- Mar 16, 2019
The RunBySmartScreen tool can be used to open any new/untrusted file, so the user cannot be fooled by a spoofed file extension. If he/she thinks that the file is a photo, then it will not be opened (via RunBySmartScreen) when it is a script with a photo icon. But, I am not sure if it is a common way of using RunBySmartScreen. What do you think?
Ha, ha. It seems, that most users apply only one half of RunBySmartScreen.I'm not sure if it's a common way to use it either. I've only used it for installers myself so far.
Exactly mine These settings were the most practical without breaking the chromium browser. Helpful to an extent to avoid common exploit techniques.Exploit Protection settings for browsers (thanks to @Umbra). These have broken anything yet, e.g. extensions crashing.
- for Brave, Edge and Firefox:
Block low integrity images - ON
Block remote images - ON
Block untrusted fonts - ON
Control flow guard (CFG) - ON
Data execution prevention (DEP) - ON + Enable thunk emulation - CHECKED
Disable extension points - ON
Force randomization for images (Mandatory ASLR) - ON + Do not allow stripped images - CHECKED
Randomize memory allocations (Bottom-up ASLR) - ON
Validate exception chains (SEHOP) - ON
Validate handle usage - ON
Validate heap integrity - ON
Validate image dependency integrity - ON
ADD for Edge Chromium only:
Code integrity guard - ON (with or without Also allow images signed by M$ Store CHECKED)
Yes this is expected from almost every AV except Emsisoft and some others maybe.I just could not enable 'Code Integrity Guard' as it messed up ESET's protection.
A chrome-specific DLL eplgChrome.dll and the Safe Banking monitoring DLL are signed by ESET itself. Hence blocked, raising multiple error dialog boxes everytime.