- Mar 16, 2019
- 3,862
oldschool's 2020 laptop setup
- Thread starter oldschool
- Start date
- Dec 23, 2014
- 8,513
oldschool,
The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?
The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?
- Mar 29, 2018
- 7,613
I'm not sure if it's a common way to use it either. I've only used it for installers myself so far.
- Dec 23, 2014
- 8,513
Ha, ha. It seems, that most users apply only one half of RunBySmartScreen.
RunBySmartScreen works like on-demand "SRP + Forced SmartScreen" (although it does not use SRP). So, when the user opens a file by pressing Enter or the left-mouse--click, the file is opened normally. When he/she uses the right-mouse-click and chooses RunBySmartScreen, the file opening is restricted and the alert is displayed (for unsafe files). In this way, the user can apply two security setups by simply choosing between normal file opening and opening it via the right-mouse-click RunBySmartScreen entry.
If you open in MS Office or Adobe Reader a document from a flash drive, then it will not be opened in Protected view. If you will do it via RunBySmartScreen, then the MOTW is added and MS Office or Adobe Reader will open the document in Protected view (as if it was downloaded by the web browser).
MT members usually pay attention to file extensions and do not open files with unsafe or unknown extensions. So, they can use only one half of RunBySmartScreen.
Last edited:
- Mar 29, 2018
- 7,613
I got a quick reply about an adblocking issue on the Brave forum, which motivated me to download the Nightly version with its improved adblock features. Will report here.
- Mar 29, 2018
- 7,613
Exploit Protection settings for browsers (thanks to @Umbra). These haven't broken anything yet, e.g. extensions crashing.
- for Brave, Edge and Firefox:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON
ADD for Edge Chromium only:
Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
- for Brave, Edge and Firefox:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON
ADD for Edge Chromium only:
Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
Last edited:
- Mar 29, 2018
- 7,613
Back to Bitdefender Trafficlight in Brave and Firefox after some testing of Emsisoft and Malwarebytes. Disabled search results scanning.
I also cleaned up the thread.
I also cleaned up the thread.
Last edited:
- Apr 1, 2019
- 2,868
And your avatar!Back to Bitdefender Trafficlight in Brave and Firefox after some testing of Emsisoft and Malwarebytes. Disabled search results scanning.
I also cleaned up the thread.
- Mar 29, 2018
- 7,613
- Apr 1, 2019
- 2,868
Did you get bored sitting home inside all day?Revised setup as above.
- Mar 29, 2018
- 7,613
No, I ran errands in the morning and was cooking later. We got the order today that we're to shelter in place starting 3/18. It's one thing afer another.
- Jan 11, 2020
- 220
- Dec 27, 2016
- 1,480
Exactly mine
These settings were the most practical without breaking the chromium browser. Helpful to an extent to avoid common exploit techniques.I just could not enable 'Code Integrity Guard' as it messed up ESET's protection.
A chrome-specific DLL eplgChrome.dll and the Safe Banking monitoring DLL are signed by ESET itself. Hence blocked, raising multiple error dialog boxes everytime.
- Mar 29, 2018
- 7,613
- Jan 27, 2018
- 1,410
Hmm, what the heck happened to "WIndows Defender for a Year" experiment???
- Mar 29, 2018
- 7,613
What can I say? Sheltering in place so I have more time on my hands. Now that you've shamed me I may have to revert!
- Mar 16, 2019
- 3,862
Yes this is expected from almost every AV except Emsisoft and some others maybe.
- Mar 29, 2018
- 7,613
You shamed me, my friend - so I've reverted to Windows Defender. Cheating on the challenge was fun but it didn't last long!
- Jan 27, 2018
- 1,410
