Reply to thread

Message

<blockquote data-quote="ErzCrz" data-source="post: 896872" data-attributes="member: 81799">From the manual&quot;&nbsp; Recommended Settings on Windows 8+ How do they work? 1. Users can run the already installed applications in SystemSpace. 2. Any new file directly run by the user (executable, script, shortcut, file with unsafe extension) is blocked in UserSpace. This also works when the file is run from the archiver application or email client. 3. As an exception to point 2, the shortcuts (LNK files) can be run by users from Desktop, Start Menu, Power Menu, Task Bar, and Quick Launch. 4. As an exception to point 2, the standalone application installers (EXE or MSI files) can be run by users on-demand - Hard_Configurator adds the right-click Explorer context menu entry &quot;Install by SmartScreen&quot;. It allows the user to safely install applications with forced SmartScreen check. This works well both on Administrator account and SUA. 5. Already running processes can run EXE (TMP) and MSI files in ProgramData or user AppData folders. An inexperienced user cannot run files directly from there, because these folders are hidden by default in Explorer. 6. The applications/processes running with standard rights cannot run other unsafe files (executables, scripts, files with unsafe extensions) in UserSpace, except some events when the command line can be accessed (some command lines with Sponsors). &quot;&quot; The &quot;Run By SmartScreen&quot; entry in the Explorer context menu can be used to check the standalone application installers (EXE and MSI) by SmartScreen Application Reputation service. This entry should be also used for unsafe executables listed below: 1. Files downloaded from the Internet, especially email attachments and executables from the archives (7-zip, Zip, Arj, Rar, etc.). 2. Executables shared with other people via USB drives, Memory cards, etc. &quot;</blockquote>

[QUOTE="ErzCrz, post: 896872, member: 81799"] From the manual " Recommended Settings on Windows 8+ How do they work? 1. Users can run the already installed applications in SystemSpace. 2. Any new file directly run by the user (executable, script, shortcut, file with unsafe extension) is blocked in UserSpace. This also works when the file is run from the archiver application or email client. 3. As an exception to point 2, the shortcuts (LNK files) can be run by users from Desktop, Start Menu, Power Menu, Task Bar, and Quick Launch. 4. As an exception to point 2, the standalone application installers (EXE or MSI files) can be run by users on-demand - Hard_Configurator adds the right-click Explorer context menu entry "[B]Install by SmartScreen[/B]". It allows the user to safely install applications with forced SmartScreen check. This works well both on Administrator account and SUA. 5. Already running processes can run EXE (TMP) and MSI files in ProgramData or user AppData folders. An inexperienced user cannot run files directly from there, because these folders are hidden by default in Explorer. 6. The applications/processes running with standard rights cannot run other unsafe files (executables, scripts, files with unsafe extensions) in UserSpace, except some events when the command line can be accessed (some command lines with Sponsors). " " The "[B]Run By SmartScreen[/B]" entry in the Explorer context menu can be used to check the standalone application installers (EXE and MSI) by SmartScreen Application Reputation service. This entry should be also used for unsafe executables listed below: 1. Files downloaded from the Internet, especially email attachments and executables from the archives (7-zip, Zip, Arj, Rar, etc.). 2. Executables shared with other people via USB drives, Memory cards, etc. " [/QUOTE]

Verification