Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
WHHLight - simplified application control for Windows Home and Pro.
Message
<blockquote data-quote="Marana" data-source="post: 1117616" data-attributes="member: 69370"><p>In fact, I did! Maybe I’m one of the very few guys out here who really do read the documentation... <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> I have even printed the Manual and made several remarks on the paper. And I have read thru the WHHL help pages, too. All of them. Moreover, I appreciate very much the effort you have put in the documentation.</p><p></p><p>I think my problem was that I have been living in an old Windows 10 world until recently, when a friend of mine acquired a new laptop and asked me to help him implementing a robust backup system and making his new Windows 11 operating system more secure than Windows defaults. Therefore, I have been completely unaware of WDAC, ISG, IAC and any new security features beyond Windows 10 1809 until very recently.</p><p></p><p>The WHHL manual states that “When the WDAC ComboBox is ON, the WDAC policies included in WHH-Light are applied. Those policies use Microsoft's Intelligent Security Graph (ISG) to <strong>restrict</strong> <strong>by default</strong> the EXE, DLL, and MSI files, <strong>except for</strong> – –“.</p><p></p><p>I understood “to <em>restrict by default </em>except for” = “to <em>block </em>if not whitelisted”. Now I know I was wrong.</p><p></p><p>I also went to do some googling about ISG, but I was not able to make a conclusive decision on what all functionality it might contain (i.e. does ISG only do some reputation based screening or can it also somehow be configured to perform straight blocking). There seems to be much information on current Windows security features online, but it is very scattered around, so I remained unsure of what are all of ISG's capabilities.</p><p></p><p>So, I first understood that the “WDAC-ISG” part in WHHL implements a default deny style Application Control for e.g. EXE and MSI files (that is missing from the "SWH" part of WHHL). Now I understand that I was wrong. Probably one thing that was driving me to this conclusion was that the SWH part of WHHL is written so that it is technically not possible to restrict e.g. *.exe and *.dll files to obtain an inviolable default deny style policy. I have been running a default deny setup in my computers so many years, that I was subconsciously expecting you to have coded a default deny option available at least in some part of WHHL. Now I understand that I was wrong here, too.</p><p></p><p>The WHHL source code does not seem to be published in GitHub, so a couple of questions came into my mind...</p><p></p><p>1) I wonder if it could be possible to add an option in WHHL-SWH to (at least make it <em>somehow possible </em>to) restrict also TMP, MSI, DLL and EXE files for people that prefer a default deny style SRP implementation. Now they are hard coded in the Whitelist, and WHHL does not like them to be removed by other means.</p><p></p><p>2) I wonder if it would be possible for you to make at least the XML source code files for the WDAC .cip policy files publicly available. (I already tried to reverse engineer them, but some information seems to disappear in the process, if I understand correctly the generated XML file contents). Of course, it would be even better if you could be willing publish the whole WHHL source code into GitHub, just as you have done with the good old HardConfigurator. This way the more security-oriented people would be able to study it and get a deeper understanding on how the various security mechanisms in Windows can be tuned.</p></blockquote><p></p>
[QUOTE="Marana, post: 1117616, member: 69370"] In fact, I did! Maybe I’m one of the very few guys out here who really do read the documentation... :) I have even printed the Manual and made several remarks on the paper. And I have read thru the WHHL help pages, too. All of them. Moreover, I appreciate very much the effort you have put in the documentation. I think my problem was that I have been living in an old Windows 10 world until recently, when a friend of mine acquired a new laptop and asked me to help him implementing a robust backup system and making his new Windows 11 operating system more secure than Windows defaults. Therefore, I have been completely unaware of WDAC, ISG, IAC and any new security features beyond Windows 10 1809 until very recently. The WHHL manual states that “When the WDAC ComboBox is ON, the WDAC policies included in WHH-Light are applied. Those policies use Microsoft's Intelligent Security Graph (ISG) to [B]restrict[/B] [B]by default[/B] the EXE, DLL, and MSI files, [B]except for[/B] – –“. I understood “to [I]restrict by default [/I]except for” = “to [I]block [/I]if not whitelisted”. Now I know I was wrong. I also went to do some googling about ISG, but I was not able to make a conclusive decision on what all functionality it might contain (i.e. does ISG only do some reputation based screening or can it also somehow be configured to perform straight blocking). There seems to be much information on current Windows security features online, but it is very scattered around, so I remained unsure of what are all of ISG's capabilities. So, I first understood that the “WDAC-ISG” part in WHHL implements a default deny style Application Control for e.g. EXE and MSI files (that is missing from the "SWH" part of WHHL). Now I understand that I was wrong. Probably one thing that was driving me to this conclusion was that the SWH part of WHHL is written so that it is technically not possible to restrict e.g. *.exe and *.dll files to obtain an inviolable default deny style policy. I have been running a default deny setup in my computers so many years, that I was subconsciously expecting you to have coded a default deny option available at least in some part of WHHL. Now I understand that I was wrong here, too. The WHHL source code does not seem to be published in GitHub, so a couple of questions came into my mind... 1) I wonder if it could be possible to add an option in WHHL-SWH to (at least make it [I]somehow possible [/I]to) restrict also TMP, MSI, DLL and EXE files for people that prefer a default deny style SRP implementation. Now they are hard coded in the Whitelist, and WHHL does not like them to be removed by other means. 2) I wonder if it would be possible for you to make at least the XML source code files for the WDAC .cip policy files publicly available. (I already tried to reverse engineer them, but some information seems to disappear in the process, if I understand correctly the generated XML file contents). Of course, it would be even better if you could be willing publish the whole WHHL source code into GitHub, just as you have done with the good old HardConfigurator. This way the more security-oriented people would be able to study it and get a deeper understanding on how the various security mechanisms in Windows can be tuned. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
