Microsoft still supports SRP with a huge online doc database. The evidence that Microsoft still includes SRP as part of its security best practices are pages such as this:
Use AppLocker and Software Restriction Policies in the same domain (Windows 10) - Windows security | Microsoft Docs
Since WDAC only applies to W10 (and Microsoft has never stated that it has plans to make it backward compatible), and AppLocker only applies to post-Windows 7 systems, the only native Microsoft option remains SRP for earlier systems. Microsoft clearly notes that SRP is the only one that works across mixed version enterprise environments.
Within the context of AppLocker, there are ways to bypass it including rundll32 and regsvr32. Microsoft Security even quotes the researchers who find this stuff such as Casey Smith and Matt Graeber.
There's literally hundreds of thousands of organizations and others that run Windows with rundll32 and regsvr32 disabled without there being any undue inconvenience or a system crash. There's no way to provide evidence except for a person to try it and see for themselves. Furthermore, Microsoft has never stated not to disable LOLBins because they are shipped with the OS and therefore not meant to be disabled. Any notion that permanently disabling Windows processes is wrong is ludicrous. If that were the case, then why does Microsoft still rely upon SRP (SRP, AppLocker and WDAC) as the foundation of its highest security where processes are permanently disabled ?
You want a link that provides a complete set of Microsoft best practices. Well there isn't one. Microsoft best practices are literally spread out across thousands of web pages and other resources such as Microsoft docs, support, blogs, and whitepapers. Just because I don't provide a link doesn't mean that what is being said is speculation. Go to any Microsoft Ignite and attend security presentations.
You seem to imply that just because Microsoft has "deprecated" SRP that it is no longer to be used. Then explain how Microsoft is not telling companies to stop using SRP with mixed environments and expensive Intune licenses, and infrastructure that is not possible to upgrade and upon which SRP is the only working option ?
ASR is Microsoft's foundational security with the objective to disable LOLBins. Within the context of reading Microsoft docs and security blogs this fact is plainly clear.
You assertion that WDAC is not SRP because it uses a kernel mode driver is ludicrous. SRP is not defined by how it does it, it is defined by what it does.
I will just end with this fact... Hard_Configurator is wildly popular and shall continue to grow in popularity. It's because
@Andy Ful is a gentleman. H_C is a freeware open source project. Plus it provides for an almost completely trouble free security user experience. It uses not only SRP but various native Microsoft security options that Microsoft has no incentive to eliminate from the OS any time soon. There's no evidence to suggest otherwise. Absolutely none. Microsoft is not throwing the baby out with the bath water; SRP will be around for a long time.
We are all aware that you have your own peculiar motivated bias in certain topic matters. It's OK. You're entitled to your wrong opinions.
malwaretips.com
.
