Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 841981" data-attributes="member: 32260"><p>I am testing now the new H_C option <strong><Lower EXE Restrictions></strong>.</p><p>It allows EXE files and TMP images in ProgramData and AppData folders which <strong>are hidden in Explorer</strong> by default. Most applications which install in UserSpace are located in ProgramData or Appdata subfolders, and also use these folders when performing updates.</p><p>The <strong><Lower EXE Restrictions></strong> setting still blocks, the EXE files and TMP images in UserSpace folders which are not hidden (including Desktop, Documents, Downloads, Music, Movies, Pictures), non-system partitions, and USB drives. So, the user is forced to install applications by using the safe "Install by SmartScreen" feature (formerly "Run As SmartScreen"), and after installation,<span style="color: rgb(0, 168, 133)"><strong> the applications do not require whitelisting and can auto-update</strong> <strong>without problems.</strong> </span></p><p>The <strong><Lower EXE Restrictions></strong> setting does not lower the pre-execution prevention strength of H_C settings. If it was used in the [USER=64646]@askalan[/USER]'s malware tests, the results would be the same as for the H_C Recommended Settings. So, where is the difference? It can be visible in the post-exploitation phase, but only in the rare cases of primary EXE payloads. It is good, because the primary payloads are usually scripts which are still blocked when using <Lower EXE Restrictions> feature.</p><p>I think that this new setting will be optimal for most of H_C users.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 841981, member: 32260"] I am testing now the new H_C option [B]<Lower EXE Restrictions>[/B]. It allows EXE files and TMP images in ProgramData and AppData folders which [B]are hidden in Explorer[/B] by default. Most applications which install in UserSpace are located in ProgramData or Appdata subfolders, and also use these folders when performing updates. The [B]<Lower EXE Restrictions>[/B] setting still blocks, the EXE files and TMP images in UserSpace folders which are not hidden (including Desktop, Documents, Downloads, Music, Movies, Pictures), non-system partitions, and USB drives. So, the user is forced to install applications by using the safe "Install by SmartScreen" feature (formerly "Run As SmartScreen"), and after installation,[COLOR=rgb(0, 168, 133)][B] the applications do not require whitelisting and can auto-update[/B] [B]without problems.[/B] [/COLOR] The [B]<Lower EXE Restrictions>[/B] setting does not lower the pre-execution prevention strength of H_C settings. If it was used in the [USER=64646]@askalan[/USER]'s malware tests, the results would be the same as for the H_C Recommended Settings. So, where is the difference? It can be visible in the post-exploitation phase, but only in the rare cases of primary EXE payloads. It is good, because the primary payloads are usually scripts which are still blocked when using <Lower EXE Restrictions> feature. I think that this new setting will be optimal for most of H_C users.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
