F

ForgottenSeer 823865

Ad 4: H_C has all the functionality of managing SRP rules like secpol or gpedit. All Windows versions have SRP build-in (but in Home version you normally can't manage them, but thanks to Andy Ful's H_C it is possible) H_C is easier to use than Microsoft secpol/gpedit.
AppLocker rules take precedence over SRP rules, so you are a real Umbra--San to use them both :) (link to Microsoft explaining it)
What i like on Windows SRP is it allows global enforcements (on privileges, account type, DLLs, etc...) while in Applocker it is rules-based (hence more granular even if SRP can do the same in a lesser extent)
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
@Lenny_Linux

1- when you use SRP, there is no such thing as recommended/default settings.
That is right. The "H_C Recommended Settings" setup is just like any other H_C setting profile. These profiles were made by me, because many users who tweak Windows and use SRP do not do it optimally and have false confidence of security. The most common security issue is allowing shortcuts in SRP - users do it because it is not easy to protect shortcuts in a convenient and secure way. The shortcuts open a wide road to fileless attacks and its impossible to block all possibilities by Applocker, Application Control, or OSA.

4- I'm not sure if H_C has all the functionalities than Windows 10 Ent. Built-in SRP and Applocker, if yes then OSA will not afford much more except for convenience and usability.
...
Unfortunately, H_C cannot activate all functionalities of Windows Enterprise editions. For example, H_C cannot configure/apply Applocker (it is not possible on Windows Home). The Application Control can be applied on Windows Home, but cannot be configured on Windows Home. Anyway, all options available in H_C (including Windows built-in SRP, ConfigureDefender, and FirewallHardening) can be activated.
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
When we compare @Lenny_Linux H_C & OSA setup with SRP & Applocker setup, then they seem to be very similar. Both have similar pros and cons for the home users, except that Applocker is more compatible with Windows and it is much better documented. On the other side, Applocker can be applied for free only on Windows Enterprise. Both are very configurable but can be managed only by advanced users.(y)
I have seen SRP & Applocker setups (+ Application Control) used by security experts in enterprises.
 
Last edited:

Andy Ful

Level 59
Verified
Trusted
Content Creator
That is the price of using 3rd party security. It is also possible, that one of the major Windows Updates will disable OSA driver (that happened for some AVs).
Is your girlfriend a happy clicker? If so, then it would be better to disable in OSA the possibility of whitelisting the processes via the button in the blocking alert. Such an easy way of whitelisting is useful for semi-advanced users, but it can be also an easy way to infect the system.
 
Last edited:

Lenny_Fox

Level 11
On my dual os (Linux and Window10) I also run as SUA (not Admin anymore) on my windows 10. I will have a look at that Windows_10_NoElevationSUA_Enhanced profile thanks. (y) (@Andy Ful)

On that old laptop I only run H_C as security and some WD exploit Protection tweaks). I wished I could disable the Windows Defender Antivirus (I tried but re-enables itsel).
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
On my dual os (Linux and Window10) I also run as SUA (not Admin anymore) on my windows 10. I will have a look at that Windows_10_NoElevationSUA_Enhanced profile thanks. (y) (@Andy Ful)

On that old laptop I only run H_C as security and some WD exploit Protection tweaks). I wished I could disable the Windows Defender Antivirus (I tried but re-enables itsel).
Did you try to disable Tamper Protection and next disable WD by the policy tweak?
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
After restarting Windows, you should get WD turned off.
 
Last edited:

Andy Ful

Level 59
Verified
Trusted
Content Creator
Here is a list of web browsers and some good applications from Microsoft Store, which will work and auto-update on Windows_10_NoElevationSUA_Enhanced profile:

Web browsers:
Microsoft Edge (Windows built-in)
Microsoft Edge Dev (Chromium based)
Firefox
Brave

Applications from Microsoft Store:
Office document viewer:
Microsoft (Excel, Word, PowerPoint) Mobile (AppContainer)

Office document editors (all do not use AppContainer):
Neat Office (based on Libre Office)
Office Online (web browser extension for Edge & Chrome)
Ultra Office from CompuClever (based on Libre Office)
WPS Office 2019 for Microsoft Store

PDF viewers (all use Appcontainer):
Adobe Reader Touch
Foxit MobilePDF
PDF Viewer Plus, from GSnathan
PDF Reader from Kdan Mobile
Perfect PDF Reader, from soft Xpansion
Xodo PDF Reader & Editor (very fast with big documents)

Other applications from Microsoft Store:
Adobe Photoshop Express (APPContainer)
Foobar2000 Mobile (APPContainer)
MusicBee for Microsoft Store (not in APPContainer)
Microsoft Whiteboard (APPContainer)
Microsoft To-Do (APPContainer)
Microsoft OneNote (APPContainer)
Spotify for Microsoft Store (not in APPContainer)
VLC for Microsoft Store (APPContainer)
Wunderlist (APPContainer)
 

South Park

Level 5
Verified
One thing to note: Andreas from NVT seems to appear and disappear on security forums. In the silent periods the software also seems to receive no updates, so when you encounter a problem after a Windows update, the only solution might be de-installing OS_armor.
I've been having some bizarre networking problems the last 2 mo. using only Windows Firewall and OSA on 1903. Considering that OSA isn't being updated and has poor documentation, I've decided to uninstall it and use H_C w/ recommended settings instead. I don't yet know if OSA had anything to do with the networking problem, but so far I'm liking H_C.
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
So only Microsoft Office use AppContainer? Not any other Office program like LibreOffice or another Office program from Windows Store?
I did not find a good & free alternative to MS Office which supports AppContainer.
Same for Chromium-Edge internal PDF ?

What's with the non-Mobile version?
Also is another music app necessary? WIndows10 have "Groove Music" app (even if it's laggy for me sometimes and miss some options)
Is VLC necessary? Windows10 have "Movie & TV" app
The non-mobile version of Foobar2000 does not support AppContainer, "Groove Music" does.
I did not test the Chromium Edge and non-mobile versions of MS Office. It can be easily tested by using Sysinternals Process Explorer or a similar tool.
The "Necessary" can be a very personal decision.:)
 
Top