- Jul 3, 2015
- 8,153
This is right. Out of the box it blocks 3rd party by default.
I tried it out a little. Looks good! Thanks for the suggestion.
Shmu26 Windows Config in 2019
- Thread starter shmu26
- Start date
I tried it out a little. Looks good! Thanks for the suggestion.
- Nov 19, 2014
- 2,350
As usual it will be a bit annoying but the more you use it the less annoying it gets. I usually visit my normal websites from a umatrix browser and any research i want to do that will be on random websites is done on another browser (deletes on close).
- Jul 3, 2015
- 8,153
Trying out this config:
Kaspersky Internet Security 2020 with Trusted Applications Mode
Hard_Configurator (default-allow)
I don't know what magic spells they uttered over Kaspersky 2020, but it is wicked fast.
Kaspersky Internet Security 2020 with Trusted Applications Mode
Hard_Configurator (default-allow)
I don't know what magic spells they uttered over Kaspersky 2020, but it is wicked fast.
- Apr 28, 2015
- 8,905
They have improved also the speed when TAM is enabled, I reported some slowdown when opening applications + TAM On during beta testing and in later beta builds I already noticed the increasing of speed...
- Dec 23, 2014
- 8,484
With KIS & TAM, you probably can skip H_C.
- Jul 3, 2015
- 8,153
Sorry Andy, I will never skip H_C
- May 10, 2019
- 2,289
- Dec 23, 2014
- 8,484
Although there is some advantage of using H_C even as default-allow (hardening + blocked Sponsors + forced SmartScreen + Documents Anti-Exploit), I think that KIS & TAM would be strong enough for most users. Please note, that in default - allow setup, PowerShell should be blocked because Constrained Language Mode works only in default - deny setup.Sorry Andy, I will never skip H_C
- Jul 3, 2015
- 8,153
Thanks for the info.
Besides blocking it, I also set the Windows environment variable of PSLockdownPolicy 4.
- Dec 23, 2014
- 8,484
What exactly is your H_C default-allow setup? Could you post here the screenshot?
If you used Avast profile or Allow EXE, then it is stronger than default-allow setup.
- Jul 3, 2015
- 8,153
I used Windows_10_Recommended_Enhanced.hdc as a base, but I allowed EXE and TMP, and blocked *script.exe in Sponsors, and made a couple other modifications.
What is the proper meaning of "default-allow", in terms of H_C?
Last edited:
- Dec 23, 2014
- 8,484
This is Allow-EXE setup. In your case, it is equal to the Enhanced default-deny setup (scripts, MSI, all files from Designated File Types List, blocked Sponsors). PowerShell works in Constrained Language Mode and only PowerShell command lines are allowed - PowerShell script files cannot be executed from hard local disks. Only EXE files are allowed to run Unrestricted.
It is a hybrid between default-deny and default-allow setup. If you would use it with Avast Hardened Mode Aggressive, then H_C + Avast = default-deny setup.
Default-allow setup has <Default Security Level> = Unrestricted. This forces PowerShell to Full Language Mode (it is not restricted any more) and all extensions from SRP Designated File Types are not protected in UserSpace except LNK files, if <More SRP ...> <Protect Shortcuts> = ON. The chosen Sponsors can be still blocked by SRP if <Block Sponsors> feature was used. Scripting can be blocked by <Disable Win. Script Host> = ON and <No PowerShell Exec> = ON or by blocking script Interpreters via <Bloc Sponsors>.
The below is a typical default-allow setup based on Enhanced profile:
Last edited:
- Jul 3, 2015
- 8,153
It looks like the issue is solved, thanks to @harlan4096 the wizard. So I am checking out the 2021 technical preview...
Last edited:
- Dec 23, 2014
- 8,484
Kaspersky with activated TAM works as a kind of SRP + forced SmartScreen. It can check/block the following file types: .bat, .cmd, .com, .js, .jse, .msc, .msi, .msp, .pif, .ps1, .reg, .scr, settingcontent-ms, .vbe, .vbs, .wsf, .wsh, and maybe some more.
But it seems that .chm and .hta scriptlets are not covered.
But it seems that .chm and .hta scriptlets are not covered.
Last edited:
- Apr 28, 2015
- 8,905
- Dec 23, 2014
- 8,484
I had no time to test .cpl, .dll, .ocx, .sys, .tmp (for DLL), .tmp (for .exe). Avast Hardened Mode Aggressive can block .tmp (for .exe) but not the rest.
While activating TAM, the snapshot of executables already present on disk is made. So, these executables are automatically excluded from reputation checking, even when they are not recognized as Trusted.
While activating TAM, the snapshot of executables already present on disk is made. So, these executables are automatically excluded from reputation checking, even when they are not recognized as Trusted.
Last edited:
- Jul 3, 2015
- 8,153
Interesting. TAM does more than I thought.
- Jul 3, 2015
- 8,153
Unfortunately, Kaspersky's behavior is not quite as consistent as I would hope for. I have a certain program with a firewall block rule, and every once in a while, like tonight for instance, it somehow manages to connect to the internet anyways, causing my whole system to freeze and the program itself to deactivate. So it looks like I am back to:
Windows Defender with ConfigureDefender
Windows Software Restriction Policies with Hard_Configurator
.
Windows Defender with ConfigureDefender
Windows Software Restriction Policies with Hard_Configurator
.
- Jul 14, 2015
- 773
Does configure defender work good in W10 1903 ? and what profile to choose in configure defender
- Mar 29, 2018
- 7,596
What a coincidence! I had an issue with KFA and website rendering, so it's been removed.
Similar threads
