Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 776294" data-attributes="member: 32260"><p>That depends on Windows version. On Windows 10 the option <Recommended SRP> <span style="color: rgb(184, 49, 47)"><strong>blocks</strong></span>:</p><ol> <li data-xf-list-type="ol"><strong> <span style="color: rgb(184, 49, 47)">CMD shell</span></strong> (BAT, CMD <span style="color: rgb(184, 49, 47)"><strong>scripts</strong></span>), <span style="color: rgb(184, 49, 47)"><strong>Windows Script Host</strong></span> (JS, VBS, JSE, VBE, and any file which has the code interpreted by cscript.exe or wscript.exe), <span style="color: rgb(184, 49, 47)"><strong>MSI Installer</strong></span>. This is blocked by the proper SRP Enforcement and Default Security Level settings. CMD Shell commandlines and CMD console are not blocked.</li> <li data-xf-list-type="ol"><strong><span style="color: rgb(184, 49, 47)">Advanced functions in PowerShell</span></strong> via Constrained Language Mode. PowerShell commandlines and PowerShell console are not blocked - yet, advanced PowerShell functions are disabled. Additionally <Recommended Restrictions> option applies <No PowerShell Exec.> = ON, to block PowerShell script execution.</li> <li data-xf-list-type="ol"><strong><span style="color: rgb(243, 121, 52)">HTA, CHM, CPL, MSC</span></strong>, and other dangerous files are blocked only when the user tries to open them. Those files can be run when using the commandlines with sponsors.</li> </ol><p>The points 1 and 2 are very strong against malicious Windows Script Host and PowerShell scripts (also fileless), even when the system was exploited.</p><p>The point 3, protects the user against being fooled to run malicious files. But, when the system is exploited, then those files can be run as standard user via sponsors. So, when the user have installed the vulnerable applications, they should be protected by other features, like <Documents Anti-Exploit> (MS Office, Adobe Acrobat Reader), Firewall rules for sponsors, or blocking sponsors via <Block Sponsors>. The users with WD real-time protection can also activate ASR rules, available in ConfigureDefender - they are also automatically activated by the option <Defender high settings>.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 776294, member: 32260"] That depends on Windows version. On Windows 10 the option <Recommended SRP> [COLOR=rgb(184, 49, 47)][B]blocks[/B][/COLOR]: [LIST=1] [*][B] [COLOR=rgb(184, 49, 47)]CMD shell[/COLOR][/B] (BAT, CMD [COLOR=rgb(184, 49, 47)][B]scripts[/B][/COLOR]), [COLOR=rgb(184, 49, 47)][B]Windows Script Host[/B][/COLOR] (JS, VBS, JSE, VBE, and any file which has the code interpreted by cscript.exe or wscript.exe), [COLOR=rgb(184, 49, 47)][B]MSI Installer[/B][/COLOR]. This is blocked by the proper SRP Enforcement and Default Security Level settings. CMD Shell commandlines and CMD console are not blocked. [*][B][COLOR=rgb(184, 49, 47)]Advanced functions in PowerShell[/COLOR][/B] via Constrained Language Mode. PowerShell commandlines and PowerShell console are not blocked - yet, advanced PowerShell functions are disabled. Additionally <Recommended Restrictions> option applies <No PowerShell Exec.> = ON, to block PowerShell script execution. [*][B][COLOR=rgb(243, 121, 52)]HTA, CHM, CPL, MSC[/COLOR][/B], and other dangerous files are blocked only when the user tries to open them. Those files can be run when using the commandlines with sponsors. [/LIST] The points 1 and 2 are very strong against malicious Windows Script Host and PowerShell scripts (also fileless), even when the system was exploited. The point 3, protects the user against being fooled to run malicious files. But, when the system is exploited, then those files can be run as standard user via sponsors. So, when the user have installed the vulnerable applications, they should be protected by other features, like <Documents Anti-Exploit> (MS Office, Adobe Acrobat Reader), Firewall rules for sponsors, or blocking sponsors via <Block Sponsors>. The users with WD real-time protection can also activate ASR rules, available in ConfigureDefender - they are also automatically activated by the option <Defender high settings>. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
