Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 944216" data-attributes="member: 32260"><p>Why the enforcement for 'All users' can support <strong>Admin account</strong> on older Windows versions or with default-allow setup (blocked Sponsors, LOLBins)?</p><p></p><p>The older Windows versions can have unpatched privilege escalation exploits. The recommended way in such a case is using SUA. If one cannot use SUA then the enforcement for 'All users' is logical to prevent bypassing the H_C restrictions based on SRP. But, this solution requires extended knowledge about Windows. The more SRP restrictions, the more problems can arise with this enforcement. Only the expert users can evaluate the cons and pros of such solutions.</p><p></p><p>While using default-allow SRP setup with blocked LOLBins, the risk of problems is much lower compared to default-deny, but the attack surface is much greater. This can increase the chances of UAC bypass and high privileged malware will still be able to use all LOLBins. So, applying the enforcement for 'All users' is also logical. Blocking LOLBins for 'All users' can be useful only as one of the possible security layers - it can cover many fileless vectors of attack, even when the malware could elevate via UAC bypass.</p><p></p><p>When using the H_C Basic_Recommended_Settings the risk of problems with 'All users' enforcement can be (in theory) greater compared to default-allow setup. Also, on the well patched Windows 10 with these H_C restrictions + SmartScreen, the chances of privilege escalation via exploits or UAC bypasses are minimal. So probably, the support of 'All users' enforcement will be limited in this case to vulnerable systems (older Windows versions). Anyway, if the problems related to applying 'All users' enforcement will be negligible in the Home environment (we will see this after some extended testing), there will not be also serious contraindications for using it also on the well patched Windows 10.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 944216, member: 32260"] Why the enforcement for 'All users' can support [B]Admin account[/B] on older Windows versions or with default-allow setup (blocked Sponsors, LOLBins)? The older Windows versions can have unpatched privilege escalation exploits. The recommended way in such a case is using SUA. If one cannot use SUA then the enforcement for 'All users' is logical to prevent bypassing the H_C restrictions based on SRP. But, this solution requires extended knowledge about Windows. The more SRP restrictions, the more problems can arise with this enforcement. Only the expert users can evaluate the cons and pros of such solutions. While using default-allow SRP setup with blocked LOLBins, the risk of problems is much lower compared to default-deny, but the attack surface is much greater. This can increase the chances of UAC bypass and high privileged malware will still be able to use all LOLBins. So, applying the enforcement for 'All users' is also logical. Blocking LOLBins for 'All users' can be useful only as one of the possible security layers - it can cover many fileless vectors of attack, even when the malware could elevate via UAC bypass. When using the H_C Basic_Recommended_Settings the risk of problems with 'All users' enforcement can be (in theory) greater compared to default-allow setup. Also, on the well patched Windows 10 with these H_C restrictions + SmartScreen, the chances of privilege escalation via exploits or UAC bypasses are minimal. So probably, the support of 'All users' enforcement will be limited in this case to vulnerable systems (older Windows versions). Anyway, if the problems related to applying 'All users' enforcement will be negligible in the Home environment (we will see this after some extended testing), there will not be also serious contraindications for using it also on the well patched Windows 10. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
