Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Microsoft Defender ASR rules remove icons and apps shortcuts from Taskbar
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1019904"><p><strong>Funfacts when restoring images</strong></p><p></p><p>For fun I wanted to see whether my quadruple whitelist security layers impacted the startup for a few programs and decided to test the startup delay with AppTimer with no security enabled. I noticed that Edge could not be tested anymore with AppTimer, because AppTimer was denied launching Edge (on both my Windows10 desktop without security and my wife's Windows 11 laptop with Avira Free). So it seems that security mechanisms are being added by Microsoft silently.</p><p></p><p>Another thing I noticed. When I decided to go back to my previous image, I promoted my standard user to admin again. Until @AndyFull mentioned the scoop about AppLockerHome, I was playing with the setup I mentioned at [USER=52096]@Gandalf_The_Grey[/USER] security setup (using Windows WDAC Intelligent Security Graph in stead of Smart App Control). So I buckled up that image (WDAC with ISG) and installed Avira Free (because that is what I installed on my wife's laptop after Defender eating up icons). I always used the unsigned AppTimer to check whether ISG was working.</p><p></p><p>As I advised [USER=52096]@Gandalf_The_Grey[/USER] I ran WDAC in Audit mode, next round wiith Audit on boot-failure, than fully enabled. As expected WDAC ISG allowed AppTimer in Audit, Blocked it when with the safety net "Audit on boot failure" enabled. To my surprise when I ran WDAC all enabled, it allowed AppTimer to run. I thought something was messed up, so I made a specific deny rule for AppTimer and this blocked AppTimer from running.</p><p></p><p>Conclusion: during the 30 minutes playing with WDAC ISG, the Intelligent Security Graph had decided that the unsigned AppTimer was harmless and changed its policy from block to allow. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /> So ISG really seems to learn now that Microsoft is sharing this backbone for SAC (and SmartScreen) also. This is a change (I used AppTimer since 2019 to test whether my WDAC is working, so this is definitely a change for the better).</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1019904"] [B]Funfacts when restoring images[/B] For fun I wanted to see whether my quadruple whitelist security layers impacted the startup for a few programs and decided to test the startup delay with AppTimer with no security enabled. I noticed that Edge could not be tested anymore with AppTimer, because AppTimer was denied launching Edge (on both my Windows10 desktop without security and my wife's Windows 11 laptop with Avira Free). So it seems that security mechanisms are being added by Microsoft silently. Another thing I noticed. When I decided to go back to my previous image, I promoted my standard user to admin again. Until @AndyFull mentioned the scoop about AppLockerHome, I was playing with the setup I mentioned at [USER=52096]@Gandalf_The_Grey[/USER] security setup (using Windows WDAC Intelligent Security Graph in stead of Smart App Control). So I buckled up that image (WDAC with ISG) and installed Avira Free (because that is what I installed on my wife's laptop after Defender eating up icons). I always used the unsigned AppTimer to check whether ISG was working. As I advised [USER=52096]@Gandalf_The_Grey[/USER] I ran WDAC in Audit mode, next round wiith Audit on boot-failure, than fully enabled. As expected WDAC ISG allowed AppTimer in Audit, Blocked it when with the safety net "Audit on boot failure" enabled. To my surprise when I ran WDAC all enabled, it allowed AppTimer to run. I thought something was messed up, so I made a specific deny rule for AppTimer and this blocked AppTimer from running. Conclusion: during the 30 minutes playing with WDAC ISG, the Intelligent Security Graph had decided that the unsigned AppTimer was harmless and changed its policy from block to allow. (y) So ISG really seems to learn now that Microsoft is sharing this backbone for SAC (and SmartScreen) also. This is a change (I used AppTimer since 2019 to test whether my WDAC is working, so this is definitely a change for the better). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
