Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 828640" data-attributes="member: 32260"><p>I am trying to mimic the functionality of SRP + forced SmartScreen by using <span style="color: rgb(0, 168, 133)"><strong>WD Application Control</strong></span> on Windows 10 Home ver. 1903. For now, I am using WDAC policies which work as follows:</p><ol> <li data-xf-list-type="ol">All drivers are allowed.</li> <li data-xf-list-type="ol">All programs and DLLs are allowed in the SystemSpace (C:\Windows, C:\Program Files, C:\Program Files (x86) - except writable locations).</li> <li data-xf-list-type="ol">All Windows Store Apps are allowed.</li> <li data-xf-list-type="ol">All programs (EXE, MSI) and DLLs which are accepted by Microsoft as safe (Intelligent Security Graph Authorization) are allowed.</li> <li data-xf-list-type="ol">All other programs (EXE, MSI) and DLLs are blocked (also .NET DLLs).</li> <li data-xf-list-type="ol">PowerShell and Windows Script Host scripting is restricted.</li> <li data-xf-list-type="ol"><strong>Whitelisting applications in UserSpace is not possible on Windows Home and Pro.</strong></li> </ol><p>The points 3. and 4. are related to "Trust apps with good reputation" (Microsoft Intune option). It works similarly to Kaspersky's Trusted Application Mode.</p><p></p><p>PowerShell restrictions are similar to those in SRP (Constrained Language Mode).</p><p>Windows Script Host restrictions are similar to PowerShell restrictions, so the user can run VBS, JS, etc., scripts but the advanced functions and some COM objects are blocked.</p><p></p><p>In fact, this setup is very similar to the idea I had before creating H_C based on SRP.</p><p>There are some differences as compared to the current version of H_C:</p><ol> <li data-xf-list-type="ol">No need to use the right-click Explorer context menu to check if the program is safe and next run the program.</li> <li data-xf-list-type="ol">"Trust apps with good reputation" checks all applications (EXE, MSI) and loaded DLLs in the UserSpace, <span style="color: rgb(184, 49, 47)"><strong>also those which were not downloaded from the Internet.</strong></span></li> <li data-xf-list-type="ol">"Trust apps with good reputation" is different from SmartScreen. Some applications can be accepted by SmartScreen but blocked by "Trust apps with good reputation", and vice versa.</li> <li data-xf-list-type="ol">Windows Script Host scripting is restricted, as compared to SRP where it is blocked.</li> <li data-xf-list-type="ol">The protection cannot be bypassed by the user when using "Run as administrator" or elevated shell (elevated CMD, elevated PowerShell, elevated Total Commander, etc.).</li> <li data-xf-list-type="ol">The protection can be bypassed if the file triggered the SmartScreen check and was accepted by SmartScreen or the user bypassed the SmartScreen alert.<br /> It also means that the protection can be bypassed by the user when using RunBySmartScreen, while in SRP the "Run as administrator" or "Run As SmartScreen" must be used.</li> <li data-xf-list-type="ol">Blocked programs and DLLs cannot be whitelisted in UserSpace.</li> </ol><p>In fact, all the productivity applications I use are accepted in this setup, so I did not need to whitelist anything. ConfigureDefender and H_C installers are also accepted as safe (but not by SmartScreen).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 828640, member: 32260"] I am trying to mimic the functionality of SRP + forced SmartScreen by using [COLOR=rgb(0, 168, 133)][B]WD Application Control[/B][/COLOR] on Windows 10 Home ver. 1903. For now, I am using WDAC policies which work as follows: [LIST=1] [*]All drivers are allowed. [*]All programs and DLLs are allowed in the SystemSpace (C:\Windows, C:\Program Files, C:\Program Files (x86) - except writable locations). [*]All Windows Store Apps are allowed. [*]All programs (EXE, MSI) and DLLs which are accepted by Microsoft as safe (Intelligent Security Graph Authorization) are allowed. [*]All other programs (EXE, MSI) and DLLs are blocked (also .NET DLLs). [*]PowerShell and Windows Script Host scripting is restricted. [*][B]Whitelisting applications in UserSpace is not possible on Windows Home and Pro.[/B] [/LIST] The points 3. and 4. are related to "Trust apps with good reputation" (Microsoft Intune option). It works similarly to Kaspersky's Trusted Application Mode. PowerShell restrictions are similar to those in SRP (Constrained Language Mode). Windows Script Host restrictions are similar to PowerShell restrictions, so the user can run VBS, JS, etc., scripts but the advanced functions and some COM objects are blocked. In fact, this setup is very similar to the idea I had before creating H_C based on SRP. There are some differences as compared to the current version of H_C: [LIST=1] [*]No need to use the right-click Explorer context menu to check if the program is safe and next run the program. [*]"Trust apps with good reputation" checks all applications (EXE, MSI) and loaded DLLs in the UserSpace, [COLOR=rgb(184, 49, 47)][B]also those which were not downloaded from the Internet.[/B][/COLOR] [*]"Trust apps with good reputation" is different from SmartScreen. Some applications can be accepted by SmartScreen but blocked by "Trust apps with good reputation", and vice versa. [*]Windows Script Host scripting is restricted, as compared to SRP where it is blocked. [*]The protection cannot be bypassed by the user when using "Run as administrator" or elevated shell (elevated CMD, elevated PowerShell, elevated Total Commander, etc.). [*]The protection can be bypassed if the file triggered the SmartScreen check and was accepted by SmartScreen or the user bypassed the SmartScreen alert. It also means that the protection can be bypassed by the user when using RunBySmartScreen, while in SRP the "Run as administrator" or "Run As SmartScreen" must be used. [*]Blocked programs and DLLs cannot be whitelisted in UserSpace. [/LIST] In fact, all the productivity applications I use are accepted in this setup, so I did not need to whitelist anything. ConfigureDefender and H_C installers are also accepted as safe (but not by SmartScreen). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
