WireGuard here and its connecting quite fast now, not sure why it slowed down in the first place now.
Testing Windows Hybrid Hardening (new hardening application).
- Thread starter Andy Ful
- Start date
I suspected this. Anyway, I made a detailed post to help other readers understand the info included in the WDAC Log.
Some conclusions about WHHLight with Smart App Control.
Surprisingly, SAC in Evaluate mode can impact the behavior of WDAC policies used in WHHLight. Without WHHLight, SAC in Evaluate mode does not block anything but asks the Microsoft Cloud about the file reputation, and writes it into the Event Log. It looks like the external (non-SAC) policies that use the ISG option can use that information, just like in the case of SmartScreen.
One of the differences between SAC and SmartScreen is that SAC allows digitally signed files with unknown reputations, and SmartScreen mostly blocks such files.
Surprisingly, SAC in Evaluate mode can impact the behavior of WDAC policies used in WHHLight. Without WHHLight, SAC in Evaluate mode does not block anything but asks the Microsoft Cloud about the file reputation, and writes it into the Event Log. It looks like the external (non-SAC) policies that use the ISG option can use that information, just like in the case of SmartScreen.
One of the differences between SAC and SmartScreen is that SAC allows digitally signed files with unknown reputations, and SmartScreen mostly blocks such files.
Last edited:
So, at this point a user of WHH is better protected turning off active SAC achieved from a clean install of Windows 11 and then applying WDAC and SmartScreen protection of WHH?
It is hard to say if there is any significant difference in the protection of WHHLight + SAC ON compared to WHHLight (default Whitelist) + SAC OFF. The first is not as preventive as the second but will stop most attacks at the later infection stage. If you like to seek any advantage, then the setup with SAC OFF can be more usable for some users due to whitelisting. However, the SAC ON setup can be more usable for people who install digitally signed applications.
Anyway, WHHLight in Super_Safe or Two_Accounts setup can be stronger at home (at the cost of some usability).
Last edited:
Thanks. I've been running two machines with SAC on and with your recommended WHHLight settings. Another machine with SAC off and your WHHLight settings for that set up, all since August without any issues whatsoever.
WHH 1.0.1.0
The first official version - digitally signed.
The first official version - digitally signed.
I see that WHHLight set this way offers better protection than H_C Windows_10_Strict_Recommended_Enhanced. I tried H_C Windows_10_Strict_Recommended_Enhanced and had no additional problems compared to H_C Recommended Settings.
So I thought I'd try something even better. If it behaves much like H_C Windows_10_Strict_Recommended_Enhanced it may be a solution.
I have some questions.
1. In order to activate SUPER_SAFE SETUP do I have to clear the whole WDAC Whitelist?
2. With such a configuration will the operating system (windows/edge updates) continue to be automatic? Will the manual update be only for Third-party apps? To know in advance what I'm getting into.
3. I will use it on my admin account with CD MAX, is FirewallHardening LOLBins and Documents_AntiExploit still necessary?
4. Is SUPER_SAFE SETUP like a default-deny from H_C?
Congratulations for the application! I like that it is very compact, and you can adjust the protection level very easily from the WDAC Whitelist. In H_C I was lucky with the profiles, otherwise when I saw so many options I was sweating.
Yes.
2. With such a configuration will the operating system (windows/edge updates) continue to be automatic? Will the manual update be only for Third-party apps? To know in advance what I'm getting into.
Yes.
Very popular 3rd party applications can often auto-update, too.
FirewallHardening and DocumentsAntiExploit are not necessary, but your system will be cleaner with them. The SUPER_SAFE setup will mitigate some malware at the later infection stage.
Yes, it is similar to the settings profile H_C Windows_10_Strict_Recommended_Enhanced.
Thanks, Andy, for your work on these projects. I'm currently testing WHH 1011 with default settings (SWH only) on my old W10 laptop. I'm also using C_D on Interactive and Firewall Hardening with default rules. So far, so good.
I use many portable apps, most (but not all) of which are signed. My question to whomever is using WHHL: Would activating WDAC likely create more FP's than benefits for someone like me? I'm careful about running new programs and am willing to accept the modest number of FP's I already get from WD. Thanks in advance.
I use many portable apps, most (but not all) of which are signed. My question to whomever is using WHHL: Would activating WDAC likely create more FP's than benefits for someone like me? I'm careful about running new programs and am willing to accept the modest number of FP's I already get from WD. Thanks in advance.
Gandalf_The_Grey
Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
From the help included with WHH:
See points 4 and 5.
I have added my folder with portable applications to the whitelist and have no issues.
You can be safe most probably, with your current setup.
Of course, you can try WHHLight with the advice of @Gandalf_The_Grey.
You may also like...
-
-
WHHLight - simplified application control for Windows Home and Pro.
- Started by Andy Ful
- Replies: 706
-
FAI Tells It Like It Is - Microsoft's Wonky Default Deny Roadmaps, Users as Guinea Pigs, "Dilemmas and Paradoxes," and Why SRP Remains King
- Started by ForgottenSeer 114717
- Replies: 44
-
BYOVD attacks, prevention, and Core Isolation.
- Started by Andy Ful
- Replies: 13
-
