Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 898032" data-attributes="member: 32260"><p>The H_C project has established its final form, and this is probably the best I could get from the Windows built-in security in the home environment on the base of smart-default-deny + whitelisting.</p><p></p><p>Now, I am focused on adapting the newest security feature, eg. Windows Defender Application <s>Guard</s> Control (WDAC). It differs significantly from SRP in the H_C, because it blocks execution also on the level of administrative rights (Integrity Levels High+ ). Furthermore, there are some complications in adapting the whitelisting in the Windows Home edition protected by WDAC. So, I decided to start with BabySitter.</p><p></p><p>The idea of BabySitter is simple.</p><ol> <li data-xf-list-type="ol">Avoid starting applications, storing the files, opening the files, or playing media files directly from the system disk.</li> <li data-xf-list-type="ol">Do it from the secondary disks that are protected by WDAC + ISG + SmartScreen. The WDAC protection is strong because it covers PE Executables (EXE, DLL, OCX, etc.), scripting (PowerShell, Windows Script Host), and MSI installers.</li> <li data-xf-list-type="ol">Move the Windows User Folders (Desktop, Documents, Downloads, Music, Pictures, Videos) to the secondary disk and they will be protected by WDAC + ISG + SmartScreen.</li> <li data-xf-list-type="ol">Allow already installed applications to use the system disk. It is whitelisted for PE Executables so there will be no issues.</li> <li data-xf-list-type="ol">Do not bother with whitelisting, use the BabySitter predefined whitelisting (the system disk is whitelisted).</li> </ol><p>This idea follows from some facts:</p><ol> <li data-xf-list-type="ol">The system processes are started from the system disk.</li> <li data-xf-list-type="ol">The computer factory firmware is started from the system disk.</li> <li data-xf-list-type="ol">Most of the already installed applications are started from the system disk.</li> <li data-xf-list-type="ol">The software updates use system disk even when they are started from another disk.</li> <li data-xf-list-type="ol">Most people hate manual whitelisting that can follow from points 1-4, and this can be avoided by whitelisting the whole system disk for PE Executables.</li> <li data-xf-list-type="ol">Average users store the files in the Windows User Folders (Desktop, Documents, Downloads, Music, Pictures, Videos). Many of them use only Desktop and Downloads folders.</li> <li data-xf-list-type="ol">More and more people use a small SSD as a system disk and secondary HDD for storing the files.</li> <li data-xf-list-type="ol">In the home environment (well updated Windows 10 with well updated software), it is very hard to exploit anything (with some known exceptions like MS Office, Adobe Acrobat Reader, etc.).</li> </ol><p></p><p>Storing the files or installing some applications (several gigabytes games) on the secondary disk is reasonable:</p><ol> <li data-xf-list-type="ol">The SSD system disk is usually not big.</li> <li data-xf-list-type="ol">The system disk is most vulnerable to corruption.</li> <li data-xf-list-type="ol">Such setup is much more convenient for restoring from the disk image (fast restore, small disk image).</li> <li data-xf-list-type="ol">After installing the fresh system, there is much less work with restoring the files (documents, media, games, installers, etc.).</li> </ol><p></p><p>Some more details are available here:</p><p>[URL unfurl="true"]https://malwaretips.com/threads/application-control-on-windows-10-home.89753/post-897583[/URL]</p><p></p><p>I am testing this setup on my computer and this will be continued for some months.</p><p></p><p>Post slightly edited.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 898032, member: 32260"] The H_C project has established its final form, and this is probably the best I could get from the Windows built-in security in the home environment on the base of smart-default-deny + whitelisting. Now, I am focused on adapting the newest security feature, eg. Windows Defender Application [S]Guard[/S] Control (WDAC). It differs significantly from SRP in the H_C, because it blocks execution also on the level of administrative rights (Integrity Levels High+ ). Furthermore, there are some complications in adapting the whitelisting in the Windows Home edition protected by WDAC. So, I decided to start with BabySitter. The idea of BabySitter is simple. [LIST=1] [*]Avoid starting applications, storing the files, opening the files, or playing media files directly from the system disk. [*]Do it from the secondary disks that are protected by WDAC + ISG + SmartScreen. The WDAC protection is strong because it covers PE Executables (EXE, DLL, OCX, etc.), scripting (PowerShell, Windows Script Host), and MSI installers. [*]Move the Windows User Folders (Desktop, Documents, Downloads, Music, Pictures, Videos) to the secondary disk and they will be protected by WDAC + ISG + SmartScreen. [*]Allow already installed applications to use the system disk. It is whitelisted for PE Executables so there will be no issues. [*]Do not bother with whitelisting, use the BabySitter predefined whitelisting (the system disk is whitelisted). [/LIST] This idea follows from some facts: [LIST=1] [*]The system processes are started from the system disk. [*]The computer factory firmware is started from the system disk. [*]Most of the already installed applications are started from the system disk. [*]The software updates use system disk even when they are started from another disk. [*]Most people hate manual whitelisting that can follow from points 1-4, and this can be avoided by whitelisting the whole system disk for PE Executables. [*]Average users store the files in the Windows User Folders (Desktop, Documents, Downloads, Music, Pictures, Videos). Many of them use only Desktop and Downloads folders. [*]More and more people use a small SSD as a system disk and secondary HDD for storing the files. [*]In the home environment (well updated Windows 10 with well updated software), it is very hard to exploit anything (with some known exceptions like MS Office, Adobe Acrobat Reader, etc.). [/LIST] Storing the files or installing some applications (several gigabytes games) on the secondary disk is reasonable: [LIST=1] [*]The SSD system disk is usually not big. [*]The system disk is most vulnerable to corruption. [*]Such setup is much more convenient for restoring from the disk image (fast restore, small disk image). [*]After installing the fresh system, there is much less work with restoring the files (documents, media, games, installers, etc.). [/LIST] Some more details are available here: [URL unfurl="true"]https://malwaretips.com/threads/application-control-on-windows-10-home.89753/post-897583[/URL] I am testing this setup on my computer and this will be continued for some months. Post slightly edited. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
