Who has already played with new W10 security features?

Have you enabled and added folders to secure folder access feature?

  • YEs

    Votes: 27 29.7%
  • No

    Votes: 46 50.5%
  • What ??

    Votes: 18 19.8%

  • Total voters
    91
D

Deleted member 65228

You don't have to bypass it when you can can inject into explorer and then do what you wish to do.
I think the funniest Windows exploit I have ever seen was from Windows 2000 where someone tried to load ntoskrnl.exe as a module and then managed to actually use the privileged functions for privilege escalation from ring 3. It was quite funny. Now I think about it, while it was patched back then, explorer.exe has ntoskrnl.exe loaded as a module. I wonder what they use it for.

However... An old exploitation method which is a bit more recent with ntoskrnl.exe as a module worked by overwriting HalDispatchTable (function exported by ntoskrnl.exe) as a method of shell-code execution (it would also be privilege escalation - and would have been able to be done with standard rights). Maybe it still works to this day, I do not know. It was used in 2015 by malware still I think though... (n) :alien:

Microsoft need to make the OS more secure as much as they can!!
 
Last edited by a moderator:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@_CyberGhosT_ Well right now I wish I had Windows Pro like AV_gurus (all these new features), for the moment only added rules for Office, Albidelli (photo book) and Chrome (Disable extension points and Do not allow child processes). These two extra mitigations seem to be compatible with all the programs I tried.

Controlled folder access seems to give a warning when some program violates it,
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
@_CyberGhosT_ Well right now I wish I had Windows Pro like AV_gurus (all these new features), for the moment only added rules for Office and Chrome as explained here
Poll - Who has already played with new W10 security features? (Disable extension points and

What settings to set for Chrome?

1.png 2.png 3.png 4.png 5.png 6.png 7.png
 
  • Like
Reactions: CodaPG and Venustus

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
@_CyberGhosT_ Well right now I wish I had Windows Pro like AV_gurus (all these new features), for the moment only added rules for Office, Albidelli (photo book) and Chrome (Disable extension points and Do not allow child processes). These two extra mitigations seem to be compatible with all the programs I tried.

Controlled folder access seems to give a warning when some program violates it,
Few $ of ebay if you have a paypal account or a credit card.Note they usually sell upgrade licenses but there are ways to do the upgrade even with that using a trick.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
@_CyberGhosT_ Well right now I wish I had Windows Pro like AV_gurus (all these new features), for the moment only added rules for Office, Albidelli (photo book) and Chrome (Disable extension points and Do not allow child processes). These two extra mitigations seem to be compatible with all the programs I tried.

Controlled folder access seems to give a warning when some program violates it,
I had Win7 Ultimate, when I updated to 10 in the first stages of the Insider program (I no longer participate) it updated me to Win10 Pro
all by itself. Anyone you know have Win7 anything above "Home" if you update to the Insider Prog with anything above home it will give you Win10 Pro. Just a thought.
 
  • Like
Reactions: frogboy and shmu26

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@_CyberGhosT_

You are so right (also online upgrades of Pro can be purchased for under 10 euro as @SHvFl mentions)

I had upgraded to Windows 10 (Pro) on all devices. Then my wife asked whether I could get her laptop the same looks as het work laptop. So I downgraded to Windows 7 again. Then I bought a new laptop for her with Windows 10 home and she told me that she really liked the looks of her new laptop, while I was downgrading it to Windows 7). You can see in my status that I blew of steam in this forum (aaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh status update :) )

My desktop is Windows 7 enterprise (my tablet has Windows 8.1 because I also have 8.1 on my phone). Her new laptop/tablet runs Windows 10 Home (Lenovo Yoga 520 with 128 GB SSD and 1 TB HD).
 
Last edited:
D

Deleted member 65228

The problem is some users prefer to stay with old OS like windows XP and Windows 7. And they don't take advantage of the higher security available in Windows 10.
Oh yes I totally agree. There are many internal security improvements on modern versions of Windows average users won't know about. Which are pretty important IMO.

