Serious Discussion WHHLight - simplified application control for Windows Home and Pro.

dronefox1166 said:
Hello !

I put Rainmeter on, and the shortcuts don't work.
Click to expand...
Do shortcuts work when Rainmeter is off? Which shortcuts do not work?
I installed Rainmeter and it works without issues (no blocks).

1750779225279.png
 
Last edited:
  • +Reputation
Reactions: anirbandutta01, piquiteco and simmerskool
dronefox1166 said:
With Default Windows Settings all work fine. So I will use only ConfigureDefender and FirewallHardening.
Click to expand...

I successfully installed Rainmeter (standard and portable installations) with maximal WHHLight restrictions, including WDAC = ON and an empty WDAC whitelist. There are no issues, and no need to whitelist anything. The standard installation creates a shortcut in the location "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" which is by default whitelisted in WHHLight.

The shortcut is not created when using the portable version. If the user creates the shortcut manually in UserSpace, it will be blocked (can be whitelisted).
 
  • +Reputation
Reactions: simmerskool and piquiteco
Andy Ful said:
I successfully installed Rainmeter (standard and portable installations) with maximal WHHLight restrictions, including WDAC = ON and an empty WDAC whitelist. There are no issues, and no need to whitelist anything. The standard installation creates a shortcut in the location "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" which is by default whitelisted in WHHLight.

The shortcut is not created when using the portable version. If the user creates the shortcut manually in UserSpace, it will be blocked (can be whitelisted).
Click to expand...
Shortcut not from Rainmeter app but this is a skin personalized.
 
  • Like
Reactions: simmerskool and piquiteco
dronefox1166 said:
This skin are into OneDrive/Documents in a folder "Rainmeter"
Click to expand...

What file was exactly blocked? I cannot reproduce the block because after the installation, in this folder are only two PNG files and a few INI files (ignored by WHHLight).
Anyway, this folder is in UserSpace, so the block is intended (can be whitelisted).
If the shortcut file is blocked, the block can be seen via the SWH <Events>.
For whitelisting shortcuts, you should have to use the < Add Path*Wildcards> option. If not, the target executable would be whitelisted instead of the shortcut.

1750799277749.png


I noted this in the manual:

1750800954770.png


It is possible that it is not a blocked shortcut but the target executable (file path contained in the shortcut). If so, you can whitelist the target executable. If it is EXE / MSI file, the WDAC Whitelist must be used. The target EXE/MSI block can be seen via the WDAC <Events>.

Edit - Post corrected/updated.
 
Last edited:
  • +Reputation
  • Love
  • Like
Reactions: Capiche, dronefox1166, simmerskool and 1 other person
dronefox1166 said:
"Windows Shortcuts (fileview)"

here :

Windows Shortcuts - Rainmeter Forums

forum.rainmeter.net forum.rainmeter.net
Click to expand...

After installing this skin, some shortcuts are stored in the Documents\Rainmeter subfolder. As I noted, such custom locations in UserSpace are blocked for shortcuts in WHHLight. You can whitelist this subfolder in a standard way. Whitelisting only shortcuts in this subfolder is also possible; however, any new shortcuts would require whitelisting as well.
 
  • Like
  • +Reputation
Reactions: Capiche, piquiteco, simmerskool and 1 other person
Andy Ful said:
What file was exactly blocked? I cannot reproduce the block because after the installation, in this folder are only two PNG files and a few INI files (ignored by WHHLight).
Anyway, this folder is in UserSpace, so the block is intended (can be whitelisted).
If the shortcut file is blocked, the block can be seen via the SWH <Events>.
For whitelisting shortcuts, you should have to use the < Add Path*Wildcards> option. If not, the target executable would be whitelisted instead of the shortcut.

View attachment 289208

I noted this in the manual:

View attachment 289209

It is possible that it is not a blocked shortcut but the target executable (file path contained in the shortcut). If so, you can whitelist the target executable. If it is EXE / MSI file, the WDAC Whitelist must be used. The target EXE/MSI block can be seen via the WDAC <Events>.

Edit - Post corrected/updated.
Click to expand...
Thanks, it works fine like this !!
 
  • Like
Reactions: Capiche and Andy Ful
  • Like
  • +Reputation
Reactions: Capiche, [correlate], simmerskool and 2 others
WHHLight package vs. FileFix attack
malwaretips.com

Security News - FileFix Attack Exploits Windows File Explorer to Execute PowerShell Commands

There were Fake CAPTCHA, ClickFix, and now this POC FileFix. A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows. FileFix attacks also rely on a...
malwaretips.com malwaretips.com

This attack vector is similar to ClickFix, but instead of abusing Run Dialog, it abuses the File Explorer address bar through the browser’s file upload functionality.


Similarly to ClickFix method, this attack can be mainly prevented by FirewallHardening.
 
  • Like
  • +Reputation
Reactions: piquiteco, Parkinsond, Gandalf_The_Grey and 2 others

You may also like...