Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Microsoft Defender- Hard to Explain
Message
<blockquote data-quote="Andy Ful" data-source="post: 1004511" data-attributes="member: 32260"><p>Microsft announced that SAC will not be introduced to Windows 10. On Windows 10 Home, one can use similar protection based on MDAC (WDAC). I tested some variants of such protection about two years ago, for example:</p><p>[URL unfurl="false"]https://malwaretips.com/threads/application-control-on-windows-10-home.89753/post-897583[/URL]</p><p>The MDAC (WDAC) policies work on Windows Home, but the binary policy file has to be created on Windows Pro (at least) or downloaded in binary form.</p><p></p><p>I also noticed that it cannot be user-friendly, so I tried a more friendly solution (based on WDAC and Microsoft Defender ASR rules):</p><p>[URL unfurl="false"]https://malwaretips.com/threads/application-control-on-windows-10-home.89753/post-911371[/URL]</p><p></p><p>The problem with protection based on MDAC (WDAC) is the inability of making exclusions for files not allowed by Microsoft ISG (**). This problem and not great ISG allow-listing, makes the idea hardly usable. For example, you can have a working application installed in the system than can became not fully functional or crash just after the update. Anyway, such protection can be applied to the computers that use Microsoft applications, Microsoft Store Apps, and probably also for digitally signed & very popular applications.</p><p></p><p>(**)</p><p>The exclusions can be made by reverse-engineering the WDAC binary policies. I can do it, and I could even make an application that could add such exclusions by changing the WDAC policy file. But, such an application could be recognized by Microsoft as PUA or Hack tool. Furthermore, such an application would be much harder to use than Hard_Configurator with MAX restrictions. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite111" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1004511, member: 32260"] Microsft announced that SAC will not be introduced to Windows 10. On Windows 10 Home, one can use similar protection based on MDAC (WDAC). I tested some variants of such protection about two years ago, for example: [URL unfurl="false"]https://malwaretips.com/threads/application-control-on-windows-10-home.89753/post-897583[/URL] The MDAC (WDAC) policies work on Windows Home, but the binary policy file has to be created on Windows Pro (at least) or downloaded in binary form. I also noticed that it cannot be user-friendly, so I tried a more friendly solution (based on WDAC and Microsoft Defender ASR rules): [URL unfurl="false"]https://malwaretips.com/threads/application-control-on-windows-10-home.89753/post-911371[/URL] The problem with protection based on MDAC (WDAC) is the inability of making exclusions for files not allowed by Microsoft ISG (**). This problem and not great ISG allow-listing, makes the idea hardly usable. For example, you can have a working application installed in the system than can became not fully functional or crash just after the update. Anyway, such protection can be applied to the computers that use Microsoft applications, Microsoft Store Apps, and probably also for digitally signed & very popular applications. (**) The exclusions can be made by reverse-engineering the WDAC binary policies. I can do it, and I could even make an application that could add such exclusions by changing the WDAC policy file. But, such an application could be recognized by Microsoft as PUA or Hack tool. Furthermore, such an application would be much harder to use than Hard_Configurator with MAX restrictions. :( [/QUOTE]
Insert quotes…
Verification
Post reply
Top