I noticed this with Avast. Which other AVs get blocked AMSI DLL?
WHHLight - simplified application control for Windows Home and Pro.
- Thread starter Andy Ful
- Start date
- Featured
I noticed this with Avast. Which other AVs get blocked AMSI DLL?
WDAC was blocking AMSI dll of K and SEP, in addition to Avast; for B, it was blocking some other component cannot recall its name.
WDAC plays nicely only with MD.
That is a good reason for not following my advice the next time
Blocking the AMSI DLL is mainly unimportant when using WHHLight because it blocks scripts and restricts PowerShell to Constrained Language. It can be important when using MS Office with allowed macros.
I will check Bitdefender, if I find some time.
Yes, it did not prevent Avast, K, or SEP from launching and scanning; I just noticed this block event, and tried to avoid by exluding the containing folder but with no success.
Vivaldi crashed once, and closed unexpectedly a few times, but I can't blame it, much less Windows Hybrid Hardening Light. @Andy Ful developed this tool to work with MD, not with third-party AVs. I asked him if he had any tips that might help. But I'm going to restore a backup image and find out together with MD.
I know, it wasn't your fault. Just because you recommended Vivaldi and it caused problems doesn't mean you're to blame. It was my mistake.That is a good reason for not following my advice the next time
I haven't changed anything in the SWH 'left menu' and ConfigureDefender I haven't touched either. But nevertheless, it CAN work and that is good news
Maybe I will start from 'scratch' and change one setting at a time (though in ConfigureDefender - 1 profile at a time
)Also, it's not enought to just set WDAC to OFF. I need a reboot also.
EDIT: Maybe my PC is f***ed. It IS old. But since I'm collecting installation updates and leave them for a few days to be sure my AV catches any misfits I can simply, as mentioned earlier, turn OFF WDAC, install all the updates, turn WDAC back ON and then I'm good. Also, if I CAN'T install anything, then no one else would be able to as well. A little twisted thought of security
Last edited:
EDIT2: Getting more confused by the minute so it's time to turn my brain off in front of the TV.
2 programs in a folder that is NOT whitelisted. 1 starts and 1 gives the contact your admin screen
I really hope I can get 0Patch to work (for updates) because I can't afford at new computer any time soon
And what I'm saying is - just let it be - the problem is cleary HERE.
2 programs in a folder that is NOT whitelisted. 1 starts and 1 gives the contact your admin screen
I really hope I can get 0Patch to work (for updates) because I can't afford at new computer any time soon
And what I'm saying is - just let it be - the problem is cleary HERE.
2 programs in a folder that is NOT whitelisted. 1 starts and 1 gives the contact your admin screen
...
And what I'm saying is - just let it be - the problem is cleary HERE.
Are OO AppBuster and OO SutUp10 the problems, or do you have problems with those apps when using WHHLight?
No, sorry for spamming the thread, was very tired. Was rambling. I just thought it was weird that they could run without the path being whitelisted (or that one could run and the other not).
EDIT2: Getting more confused by the minute so it's time to turn my brain off in front of the TV.
2 programs in a folder that is NOT whitelisted. 1 starts and 1 gives the contact your admin screen
...
And what I'm saying is - just let it be - the problem is cleary HERE.
View attachment 290259
Understand. Those two applications are not whitelisted, but one is allowed. That is normal behavior if the application has sufficient reputation in Microsoft ISG or SmartScreen.
0Patch (free version) works with no issues.
Last edited:
@Andy Ful, Could you please clarify why the "Run as administrator" context menu option isn't configurable in WHHLight, like in H_C, or am I overlooking a setting?
In H_C, EXE files are restricted by SRP, mainly configured to allow local Administrators (except when run with "-p" switch).
In WHHLight, EXE files are restricted by WDAC, which also blocks Administrators (no need to hide "Run as administrator").
But users can bypass WDAC restrictions using "Run as administrator," right? At least, this is what I see when I try to run WDAC-blocked EXE files using "Run as administrator."
No, it will be blocked. In WHHLight, WDAC can be bypassed intentionally by the user via "Run By SmartScreen".
Can you share this EXE? It should be blocked by WDAC.
I have Comodo IS Offline Installer 12.3.4.8162 saved, which I tried to run; WDAC blocked it, but Run as admin allowed it.
Last edited:
It is allowed by WDAC in WHHLight.
WDAC ISG can initially block some executables and then allow them after some time. However, this has nothing to do with "Run as administrator".
Similar behavior can be seen with SAC.
What do you mean by "It is allowed by WDAC in WHHLight"?
I tried it, and I also downloaded the installer again. WDAC blocked it, but "Run as admin" allowed the installer; i.e., the installer started extracting.
You may also like...
-
-
Testing Windows Hybrid Hardening (new hardening application).
- Started by Andy Ful
- Replies: 253
-
Windows 11 Home OEM + Office 2021 Pro Plus OEM Bundle €23.80- Started by Brownie2019
- Replies: 4
-
Soft Organizer Pro from Chemtable for Free - Uninstall applications- Started by BigWrench
- Replies: 9
-
Windows 11 25H2/24H2 get 1000 Hz+ refresh rate support, File Explorer improvements, and more- Started by Parkinsond
- Replies: 9