Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
WHHLight - simplified application control for Windows Home and Pro.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1101064" data-attributes="member: 32260"><p>New rules currently work on my Windows 11 Home 23H2 (updated). No need to use Windows Insider.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p>I used ConfigureDefender 4.0.1.0 and set new rules by comboboxes (REFRESH and Windows restart required after changing the settings).</p><p>The simplest metod of checking if new rules work is as follows:</p><ol> <li data-xf-list-type="ol">Copy regedit.exe from C:\Windows to the Desktop</li> <li data-xf-list-type="ol">Run regedit.exe from the Desktop (<span style="color: rgb(184, 49, 47)">blocked</span>).</li> <li data-xf-list-type="ol">Use <Defender Security Log> from ConfigureDefender to see the blocked event:</li> </ol><p>Event[0]:</p><p>Time Created : 07.09.2024 19:45:49</p><p>ProviderName : Microsoft-Windows-Windows Defender</p><p>Id : 1122</p><p>Message : Funkcja <strong><span style="color: rgb(41, 105, 176)">Microsoft Defender Exploit Guard</span></strong> wykonała inspekcję operacji, na którą nie zezwala administrator IT.</p><p> Aby uzyskać więcej informacji, skontaktuj się ze swoim administratorem IT.</p><p> Identyfikator: <span style="color: rgb(184, 49, 47)"><strong>C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB <------ the ID of ASR rule "Block use of copied or impersonated system tools"</strong></span></p><p> Godzina wykrycia: 2024-09-07T17:45:49.777Z</p><p> Użytkownik: -----------------------------------------------------</p><p> Ścieżka: -----------------------------------\<strong><span style="color: rgb(184, 49, 47)">regedit.exe</span></strong></p><p> Nazwa procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE</p><p> Docelowy wiersz polecenia "-----------------------------------\<strong><span style="color: rgb(184, 49, 47)">regedit.exe</span></strong>"</p><p> Nadrzędny wiersz polecenia: "C:\Program Files\totalcmd\TOTALCMD64.EXE"</p><p> Plik, którego to dotyczy:</p><p> Flagi dziedziczenia: 0x00000000</p><p> Wersja analizy zabezpieczeń: <strong><span style="color: rgb(41, 105, 176)">1.417.553.0</span></strong></p><p> Wersja aparatu: <span style="color: rgb(41, 105, 176)"><strong>1.1.24070.3</strong></span></p><p> Wersja produktu: <strong><span style="color: rgb(41, 105, 176)">4.18.24070.5</span></strong></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1101064, member: 32260"] New rules currently work on my Windows 11 Home 23H2 (updated). No need to use Windows Insider.:) I used ConfigureDefender 4.0.1.0 and set new rules by comboboxes (REFRESH and Windows restart required after changing the settings). The simplest metod of checking if new rules work is as follows: [LIST=1] [*]Copy regedit.exe from C:\Windows to the Desktop [*]Run regedit.exe from the Desktop ([COLOR=rgb(184, 49, 47)]blocked[/COLOR]). [*]Use <Defender Security Log> from ConfigureDefender to see the blocked event: [/LIST] Event[0]: Time Created : 07.09.2024 19:45:49 ProviderName : Microsoft-Windows-Windows Defender Id : 1122 Message : Funkcja [B][COLOR=rgb(41, 105, 176)]Microsoft Defender Exploit Guard[/COLOR][/B] wykonała inspekcję operacji, na którą nie zezwala administrator IT. Aby uzyskać więcej informacji, skontaktuj się ze swoim administratorem IT. Identyfikator: [COLOR=rgb(184, 49, 47)][B]C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB <------ the ID of ASR rule "Block use of copied or impersonated system tools"[/B][/COLOR] Godzina wykrycia: 2024-09-07T17:45:49.777Z Użytkownik: ----------------------------------------------------- Ścieżka: -----------------------------------\[B][COLOR=rgb(184, 49, 47)]regedit.exe[/COLOR][/B] Nazwa procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE Docelowy wiersz polecenia "-----------------------------------\[B][COLOR=rgb(184, 49, 47)]regedit.exe[/COLOR][/B]" Nadrzędny wiersz polecenia: "C:\Program Files\totalcmd\TOTALCMD64.EXE" Plik, którego to dotyczy: Flagi dziedziczenia: 0x00000000 Wersja analizy zabezpieczeń: [B][COLOR=rgb(41, 105, 176)]1.417.553.0[/COLOR][/B] Wersja aparatu: [COLOR=rgb(41, 105, 176)][B]1.1.24070.3[/B][/COLOR] Wersja produktu: [B][COLOR=rgb(41, 105, 176)]4.18.24070.5[/COLOR][/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
