Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 730724" data-attributes="member: 32260"><p>That is right. That is also a basis for forced SmartScreen. The user can choose 'Run As SmartScreen' option from Explorer context menu to safely execute <strong>EXE or MSI application installers</strong>. The application installer is first checked by SmartScreen Application Reputation and if it passes the check then it is allowed to run with Administrative Rights. The installation is ignored by default-deny protection. Forced Smartscreen feature can throw to SmartScreen, files which normally are ignored by SmartScreen, like files from: compressed archives, FAT 32 pendrives, ISO images or files downloaded via file downloaders outside web browsers, etc.</p><p>One can say that Hard_Configurator protection can be easily bypassed via any UAC bypass, but the problem will be to execute such bypass - it will be blocked first by default-deny protection. When the user will insist to 'Run As SmartScreen', the exploit/malware will be blocked by SmartScreen reputation filter.</p><p>There is only one little hole in the above security, when something legal is exploited. Even then, it is not easy to harm the system, because an exploit usually runs as standard user and scripts are highly restricted (payload's download & execution will be blocked).</p><p>But, some more sophisticated exploits can in theory bypass all those protective layers. So, the user can close the hole by using vulnerable applications in App Container (Word Mobile, Excel Mobile, PowerPoint Mobile, Adobe Touch, etc.) or by applying advanced Hard_Configurator restrictions via <Blocked Sponsors> or blocking DLLs in the Userspace. The users on Windows 10 FCU can also apply Exploit Guard mitigations or use ConfigureDefender to apply ASR.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 730724, member: 32260"] That is right. That is also a basis for forced SmartScreen. The user can choose 'Run As SmartScreen' option from Explorer context menu to safely execute [B]EXE or MSI application installers[/B]. The application installer is first checked by SmartScreen Application Reputation and if it passes the check then it is allowed to run with Administrative Rights. The installation is ignored by default-deny protection. Forced Smartscreen feature can throw to SmartScreen, files which normally are ignored by SmartScreen, like files from: compressed archives, FAT 32 pendrives, ISO images or files downloaded via file downloaders outside web browsers, etc. One can say that Hard_Configurator protection can be easily bypassed via any UAC bypass, but the problem will be to execute such bypass - it will be blocked first by default-deny protection. When the user will insist to 'Run As SmartScreen', the exploit/malware will be blocked by SmartScreen reputation filter. There is only one little hole in the above security, when something legal is exploited. Even then, it is not easy to harm the system, because an exploit usually runs as standard user and scripts are highly restricted (payload's download & execution will be blocked). But, some more sophisticated exploits can in theory bypass all those protective layers. So, the user can close the hole by using vulnerable applications in App Container (Word Mobile, Excel Mobile, PowerPoint Mobile, Adobe Touch, etc.) or by applying advanced Hard_Configurator restrictions via <Blocked Sponsors> or blocking DLLs in the Userspace. The users on Windows 10 FCU can also apply Exploit Guard mitigations or use ConfigureDefender to apply ASR. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
