- Apr 19, 2017
- 251
This is my configuration for 2022. I've used this since January but I was too lazy to post it.
To learn more, start here:I don't know how to implement this: Microsoft recommended block rules
So WhiteMouse, I followed your instructions re WDAC and rebooted. Then I downloaded Firefox to my Downloads folder and the installer runs! I suppose this is due to some existing rule having Option 14 Enabled:Intelligent Security Graph Authorization specified, allowing programs with 'good reputation' to run. What if someone breaks into my desktop using scripts to install a signed RAT? I would be screwed. There are several existing policies inside the policy folder, and I don't know what they are allowing, and I can't remove them because one of them must be designed to allow MS Windows System32 programs to run.
EDIT: So I created a cip for the Windows folder. Moved all the existing cips to another folder. And copied in my cip to the Active folder. So now I only have the 2 cips I created. And the Firefox installer still runs!
My computer doesn't meet the requirements for Windows 11 and I don't have a TPM.Do you think my WDAC not working can be due to my Win 11 machine is over 10 yrs old and was installed using a workaround for not having a TPM? Or maybe because my old CPU does not support virtualization protection VBS?
And btw, I stopped using the guides I made above because it's too much works to maintain that when an application update to a new version. I'll post a new guide I'm currently using right now if you're interested in that.
Come to Firefox, i offer you a coffee.I'm switching back to Chrome after Edge nags me 7th time about the default search engine. Also switch to Mullvad VPN at the beginning of next year.
Have you tried setting this flag to disabled?I'm switching back to Chrome after Edge nags me 7th time about the default search engine. Also switch to Mullvad VPN at the beginning of next year.