Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Testing Windows Hybrid Hardening (new hardening application).
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1055870"><p>Andy, you are making it complex to make your point. Also your Polish WDAC version must behave completelely different from the US version I am using, because I can't relate this to my experience with the WDAC wizzard.</p><p></p><p>1. Downside you mention that ISG might generate some false positives. That is true but compared to a default deny it does not make sense, a default deny blocks way more.</p><p>2. To overcome the default deny restrictions you leave large holes in the setup to facilitate installs/updates. With ISG you don't need those holes so it is more secure.</p><p>3. Because ISG is less secure (true) against possible advanced staged DLL attacks you are adding extra restrictions. Which is strange because you already said you would not include dynamic code (like dotNet) restrictiions in your setup which by itself creates a DLL attack hole, so I am completely lost (to me your making a buzz about a small hole and ignoring a large hole on the same topic)</p><p>4. ISG might be safer in post-intrusion according to you, but in my setup (to prevent partly succeeded updates and blocking issues) I allow UAC protected folders (which you also do in the default deny), when you add UAC protected folders to the allow list, there is no post intrusion advantage, again I can't follow you</p><p></p><p>Let's agree to disagree. </p><p></p><p>Let me again express my gratitude for making available (for free) great sofware like CD, SWH an H_C. To me you are the champion in making available complex business options of the OS for average PC users. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /> You are a hero and I will stop criticising you on WHH <img class="smilie smilie--emoji" loading="lazy" alt="😥" title="Sad but relieved face :disappointed_relieved:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f625.png" data-shortname=":disappointed_relieved:" /></p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1055870"] Andy, you are making it complex to make your point. Also your Polish WDAC version must behave completelely different from the US version I am using, because I can't relate this to my experience with the WDAC wizzard. 1. Downside you mention that ISG might generate some false positives. That is true but compared to a default deny it does not make sense, a default deny blocks way more. 2. To overcome the default deny restrictions you leave large holes in the setup to facilitate installs/updates. With ISG you don't need those holes so it is more secure. 3. Because ISG is less secure (true) against possible advanced staged DLL attacks you are adding extra restrictions. Which is strange because you already said you would not include dynamic code (like dotNet) restrictiions in your setup which by itself creates a DLL attack hole, so I am completely lost (to me your making a buzz about a small hole and ignoring a large hole on the same topic) 4. ISG might be safer in post-intrusion according to you, but in my setup (to prevent partly succeeded updates and blocking issues) I allow UAC protected folders (which you also do in the default deny), when you add UAC protected folders to the allow list, there is no post intrusion advantage, again I can't follow you Let's agree to disagree. Let me again express my gratitude for making available (for free) great sofware like CD, SWH an H_C. To me you are the champion in making available complex business options of the OS for average PC users. (y)(y)(y)(y)(y) You are a hero and I will stop criticising you on WHH 😥 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
