy. How far a user wants to take system lockdown is a matter of personal choice. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
