Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Hard_Configurator - Windows Hardening Configurator
Message
<blockquote data-quote="Andy Ful" data-source="post: 957068" data-attributes="member: 32260"><p>In the H_C Recommended Settings, two hidden folders are whitelisted for EXE and MSI files: user Appdata and Program Data (other files are still forbidden). This is controlled by SmartScreen and H_C settings:</p><p><Update Mode> = ON</p><p><Harden Archivers> = ON</p><p><Harden Email Clients> = ON</p><p></p><p>So, all software auto-updates can be made without issues via EXE or MSI updaters, and "Install By SmartScreen" can work without forcing high privileges. Also, there will be no problems with applications that install in UserSpace (most such installations are made by default in user AppData or ProgramData subfolders).</p><p></p><p>Users normally do not see these folders (they are hidden in the default Explorer settings). Some web browsers can drop & execute files from user AppData, but this is controlled by SmartScreen (block alert prompts after executing unsafe files). The archive applications and email clients can also do it, but this will be blocked by H_C (<Harden Archivers> and <Harden Email Clients>). Other H_C settings prevent malware files and CmdLines, so there is no direct attack vector that could drop into & run EXE or MSI files from user Appdata and Program Data.</p><p></p><p>These settings can hardly be bypassed in the home environment except if something is exploited. But even in such a case, the attack will be usually prevented because exploits often use scripting methods that are still blocked.</p><p></p><p>The Recommended Settings on Windows 10, <Update Mode>, <Harden Archivers>, and <Harden Email Clients> are explained in the help files and H_C manual.</p><p>If the user wants to update applications manually, then Strict_Recommended_Settings can be used instead of Recommended_Settings. In Strict_Recommended_Settings all protected files (also EXE and MSI) are blocked also in the user Appdata and Program Data folders. Most software auto-updates will be blocked (except for updates made via scheduled tasks with high privileges) and all applications installed in %UserProfile% will require additional whitelisting.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 957068, member: 32260"] In the H_C Recommended Settings, two hidden folders are whitelisted for EXE and MSI files: user Appdata and Program Data (other files are still forbidden). This is controlled by SmartScreen and H_C settings: <Update Mode> = ON <Harden Archivers> = ON <Harden Email Clients> = ON So, all software auto-updates can be made without issues via EXE or MSI updaters, and "Install By SmartScreen" can work without forcing high privileges. Also, there will be no problems with applications that install in UserSpace (most such installations are made by default in user AppData or ProgramData subfolders). Users normally do not see these folders (they are hidden in the default Explorer settings). Some web browsers can drop & execute files from user AppData, but this is controlled by SmartScreen (block alert prompts after executing unsafe files). The archive applications and email clients can also do it, but this will be blocked by H_C (<Harden Archivers> and <Harden Email Clients>). Other H_C settings prevent malware files and CmdLines, so there is no direct attack vector that could drop into & run EXE or MSI files from user Appdata and Program Data. These settings can hardly be bypassed in the home environment except if something is exploited. But even in such a case, the attack will be usually prevented because exploits often use scripting methods that are still blocked. The Recommended Settings on Windows 10, <Update Mode>, <Harden Archivers>, and <Harden Email Clients> are explained in the help files and H_C manual. If the user wants to update applications manually, then Strict_Recommended_Settings can be used instead of Recommended_Settings. In Strict_Recommended_Settings all protected files (also EXE and MSI) are blocked also in the user Appdata and Program Data folders. Most software auto-updates will be blocked (except for updates made via scheduled tasks with high privileges) and all applications installed in %UserProfile% will require additional whitelisting. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
