Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Those Nasty RATS Part 4
Message
<blockquote data-quote="hjlbx" data-source="post: 518505"><p>Absolutely not. You don't need powershell and powershell_ise; they should both be added to User Space.</p><p></p><p>You can add rundll32.exe to User Space, but then it will be blocked during System Maintenance; I keep rundll32.exe as a Guarded App.</p><p></p><p>The key point to the entire story is - and something that has been stated over-and-over again by most of us AppGuard users - do not use Protected mode; Lock Down mode is the only mode that ensures physical system protection. As [USER=7463]@cruelsister[/USER] points out in her video, Microsoft Office, Kingsoft WPS, Softmaker Office, etc macros, can connect out and download files while in Lock Down mode. In that case you have the option to disable macros. However, if AppGuard Lock Down mode works as designed, then any file downloaded and executed by the macro will be blocked - even if digitally signed.</p><p></p><p>The pain with AppGuard for most people is learning to use it and properly configure it. A number of us have urged BRN to implement better usability -- but it looks like it just ain't gonna happen - at least anytime soon.</p></blockquote><p></p>
[QUOTE="hjlbx, post: 518505"] Absolutely not. You don't need powershell and powershell_ise; they should both be added to User Space. You can add rundll32.exe to User Space, but then it will be blocked during System Maintenance; I keep rundll32.exe as a Guarded App. The key point to the entire story is - and something that has been stated over-and-over again by most of us AppGuard users - do not use Protected mode; Lock Down mode is the only mode that ensures physical system protection. As [USER=7463]@cruelsister[/USER] points out in her video, Microsoft Office, Kingsoft WPS, Softmaker Office, etc macros, can connect out and download files while in Lock Down mode. In that case you have the option to disable macros. However, if AppGuard Lock Down mode works as designed, then any file downloaded and executed by the macro will be blocked - even if digitally signed. The pain with AppGuard for most people is learning to use it and properly configure it. A number of us have urged BRN to implement better usability -- but it looks like it just ain't gonna happen - at least anytime soon. [/QUOTE]
Insert quotes…
Verification
Post reply
Top