As the 1800's French writer Jean-Baptiste Alphonse Karr once said: The more things change, the more they stay the same
WHHLight - simplified application control for Windows Home and Pro.
- Thread starter Andy Ful
- Start date
- Featured
As the 1800's French writer Jean-Baptiste Alphonse Karr once said: The more things change, the more they stay the same
I prefer Comodo's strong and simple default-deny security, but I find that H_C and WHHLight, when used with their recommended tools, offer better usability and overall protection.There is no way to prove which of those solutions can offer better protection.
Both can be configured for strong protection at home.
@Andy Ful , Let me ask an uncomfortable question. For one to make a choice of whether or not to use WHH, one of the things that will be asked is: what can it protect me against, and what things it isn't designed to protect me against; when using the max secure configuration? If you could answer this question, then the user will be able to make the choice. And think of complimentary layers to add.
To jolt your memory can I point you towards mtire att&ck, where you get a birds eye view of attacks MITRE ATT&CK®
Please point me to the post# if this has already been answered.
To jolt your memory can I point you towards mtire att&ck, where you get a birds eye view of attacks MITRE ATT&CK®
Please point me to the post# if this has already been answered.
Last edited:
You can find the answer in the WHHLight help files. For example, the general information about the protection is here:
The detailed information about particular settings is included in other help files and WHHLight manual:
Last edited:
@Andy Ful If you were an attacker who has installed your app and read your documentation, how would you bypass your own security? Think like a red teamer. Difficult question I know. I, for one, am not fit to be on a red team. Apply SWOT, and you as the developer is most qualified to do a SWOT analysis.
Last edited:
@Andy Ful If you are hesitant to reveal attack vectors in public, based on the max settings you gave prior, what would you recommend as a complementary security layer ?
This is the wrong question.
You assume the Enterprise scenario, and WHHLight is for home users.
The WHHLight package does not protect processes in the web browser. So, my first recommendation would be adding ADs/Phishing protection and web browser hardening (like DOH, etc.). I posted the examples here:
Guide | How To - Testing Safe Edge
Post updated in September 2025. Testing Safe Edge This thread is about an experimental Edge web browser setup for kids or casual users. Please test it in a Virtual Machine. Users' feedback is welcome. After conducting some research, I compiled a list of useful Edge Policies focused on...
malwaretips.com
The WHHLight package does not inspect processes already running in the memory of trusted applications. Some rare attacks via in-memory exploits cannot be prevented/mitigated by my applications. Such attacks can be mitigated by using the Windows built-in Exploit Protection or similar applications. Anyway, this can be important only for very popular and commonly exploited applications.
Fortunately, most exploits use scripting and PE files on the pre- and post-exploitation stage, which are restricted by the WHHLight package. Additionally, the DocumentsAntiExploit tool and ConfigureDefender can prevent/mitigate most in-memory exploits in MS Office and Adobe Reader. Also, FirewallHardening tool can efficiently prevent payloads delivered by LOLBins (including shellcode) from remote locations.
Post edited.
Last edited:
Hmm... I didn't configure WDAC as I thought Malwarebytes Premium had 'taken over' Windows Defender settings. I thought this because Malwarebytes is mentioned when browsing Windows Security settings as well as reading about people using only Windows Defender as AV and so I thought, Malwarebytes would 'take over' that role completely
but I guess I need to learn a litte more about how Windows Defender works within the Windows environment.
The term Windows Defender Application Control (WDAC) can be misleading, similarly to Windows Defender SmartScreen. Both can work with other AVs. Microsoft currently uses the term App Control for Business instead of WDAC.
HDSentinel portable is working just fine, but I found two incidencet is SRP events of blocking detect.dll inside its folder!
I confirmed this with the latest version. The block event is in the SRP Log, even though in WHHLight, the SRP is set to skip DLLs. The event disappears after removing the DLL from the SRP File Types. I am unsure if this is a genuine block or merely a logging bug.
Last edited:
Of course.
How to use Hard Disk Sentinel Pro Portable?
How to use Hard Disk Sentinel Pro Portable?
www.hdsentinel.com
I suspect the later, as the program did not stop working.
It could be a block. I had the detect.dll block in the SRP log when I was using WHHLight. Comodo used to contain detect.dll, and HDSentinel worked whether I set containment to virtual or block.
What looks odd here is why WHHLight blocks dll file, while dll is not included in SRP component?
You may also like...
-
-
Testing Windows Hybrid Hardening (new hardening application).
- Started by Andy Ful
- Replies: 253
-
Windows 11 Home OEM + Office 2021 Pro Plus OEM Bundle €23.80- Started by Brownie2019
- Replies: 4
-
Soft Organizer Pro from Chemtable for Free - Uninstall applications- Started by BigWrench
- Replies: 9
-
Windows 11 25H2/24H2 get 1000 Hz+ refresh rate support, File Explorer improvements, and more- Started by Parkinsond
- Replies: 9