- Nov 15, 2017
- 1,084
MS Defender,What AV do you use?
MS Defender,What AV do you use?
Any additional security-related software?MS Defender,
These are normal WHH warnings. WHH found and corrected the PolicyScope SRP setting to fit WHH restrictions.I also received an error, WD at default and NeuShield data sentinel.
View attachment 277927
I just did a clean install, Win 11 home and SAC is still in evaluation mode, I received this message.
View attachment 277929
I also received an error, WD at default and NeuShield data sentinel.
View attachment 277927
If the location will be in UserSpace, then you will have to whitelist the new location.Took her for a quick test drive, no issues, other security software is F Secure and Firewall Hardening. I had to whitelist a folder I keep all my portable programs/tools in.
What happens if we move folder from desktop to another location.
I noticed your post on Wilderssecurity.There is still a security warning when attempting to run the exe from Firefox. Also, Sandboxie does not make this eligible for Immediate Recovery, only Quick Recovery when Firefox is closed. I guess Andy Ful will get this signed by Microsoft once he's finished fully developing this program and its Help Files.
Windows Hybrid Hardening.
View attachment 277761
Menu options:
View attachment 277762
View attachment 277763
View attachment 277764
SRP and Windows Policies settings:
View attachment 277765
View attachment 277766
View attachment 277767
SmartScreen Block:
View attachment 277768
View attachment 277769
WDAC restrictions (Windows built-in Application Control):
View attachment 277770
View attachment 277771
View attachment 277772
Windows Hybrid Hardening.
View attachment 277761
Menu options:
View attachment 277762
View attachment 277763
View attachment 277764
SRP and Windows Policies settings:
View attachment 277765
View attachment 277766
View attachment 277767
SmartScreen Block:
View attachment 277768
View attachment 277769
WDAC restrictions (Windows built-in Application Control):
View attachment 277770
View attachment 277771
View attachment 277772
There is no folder on the Desktop - it is a shortcut to the folder. The installer is a container for a few portable tools. In the help, I explained why the tools are placed in that particular folder in %ProgramData%.:Don't like the folder placed on the desktop; fix the installer so its placed in the same place to which its downloaded. Default behaviour prevents people from having a clean desktop.
Administrators should NEVER be blocked! The whole point of being Administrator is to modify system settings.
Its better to block limited accounts to prevent tampering or dangerous changes from being made.
No idea why.Event[0]:
Event Id = 3077
Local Time: 2023/08/17 17:40:28
Attempted Path = \Device\HarddiskVolume3\Windows\System32\WebClnt.dll
Parent Process = \Device\HarddiskVolume3\Windows\System32\svchost.exe
Policy Name = UserSpace Lock
Policy GUID = {a5ee6c14-b6ae-488c-8fc1-9ce316cc2461}
I see a block in WDAC blocked events for EXE and DLL files:
No idea why.
Everything seems to be working fine.
WFC nothing more.Any additional security-related software?
Microsoft added it to the BlockList:
<Deny ID="ID_DENY_DAVSVC_0" FriendlyName="BlockWebDAV" FileName="davsvc.dll" MinimumFileVersion="65535.65535.65535.65535" />
View attachment 277949
In your case, the Web Dav protocol is probably triggered when using MS Office. It allows access to the network drives if the server uses Web Dav for this. It is improbable that this could impact your activities, but if you will encounter problems with accessing some network resources, then you should inspect if Web Dav is the source of the issue.
They are different. The user who runs an executable with SAC protection can miss more digitally signed malware than after applying WHH + WDAC (RunBySmartscreen).WFC nothing more.
Update: Everything working, but WFC was blocked even whitelist the folder. The policies by WDAC are similar to have SAC on I think.