Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 776538" data-attributes="member: 32260"><p>The profile "Windows_10_Recommended_Enhanced" blocks also remote features: Remote Desktop, Remote Assistance (solicited and unsolicited), Remote Shell Access, Remote Registry Access. Those features are blocked by the standard recommended settings, too.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite135" alt=":giggle:" title="Giggle :giggle:" loading="lazy" data-shortname=":giggle:" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p>Many your registry tweaks are included in Hard_Configurator, because you wrote about them many times and I was one of the careful readers. I checked them by myself and found useful.:emoji_ok_hand:</p><p></p><p>Also SRP settings are similar to yours. At present, H_C uses Default Security Level = Disallowed, but it works similarly to preferred by you 'Basic User' on Windows 7, 8, 8.1, and 10. The only important difference is the lack of extended protection for CMD Shell and Windows Script Host in 'Basic User' setting. So when using 'Basic User' in H_C, the VBScript and JScript scripts have to be blocked by <Disable Win. Script Host> option. This option is not related to SRP. It blocks script execution also as administrator and has very poor info in the Windows Event Viewer. Another possibility is blocking the script sponsors by SRP (wscript.exe and cscript.exe). Both <Disable Win. Script Host> and blocking sponsors do not allow whitelisting the particular scripts, so I prefer SRP Default Security Level = Disallowed.</p><p><strong>When using in H_C the setting Default Security Level = Disallowed, the Windows Script Host is blocked by SRP as standard user only, the Log includes more information about blocked events, and the user can whitelist the particular scripts.</strong></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 776538, member: 32260"] The profile "Windows_10_Recommended_Enhanced" blocks also remote features: Remote Desktop, Remote Assistance (solicited and unsolicited), Remote Shell Access, Remote Registry Access. Those features are blocked by the standard recommended settings, too.:giggle:(y) Many your registry tweaks are included in Hard_Configurator, because you wrote about them many times and I was one of the careful readers. I checked them by myself and found useful.:emoji_ok_hand: Also SRP settings are similar to yours. At present, H_C uses Default Security Level = Disallowed, but it works similarly to preferred by you 'Basic User' on Windows 7, 8, 8.1, and 10. The only important difference is the lack of extended protection for CMD Shell and Windows Script Host in 'Basic User' setting. So when using 'Basic User' in H_C, the VBScript and JScript scripts have to be blocked by <Disable Win. Script Host> option. This option is not related to SRP. It blocks script execution also as administrator and has very poor info in the Windows Event Viewer. Another possibility is blocking the script sponsors by SRP (wscript.exe and cscript.exe). Both <Disable Win. Script Host> and blocking sponsors do not allow whitelisting the particular scripts, so I prefer SRP Default Security Level = Disallowed. [B]When using in H_C the setting Default Security Level = Disallowed, the Windows Script Host is blocked by SRP as standard user only, the Log includes more information about blocked events, and the user can whitelist the particular scripts.[/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