Windows 7 is commonly liked and still preferred by many but has its own fair share of security issues, even newer versions do of course. But fact of the matter is up to date Windows with the latest security patches keeps you safer...
 
Last edited by a moderator:

boredog

Level 9
Verified
Jul 5, 2016
416
I had Win7 Ultimate, when I updated to 10 in the first stages of the Insider program (I no longer participate) it updated me to Win10 Pro
all by itself. Anyone you know have Win7 anything above "Home" if you update to the Insider Prog with anything above home it will give you Win10 Pro. Just a thought.

I have win 10 home and have all these new setting on insider. Also have Enterprise in VM with all of them. Ghost , you should have stuck with the insider updates.
 
  • Like
Reactions: _CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I have win 10 home and have all these new setting on insider. Also have Enterprise in VM with all of them. Ghost , you should have stuck with the insider updates.
At the time, I had too much going on, now in simi-retirement I have the time to actually "participate"
but Insider builds will not run with the Process / Services restrictions I have in place now.
I will live vicariously through you brave Insiders lol :)
 
D

Deleted member 178

Few $ of ebay if you have a paypal account or a credit card.Note they usually sell upgrade licenses but there are ways to do the upgrade even with that using a trick.
i dont have both, how i do ? :unsure:
 
  • Like
Reactions: SHvFl

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,149
I lost saved downloads, I liked to keep around,Had them on Chrome Browser,which the update deleted lol,Do like the secure folder option,just can"t seem to like having EDGE as a default browser and won"t for now gl all
 
  • Like
Reactions: SHvFl

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@Av Gurus

Select override and enable

upload_2017-10-20_9-25-37.png




I see second has audit option. I will check my wife's laptop when she is done photo editing (could take a while) Canada trip photo's (she thinks security is nonsense anyway and all people on security forums are geeks, so can't tell her to bugger of for my forum pall Av guru's..... I am not that brave).

EDIT child processes start can only be monitored with chrome. When you disable audit (so block it), it won;t work. I was put n the wrong feet, because they used 'controleren' in Dutch which means 'control'. This is technically a correct translation for audit, only to controle in Dutch also means to manage (or to rule), so apologize for the confusion.
 

Attachments

  • upload_2017-10-20_9-28-13.png
    upload_2017-10-20_9-28-13.png
    20.8 KB · Views: 789
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Few $ of ebay if you have a paypal account or a credit card.Note they usually sell upgrade licenses but there are ways to do the upgrade even with that using a trick.
Yes, I bought Office 2016 Pro digital license thanks to your tip for 45 euro's for my wife's new latop/tablet. I should have bough Windows 10 Pro also at that time. Now I think it is to much hassle to install everything again.
 
  • Like
Reactions: SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
i dont have both, how i do ? :unsure:
Don't think ebay gives other options. Sadly for most of us they have their sister service paypal that needs to syphon money.
 
  • Like
Reactions: frogboy

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
@Av Gurus

Select override and enable

View attachment 170414

View attachment 170415

I see second has audit option. I will check my wife's laptop when she is done photo editing (could take a while) Canada trip photo's (she thinks security is nonsense anyway and all people on security forums are geeks, so can't tell her to bugger of for my forum pall Av guru's..... I am not that brave).

Tnx, what about this "Block Untrusted Fonts"? Turn ON or not?

ex.png
 
  • Like
Reactions: CodaPG and SHvFl

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Tnx, what about this "Block Untrusted Fonts"? Turn ON or not?

View attachment 170416
Depends what fonts you use. If none of your programs use exotic non-unicode fonts, you will be okay. If they use such fonts, you will see right away, when the text is not displaying properly in a menu or dialogue box or search result box etc.

Is there an option for "monitor" fonts? That's a compromise solution that has worked well for me in other security softs.
 
  • Like
Reactions: SHvFl and Av Gurus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top