Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="WildByDesign" data-source="post: 731234" data-attributes="member: 48641"><p>Most of these great mitigations are enabled by default for all 64-bit processes on modern Windows 10 machines which is absolutely great to see. Although some of these mitigations are not applied (system-wide) on 32-bit processes. Using 32-bit processes on 64-bit systems these days is never the greatest idea but sometimes we don't have an alternative. </p><p></p><p>So in the case of anyone wanting to further protect their 32-bit processes, they can use WDEG to apply per-process mitigations but also the new draft is out for Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT (<a href="https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows-10-v1803-redstone-4-draft/" target="_blank">Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT</a>) for RS4 users. In that package, there are policy files to drop in C:\Windows\PolicyDefinitions which are some quite valuable security policies to manage in gpedit.msc manually. In particular, it contains a policy to enable which forces SEHOP specifically on all 32-bit processes as well so that you don't have to do it per-process. This covers system-wide.</p><p></p><p>I apologize if these details had already been covered here at MalwareTips since I haven't followed as closely here. I would really like to get myself more familiar with MT forum soon.</p><p></p><p>BTW, thank you for this great tool. I am always a big fan of tiny portable apps which contain a big punch as far as the security impact that they can provide in a light, efficient and portable way. Keep up the great work!</p><p></p><p>EDIT: The FINAL version of the security baseline for 1803 will be out shortly after RS4 goes public.</p></blockquote><p></p>
[QUOTE="WildByDesign, post: 731234, member: 48641"] Most of these great mitigations are enabled by default for all 64-bit processes on modern Windows 10 machines which is absolutely great to see. Although some of these mitigations are not applied (system-wide) on 32-bit processes. Using 32-bit processes on 64-bit systems these days is never the greatest idea but sometimes we don't have an alternative. So in the case of anyone wanting to further protect their 32-bit processes, they can use WDEG to apply per-process mitigations but also the new draft is out for Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT ([URL='https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows-10-v1803-redstone-4-draft/']Security baseline for Windows 10 v1803 “Redstone 4” – DRAFT[/URL]) for RS4 users. In that package, there are policy files to drop in C:\Windows\PolicyDefinitions which are some quite valuable security policies to manage in gpedit.msc manually. In particular, it contains a policy to enable which forces SEHOP specifically on all 32-bit processes as well so that you don't have to do it per-process. This covers system-wide. I apologize if these details had already been covered here at MalwareTips since I haven't followed as closely here. I would really like to get myself more familiar with MT forum soon. BTW, thank you for this great tool. I am always a big fan of tiny portable apps which contain a big punch as far as the security impact that they can provide in a light, efficient and portable way. Keep up the great work! EDIT: The FINAL version of the security baseline for 1803 will be out shortly after RS4 goes public. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
