Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
VoodooShield
VoodooShield Review by PCMag India
Message
<blockquote data-quote="Andy Ful" data-source="post: 867584" data-attributes="member: 32260"><p>[USER=62850]@danb[/USER],</p><p>Is it possible that RunBySmartScreen executable which is digitally signed could run any other executable (EXE or MSI) without VT alerts? This would be probably an interesting way of applying the VS golden rule in AutoPilot Mode in simplified form:</p><p><strong><em><span style="color: rgb(184, 49, 47)">Do not allow files that are alerted by VS</span><span style="color: rgb(0, 168, 133)">.</span></em></strong></p><ol> <li data-xf-list-type="ol">All files opened/executed normally (by the user, software auto-update, scheduled tasks, exploit, payload, etc.) will be protected by VS, with a strong default suggestion of not allowing the execution of alerted files (smart-default-deny).</li> <li data-xf-list-type="ol">EXE and MSI files could be run by the user via the right-click Explorer context menu "Run By SmartScreen" without VS alerts (except maybe those with very high-risk scoring).</li> </ol><p>I noticed that some users on MT applied this method in practice. If I correctly remember, there was a similar option in Comodo Firewall.</p><p></p><p>Edit.</p><p>I noticed that this method can be also applied by WD Application Control available in Windows E3 or E5 versions. The EXE files are allowed when checked & accepted by SmartScreen App Rep, even when they are normally blocked by Intelligent Security Graph.</p><p>[URL unfurl="true"]https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 867584, member: 32260"] [USER=62850]@danb[/USER], Is it possible that RunBySmartScreen executable which is digitally signed could run any other executable (EXE or MSI) without VT alerts? This would be probably an interesting way of applying the VS golden rule in AutoPilot Mode in simplified form: [B][I][COLOR=rgb(184, 49, 47)]Do not allow files that are alerted by VS[/COLOR][COLOR=rgb(0, 168, 133)].[/COLOR][/I][/B] [LIST=1] [*]All files opened/executed normally (by the user, software auto-update, scheduled tasks, exploit, payload, etc.) will be protected by VS, with a strong default suggestion of not allowing the execution of alerted files (smart-default-deny). [*]EXE and MSI files could be run by the user via the right-click Explorer context menu "Run By SmartScreen" without VS alerts (except maybe those with very high-risk scoring). [/LIST] I noticed that some users on MT applied this method in practice. If I correctly remember, there was a similar option in Comodo Firewall. Edit. I noticed that this method can be also applied by WD Application Control available in Windows E3 or E5 versions. The EXE files are allowed when checked & accepted by SmartScreen App Rep, even when they are normally blocked by Intelligent Security Graph. [URL unfurl="true"]https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
