Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 817810" data-attributes="member: 32260"><p>Although the idea is interesting for some other files (like notepad.exe), the bitsadmin.exe would be probably the last to block. The logic is simple. Bitsadmin.exe is commonly used by malc0ders to download payloads . So, it is usually monitored by administrators as the very suspicious process. Why someone would want to hide something under a known suspicious process? There are so many innocent processes (like notepad, OneDrive, web browsers, etc.). But, you are probably right that blocking it will not hurt<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite132" alt=":unsure:" title="Unsure :unsure:" loading="lazy" data-shortname=":unsure:" /></p><p></p><p>You can use Firewall Hardening tool or SysHardener to check that blocking bitsadmin.exe does not prevent downloading files. Just use the below command line:</p><p>[CODE]bitsadmin.exe /transfer 'JobName' https://kcsoftwares.com/files/sumo_lite.exe C:\Users\Admin\Downloads\sumo_lite.exe"[/CODE]</p><p>It will download the legal (and good) SUMo update application from the developer site.</p><p></p><p>Anyway, if my arguments do not convince someone, Firewall Hardening tool allows creating the firewall block rule for any program.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite135" alt=":giggle:" title="Giggle :giggle:" loading="lazy" data-shortname=":giggle:" /></p><p>I can add some other programs to the predefined list, but FH tool is already paranoid on max settings.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 817810, member: 32260"] Although the idea is interesting for some other files (like notepad.exe), the bitsadmin.exe would be probably the last to block. The logic is simple. Bitsadmin.exe is commonly used by malc0ders to download payloads . So, it is usually monitored by administrators as the very suspicious process. Why someone would want to hide something under a known suspicious process? There are so many innocent processes (like notepad, OneDrive, web browsers, etc.). But, you are probably right that blocking it will not hurt:emoji_thinking: You can use Firewall Hardening tool or SysHardener to check that blocking bitsadmin.exe does not prevent downloading files. Just use the below command line: [CODE]bitsadmin.exe /transfer 'JobName' https://kcsoftwares.com/files/sumo_lite.exe C:\Users\Admin\Downloads\sumo_lite.exe"[/CODE] It will download the legal (and good) SUMo update application from the developer site. Anyway, if my arguments do not convince someone, Firewall Hardening tool allows creating the firewall block rule for any program.:giggle: I can add some other programs to the predefined list, but FH tool is already paranoid on max settings. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
