I have blocked mshtma.exe in Windows Exploit Protection (by simply enabling all protections) and enabled Code Integrity Guard for LOLbins/sponsors (without any incidents or problems since using Windows 10). LolBins with label 'binaries' hardened using Code Integrity Guard: LOLBASOne can easily block bitsadmin.exe via Exploit Protection from Security Center.
There is mitigation "Disable Win32k system calls" that can be enabled for bitsadmin.exe and it will block the execution of this executable.
Since you made these great SRP programs, I stopped tweaking SRP in my Windows Pro and also did not bother to read about latest LOLbins misuge in staged attacks.
But BTSadmin rings a bell: Is BTSAdmin not used for Windows updates anymore?
Last edited by a moderator: