Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Simple Windows Hardening
Message
<blockquote data-quote="ForgottenSeer 95367" data-source="post: 1005274"><p>System-wide events, including SWH actions, can be collected and analyzed using any of a vast array of threat intelligence tools and methods to obtain all the "context" anyone could possibly need. Whether or not the typical user needs (or wants) all of that is a question best answered by each individual themselves.</p><p></p><p></p><p>Most home users at the security enthusiast level quickly grasp this.</p><p></p><p></p><p>With regard to scripts only, these would provide "context" of a particular kind that an admin can leverage:</p><ul> <li data-xf-list-type="ul">There can be such context dependent upon how the sec admins have implemented security:</li> <li data-xf-list-type="ul">The use of signed (or unsigned) scripts which are permitted to execute only from explicitly defined local or remote directories.</li> <li data-xf-list-type="ul">Admin sets the runtime permission rights for the scripts intended to be run from the script directory.</li> <li data-xf-list-type="ul">The calling of sponsors from scripts from any other locations is blocked system-wide.</li> <li data-xf-list-type="ul">Units on the network that do not need to run scripts have script policies set to blocked. (Script launches would be a red flag for this designated segment of systems.)</li> <li data-xf-list-type="ul">Surely other things not listed here (for example, login and other management scripts run via GPO - which is the way Microsoft preferred it be done at one point in time).</li> </ul><p>Scripts are deployed via, for example, Microsoft SCCM.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 95367, post: 1005274"] System-wide events, including SWH actions, can be collected and analyzed using any of a vast array of threat intelligence tools and methods to obtain all the "context" anyone could possibly need. Whether or not the typical user needs (or wants) all of that is a question best answered by each individual themselves. Most home users at the security enthusiast level quickly grasp this. With regard to scripts only, these would provide "context" of a particular kind that an admin can leverage: [LIST] [*]There can be such context dependent upon how the sec admins have implemented security: [*]The use of signed (or unsigned) scripts which are permitted to execute only from explicitly defined local or remote directories. [*]Admin sets the runtime permission rights for the scripts intended to be run from the script directory. [*]The calling of sponsors from scripts from any other locations is blocked system-wide. [*]Units on the network that do not need to run scripts have script policies set to blocked. (Script launches would be a red flag for this designated segment of systems.) [*]Surely other things not listed here (for example, login and other management scripts run via GPO - which is the way Microsoft preferred it be done at one point in time). [/LIST] Scripts are deployed via, for example, Microsoft SCCM. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
