- Dec 23, 2014
- 8,119
I am not sure if OSA will block MSI files in the same way as EXE files. You can test it by running the MSI installer signed by the signer absent on the list of available signers.
Lenny_FoX Desktop Config 2021
- Thread starter Lenny_Fox
- Start date
- Oct 1, 2019
- 1,120
Well that was a short trial, "OS Armor : what I fine mess you got me into again" 
OS Armor never again for me: it is, not only ill maintained, but also half baked protection
- Dec 23, 2014
- 8,119
You can try to use the below:
OS Armor never again for me: it is, not only ill maintained, but also half baked protection
View attachment 245376
- Advanced >> Block Scripts Execution >> Block execution of .msi installer scripts
- Advanced >> Block Scripts Execution >> Block execution of .msc scripts outside the System folder
- Run the MSI file signed by the allowed signer.
- Run the MSI file signed by not allowed signer.
- Run an unsigned MSI file.
- If works well, then repeat for MSC files.
Edit.
The problem With OSA is that is very complex and does not have documentation. So, any setup should be tested carefully.
Last edited:
- Oct 1, 2019
- 1,120
thanks but I already returned to previous setup
- Aug 19, 2019
- 1,018
It's good to try different things out. I know I'll be tempted to try out the new version of Comodo when it comes out which wa meant to be the other week but got postponed but in reality, i know I'll return to WD H_C setup which is just as secure really
- Oct 1, 2019
- 1,120
My Edge policies set with regedit (Fox = Vos in Dutch)
- Oct 1, 2019
- 1,120
When you scroll down this website, you will find how to code this policies, e.g.
AllowCrossOriginAuthPrompt = Microsoft Edge Browser Policy Documentation
Scroll down and look for the WINDOWS REGISTRY part , which looks like
REG_DWORD is always a digital value, when they use 0 and 1, zero often means OFF and 1 means ON. So when the value is zero, ALLOW CROSS ORIGIN AUTHORISATION PROMPTS is set to OFF
You can create these values manually using reg editor (REGEDIT.EXE)
Above values can also be set using Notepad and creating a text with .REG extension. For above settings this looks like
I have attached this reg file as edge.txt (save as edge.reg and click to run) to get you going,
WARNING: Editing the registry can brick your system, so it is not for the faint hearted
AllowCrossOriginAuthPrompt = Microsoft Edge Browser Policy Documentation
Scroll down and look for the WINDOWS REGISTRY part , which looks like
REG_DWORD is always a digital value, when they use 0 and 1, zero often means OFF and 1 means ON. So when the value is zero, ALLOW CROSS ORIGIN AUTHORISATION PROMPTS is set to OFF
You can create these values manually using reg editor (REGEDIT.EXE)
Above values can also be set using Notepad and creating a text with .REG extension. For above settings this looks like
I have attached this reg file as edge.txt (save as edge.reg and click to run) to get you going,
WARNING: Editing the registry can brick your system, so it is not for the faint hearted
Last edited:
- Oct 1, 2019
- 1,120
Combining NextDns combo's with Chrome extensions ported to Edge.
I was surprised Youtube for Adblock now also is available from Edge, so removed Chrome version for Edge version.
Also took the chance to add Privacy badger (I noticed it for the first time) and disable native Edge tracking protection. I always tweak softeare so I run Privacy badger with: Show domains which dont appear to be following you, so I can manually block advertsing and tracking networks when I recognize them.
AdBlock for Youtube currently only runs on Yotube, uMatrix only runs on Volkskrant.nl (block 1st party scripts to circumvent paywall)
At the momennt these are the blocklist I have enabled in NextDns (rest of NextDNS setup is copied from @security123)
I was surprised Youtube for Adblock now also is available from Edge, so removed Chrome version for Edge version.
Also took the chance to add Privacy badger (I noticed it for the first time) and disable native Edge tracking protection. I always tweak softeare so I run Privacy badger with: Show domains which dont appear to be following you, so I can manually block advertsing and tracking networks when I recognize them.
AdBlock for Youtube currently only runs on Yotube, uMatrix only runs on Volkskrant.nl (block 1st party scripts to circumvent paywall)
At the momennt these are the blocklist I have enabled in NextDns (rest of NextDNS setup is copied from @security123)
Please don't use it. It makes you unique
- Oct 1, 2019
- 1,120
Thanks, the guy does not know how digital marketing works obviously. Most websites use advertising and tracking services from the top players.See for instance this website Datanyze on market share of Alexa Top 1 Million. Facebook is missing because it has its own platform, (same applies for Apple and Amazon), but Google, Facebook, Microsoft, Apple, Amazon are the big earners in this game. The internet is starting to divide in a Western web and Eastern web (headed by the big Chinese players), but they all want the same: COLLECT OUR DATA
Well he is not the only guy who say that.
See for instance this website Datanyze on market share of Alexa Top 1 Million. Facebook is missing because it has its own platform, (same applies for Apple and Amazon), but Google, Facebook, Microsoft, Apple, Amazon are the big earners in this game. The internet is starting to divide in a Western web and Eastern web (headed by the big Chinese players), but they all want the same: COLLECT OUR DATA
View attachment 245535
See GrapheneOS dev:
- Oct 1, 2019
- 1,120
@security123
Well I generally agree that extensions should not mess with CSP (Content Security Policy) settings of webpages. I also think webbrowsers will be restricting what extensions are allowed to do, because it does not make sense to build a sandboxed browsers and allow extensions to escape it.
I am also surprised how far Firefox is behind Chrome from security perspective and still has got that many users. Looks like people in the 60-ties smoking cigarettes because they thought it was good for their health.
Okay back to NextDNS plus Edge tracking protection on strict again, lets hope Microsoft, Google and Facebook don't talk to each other much, because those three know a lot about me. What bugs me is that they only spy on me, why don't they do something useful in return like Google filling in my annual tax declaration and Microsoft my health insurance return bills and facebook ordering my weekly groceries on line or something
Well I generally agree that extensions should not mess with CSP (Content Security Policy) settings of webpages. I also think webbrowsers will be restricting what extensions are allowed to do, because it does not make sense to build a sandboxed browsers and allow extensions to escape it.
I am also surprised how far Firefox is behind Chrome from security perspective and still has got that many users. Looks like people in the 60-ties smoking cigarettes because they thought it was good for their health.
Okay back to NextDNS plus Edge tracking protection on strict again, lets hope Microsoft, Google and Facebook don't talk to each other much, because those three know a lot about me. What bugs me is that they only spy on me, why don't they do something useful in return like Google filling in my annual tax declaration and Microsoft my health insurance return bills and facebook ordering my weekly groceries on line or something
Last edited:
They have a lot fanboys and community like PrivacyToolsiO, Tor browser, ...
Also most don't believe what security experts say which is ridiculous. Mostly or specially on Reddit
But I guess soon or later that will change too.
- Jul 5, 2019
- 552
Antipathy against Google = sympathy for Mozilla.
- Jan 14, 2015
- 1,761
Aint this taking paranoid to a new level?
I mean if you really are that paranoid, switch from Microsoft to Linux, switch to chromium browser in Linux, use DuckDuckGo search engine, avoid social media.
They won't as they want the data for themselves.
- Oct 1, 2019
- 1,120
@Soulbound,
No, not paranoid, I think privacy is a lost case. What bugs me is that they don't anything usefull for me in return with that data.
I used Linux Manjaro, when I was a student, but now I have a job as digital marketeer, so Microsoft is my main OS now.
No, not paranoid, I think privacy is a lost case. What bugs me is that they don't anything usefull for me in return with that data.
I used Linux Manjaro, when I was a student, but now I have a job as digital marketeer, so Microsoft is my main OS now.
- Oct 1, 2019
- 1,120
Edit on previous setup change:
After discovering that OS Armor does not block MSI based on signatures, I immediately returned to ConfigureDefender on MAX with SimpleWindowsHardening
Latest change
Due to changes in ad distribution of websites I often visit (and EOL of uMatrix), I changed browser settings and extensions again:
- Default profile for Banking & Buying, all Edge settings on default, no extensions
- Strict profile for Searching & Surfing, most site permissions on block with following changes
a) Allow extension Blank New Tab on NTP
b) Replaced uMatrix and Edge Anti-Tracking with uBlockOrigin with Kees1958 top500 only (and some ABP rules in My Rules for websites I visit a lot to block ads).
After discovering that OS Armor does not block MSI based on signatures, I immediately returned to ConfigureDefender on MAX with SimpleWindowsHardening
Latest change
Due to changes in ad distribution of websites I often visit (and EOL of uMatrix), I changed browser settings and extensions again:
- Default profile for Banking & Buying, all Edge settings on default, no extensions
- Strict profile for Searching & Surfing, most site permissions on block with following changes
a) Allow extension Blank New Tab on NTP
b) Replaced uMatrix and Edge Anti-Tracking with uBlockOrigin with Kees1958 top500 only (and some ABP rules in My Rules for websites I visit a lot to block ads).
Last edited:
- Oct 1, 2019
- 1,120
Added Spyshelter free HIPS+FW with auto-allow Microsoft and added three rules to block everything frm my three data partitions.
Similar threads
