Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 796776" data-attributes="member: 32260"><p>Let's suppose that one uses <span style="color: rgb(184, 49, 47)"><strong>MS Office version, which is not supported</strong></span> by Microsoft (previous to MS Office 2010) and <span style="color: rgb(184, 49, 47)"><strong>cannot fully apply ASR</strong></span>. In the home environment, the H_C default-deny (enhanced) settings + non-system-wide Documents Anti-Exploit will be required to stop the threats in the wild. But, there is some additional danger, if one is forced to use frequently the documents from the Enterprise. For example, the Enterprise could be under the targeted attack via specially crafted & weaponized document. I can recommend in such situation the below precautions:</p><ol> <li data-xf-list-type="ol">Use <Block Sponsors> in H_C (like [USER=37647]@shmu26[/USER] did).</li> <li data-xf-list-type="ol">Block the Internet connection to MS Office applications.</li> <li data-xf-list-type="ol">Block the Internet connection to: certutil.exe, cmstp.exe, control.exe, dnscmd.exe, explorer.exe, ie4uinit.exe, rundll32.exe.</li> </ol><p>The above sponsors can be used to run DLLs directly from a remote server or via other ways like .inf files. There are some others, but they are included already on H_C sponsors lists. The same should be done, if for some reason, the sponsor from H_C settings cannot be blocked directly.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 796776, member: 32260"] Let's suppose that one uses [COLOR=rgb(184, 49, 47)][B]MS Office version, which is not supported[/B][/COLOR] by Microsoft (previous to MS Office 2010) and [COLOR=rgb(184, 49, 47)][B]cannot fully apply ASR[/B][/COLOR]. In the home environment, the H_C default-deny (enhanced) settings + non-system-wide Documents Anti-Exploit will be required to stop the threats in the wild. But, there is some additional danger, if one is forced to use frequently the documents from the Enterprise. For example, the Enterprise could be under the targeted attack via specially crafted & weaponized document. I can recommend in such situation the below precautions: [LIST=1] [*]Use <Block Sponsors> in H_C (like [USER=37647]@shmu26[/USER] did). [*]Block the Internet connection to MS Office applications. [*]Block the Internet connection to: certutil.exe, cmstp.exe, control.exe, dnscmd.exe, explorer.exe, ie4uinit.exe, rundll32.exe. [/LIST] The above sponsors can be used to run DLLs directly from a remote server or via other ways like .inf files. There are some others, but they are included already on H_C sponsors lists. The same should be done, if for some reason, the sponsor from H_C settings cannot be blocked directly. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
