Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Simple Windows Hardening
Message
<blockquote data-quote="Andy Ful" data-source="post: 978466" data-attributes="member: 32260"><p>Microsoft does not agree with you:</p><p>[URL unfurl="false"]https://docs.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies[/URL]</p><p>This article applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012. SRP is used on servers to apply it on client machines with Windows 7 and 10.</p><p></p><p>You are right, that classic SRP ignores the context that could help to differentiate the unknown from malicious. That is how also work: all other SRP, default-deny, reputation file lookup, HIPS, and similar solutions. The world is much greater than the parent/child and command-line features.</p><p></p><p></p><p></p><p>You seem to see upside down the SRP used in SWH. These SRP settings do not block by path and do not block globally the extensions.</p><p></p><p>Post edited/shortened.</p><p></p><p>Edit.</p><p>The SRP is an old but very useful security idea. A few years ago it seemed that Microsoft would like to get rid of classic SRP. But, classic SRP is still used in many organzations, because it is simpler to deploy and some of its features were not implemented in Applocker and MDAC. That is why it is still present in Windows 11 and Windows Server 2022.</p><p>SWH uses special SRP settings adjusted for fileless methods (especially as an initial vector).</p><p>In the examples included in this thread, I used some targeted attacks seen in the wild, if the adopted methods could be reused in the widespread attacks (dangerous also for home users).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 978466, member: 32260"] Microsoft does not agree with you: [URL unfurl="false"]https://docs.microsoft.com/en-us/windows-server/identity/software-restriction-policies/software-restriction-policies[/URL] This article applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012. SRP is used on servers to apply it on client machines with Windows 7 and 10. You are right, that classic SRP ignores the context that could help to differentiate the unknown from malicious. That is how also work: all other SRP, default-deny, reputation file lookup, HIPS, and similar solutions. The world is much greater than the parent/child and command-line features. You seem to see upside down the SRP used in SWH. These SRP settings do not block by path and do not block globally the extensions. Post edited/shortened. Edit. The SRP is an old but very useful security idea. A few years ago it seemed that Microsoft would like to get rid of classic SRP. But, classic SRP is still used in many organzations, because it is simpler to deploy and some of its features were not implemented in Applocker and MDAC. That is why it is still present in Windows 11 and Windows Server 2022. SWH uses special SRP settings adjusted for fileless methods (especially as an initial vector). In the examples included in this thread, I used some targeted attacks seen in the wild, if the adopted methods could be reused in the widespread attacks (dangerous also for home users). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
