Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 796671" data-attributes="member: 32260"><p>The rundll32 is only one of many possibilities, so blocking it is not a solution. You should rather block the delivery method of malicious DLLs. They can be downloaded by macro or DDE command. They can be also embedded in the document as OLE, etc.</p><p>I can see two practical solutions for you (WD high settings + ASR without blocking child + blocked Internet connection for MS Office applications):</p><ol> <li data-xf-list-type="ol">ReHIPS sandbox for MS Office (blocked Internet in the sandbox), which may be supported by H_C system-wide <Documents Anti-Exploit> = Adobe +VBA.</li> <li data-xf-list-type="ol">Only H_C (enhanced or more sponsors) with activated both system-wide and non-system-wide <Documents Anti-Exploit>.</li> </ol><p>Any of them will work for you safely. You can also add Exploit Guard for MS Office applications, but this will require some testing because of your print-to-fax driver.</p><p></p><p>There is also another possibility via activating your print-to-fax driver by non-MS Office application, and then it should not be blocked by ASR rule when using MS Office. I did it successfully for printing from MS Office with Exploit Guard protection for child processes, which is stronger than ASR. I simply printed first the blank page from Word Mobile, and then I could also print from MS Office.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 796671, member: 32260"] The rundll32 is only one of many possibilities, so blocking it is not a solution. You should rather block the delivery method of malicious DLLs. They can be downloaded by macro or DDE command. They can be also embedded in the document as OLE, etc. I can see two practical solutions for you (WD high settings + ASR without blocking child + blocked Internet connection for MS Office applications): [LIST=1] [*]ReHIPS sandbox for MS Office (blocked Internet in the sandbox), which may be supported by H_C system-wide <Documents Anti-Exploit> = Adobe +VBA. [*]Only H_C (enhanced or more sponsors) with activated both system-wide and non-system-wide <Documents Anti-Exploit>. [/LIST] Any of them will work for you safely. You can also add Exploit Guard for MS Office applications, but this will require some testing because of your print-to-fax driver. There is also another possibility via activating your print-to-fax driver by non-MS Office application, and then it should not be blocked by ASR rule when using MS Office. I did it successfully for printing from MS Office with Exploit Guard protection for child processes, which is stronger than ASR. I simply printed first the blank page from Word Mobile, and then I could also print from MS Office. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
