Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Setup
PC Setup Configuration Help & Showcase
TairikuOkami's Configuration 202x
Message
<blockquote data-quote="piquiteco" data-source="post: 1128590" data-attributes="member: 96829"><p>No need to worry, friend. What a coincidence, I also tested a WannaCry sample back in 2017. I had BDTS with folder protection similar to what MD has today. WannaCry also did not encrypt protected folders because I was using the SUA account and still had the C:\Users\Public folders protected. The process remained running but was unable to elevate system or administrator privileges on the SUA account to encrypt my files. Then I ran the test without folder protection, and it only encrypted the files of the standard account users. The admin account files remained untouched. Since I was using RBX at the time, I just reverted to a previous snapshot and I was back, just for peace of mind, but Wannacry did not spread to other machines. Coincidence or not, you think similarly to me, you like to configure and harden the operating system without relying too much on AVs. In your settings, theoretically, ransomware and malware would not be able to do much, I presume, precisely because of the configuration restrictions you imposed on your OS. For example, the malware would not be able to communicate with C2 due to your DNS and the blocking of ports commonly used and abused by malware. Here we will also consider LOLBins. If your system is applied, blocked by the firewall, the malware would also not be able to download the payload, so the malware would remain inactive. Very interesting configuration [USER=61892]@TairikuOkami[/USER]. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /> I liked your approach. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /> Sorry for the delay in answering your question, I'm as slow as a turtle when it comes to typing. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite126" alt=":ROFLMAO:" title="ROFL :ROFLMAO:" loading="lazy" data-shortname=":ROFLMAO:" /></p></blockquote><p></p>
[QUOTE="piquiteco, post: 1128590, member: 96829"] No need to worry, friend. What a coincidence, I also tested a WannaCry sample back in 2017. I had BDTS with folder protection similar to what MD has today. WannaCry also did not encrypt protected folders because I was using the SUA account and still had the C:\Users\Public folders protected. The process remained running but was unable to elevate system or administrator privileges on the SUA account to encrypt my files. Then I ran the test without folder protection, and it only encrypted the files of the standard account users. The admin account files remained untouched. Since I was using RBX at the time, I just reverted to a previous snapshot and I was back, just for peace of mind, but Wannacry did not spread to other machines. Coincidence or not, you think similarly to me, you like to configure and harden the operating system without relying too much on AVs. In your settings, theoretically, ransomware and malware would not be able to do much, I presume, precisely because of the configuration restrictions you imposed on your OS. For example, the malware would not be able to communicate with C2 due to your DNS and the blocking of ports commonly used and abused by malware. Here we will also consider LOLBins. If your system is applied, blocked by the firewall, the malware would also not be able to download the payload, so the malware would remain inactive. Very interesting configuration [USER=61892]@TairikuOkami[/USER]. (y) I liked your approach. ;) Sorry for the delay in answering your question, I'm as slow as a turtle when it comes to typing. :ROFLMAO: [/QUOTE]
Insert quotes…
Verification
Post reply
Top
