Who has already played with new W10 security features?

Have you enabled and added folders to secure folder access feature?

  • YEs

    Votes: 27 29.7%
  • No

    Votes: 46 50.5%
  • What ??

    Votes: 18 19.8%

  • Total voters
    91

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Tnx, what about this "Block Untrusted Fonts"? Turn ON or not?
View attachment 170416
"Block Untrusted Fonts" mitigation was useful only in the early Windows 10 versions.
"With Windows 10, GDI font parsing is no longer performed in kernel mode. Instead, it is performed in a sandboxed user-mode process, fontdrvhost.exe, which executes in a highly-restricted, per-session AppContainer process under a limited-scope, system-generated virtual account. The AppContainer process is granted no Capabilities and minimal privileges. (When a process in an AppContainer requests access to a resource, the Windows security access check applies tighter rules than it does for traditional, non-AppContainer processes, granting access only if the resource explicitly grants access to it.)"
Dropping the “Untrusted Font Blocking” setting
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Had an issue with Snipping Tools not working. Apparently due to a faulty update, fixed that running windows updates troubleshooting tool.
Disabled Control Folders Access. Too many prompts and hard to navigate (for me). For instance I was unable to delete new files that I created on protected folders after the upgrade.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
@Av Gurus

Select override and enable

View attachment 170414



I see second has audit option. I will check my wife's laptop when she is done photo editing (could take a while) Canada trip photo's (she thinks security is nonsense anyway and all people on security forums are geeks, so can't tell her to bugger of for my forum pall Av guru's..... I am not that brave).

EDIT child processes start can only be monitored with chrome. When you disable audit (so block it), it won;t work. I was put n the wrong feet, because they used 'controleren' in Dutch which means 'control'. This is technically a correct translation for audit, only to controle in Dutch also means to manage (or to rule), so apologize for the confusion.

When set like this (screenshot) it crash all my extensions...:eek:

Untitled.png
 
Last edited:

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Hey guys, I'm running Windows 10 home and have just upgraded to the fall creators update. Since with Windows 10 home you can't access gpedit, I will be unable to benefit of most of the new security features? (I can still access anti-exploit and protected folders).
Before upgrading I removed COMODO Firewall.
Do you recommend to go back to COMODO Firewall at my settings? (There is currently a COMODO Firewall bug that makes Windows Defender Security Center unusable when installed. So I will disable again Windows Defender if I install it), or installing VoodooShield and benefit of the new anti-exploit and protected folders?
 

Danielx64

Level 10
Verified
Well-known
Mar 24, 2017
481
Hey guys, I'm running Windows 10 home and have just upgraded to the fall creators update. Since with Windows 10 home you can't access gpedit, I will be unable to benefit of most of the new security features? (I can still access anti-exploit and protected folders).
Before upgrading I removed COMODO Firewall.
Do you recommend to go back to COMODO Firewall at my settings? (There is currently a COMODO Firewall bug that makes Windows Defender Security Center unusable when installed. So I will disable again Windows Defender if I install it), or installing VoodooShield and benefit of the new anti-exploit and protected folders?
Just because you don't have access to gpedit it doesn't mean that you can't have some of the new features. In many cases you would need to edit the registry or get a program to do it for you.
 
  • Like
Reactions: Handsome Recluse

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Hey guys, I'm running Windows 10 home and have just upgraded to the fall creators update. Since with Windows 10 home you can't access gpedit, I will be unable to benefit of most of the new security features? (I can still access anti-exploit and protected folders).
Before upgrading I removed COMODO Firewall.
Do you recommend to go back to COMODO Firewall at my settings? (There is currently a COMODO Firewall bug that makes Windows Defender Security Center unusable when installed. So I will disable again Windows Defender if I install it), or installing VoodooShield and benefit of the new anti-exploit and protected folders?

I found WD exploit protected folders a pain to use. I disabled that feature. VS is all I need as far as protecting my folders against exploit and a breeze to use. But that is me.
BTW I also have MBAE for extra peace of mind.
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Last edited:
  • Like
Reactions: Av Gurus

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
I have to say that Win10 anti-exploits features are inconvenient to use...especially the reboots needed, i still prefer HMPA, but i admit it is good for those that can't afford to buy it.

I like the new exploit protection feature for users with relative common setups like my wife's laptop (vanilla Windows 10 home with Office 2016 Pro and Albelli photobook). Office and Allbelli can be nicely mitigated with the Exploit Guard. I am not so worried about running into exploits in the wild when using Chrome, so Controlled folder access + Exploit Guard are really great additions for average users with a standard setup.

P.S.
For average users not using Windows Defender, MBAE free continuous beta (for exploit mitigation) and ransomfree (for ransomware mitigation) are the two additions which provide the least hassle (ease of installation and compatibility and ease of use). I know there are more advanced options, but they also require more advanced skills of the user.

Regards Kees
 
Last edited:

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
@Av Gurus
@VecchioScarpone My wife has a vanilla Windows 10 Home (with Office 2016 Pro and Albelli Photobook). Microsoft's own did not give any problem. Just out of precaution I added Albelli to the allowed programs, see picture
As per my post in this thread #64, I'm at pain with the feature. But as I posted after, that is me. I'm really an average user at best. Your wife and most would likely cruise through what I find hard to fix or understand.
 
  • Like
Reactions: frogboy

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
As per my post in this thread #64, I'm at pain with the feature. But as I posted after, that is me. I'm really an average user at best. Your wife and most would likely cruise through what I find hard to fix or understand.

My wife always hits the allow button :-( So consider yourself a more than average user. When you installed VoodooShield, you apply a whitelist which places you in 5 to 10% of the users who apply a default deny. You have to be a smart (and advanced) user to let an Artificial Intelligence Machine provide you with smart advice :) on what to allow and block everything when your PC is at risk.
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
My wife always hits the allow button :-( So consider yourself a more than average user. When you installed VoodooShield, you apply a whitelist which places you in 5 to 10% of the users who apply a default deny. You have to be a smart (and advanced) user to let an Artificial Intelligence Machine provide you with smart advice :) on what to allow and block everything when your PC is at risk.
I use VS with default settings. I use my computer to send emails, read the news, browse a couple of forums, watch TV series online and TV via a tuner. My hard drive is basically empty.
I don't get many prompts from VS and I only allow a process when something legitimate I initiate get stuck. My son always tell me not to use apps the like of WD Exploit mitigation, HMPA, VS. Just that I'm trying to learn by error and trials (lot of errors) but I'm getting better.
I hope you didn't take offense from my previous reply.
 
  • Like
Reactions: _CyberGhosT_

TheMalwareMaster

Level 21
Verified
Honorary Member
Top Poster
Well-known
Jan 4, 2016
1,022
Is Edge protected by default in the exploit settings?
The only fact that I don't like of VoodooShield is that it slows down my boot time more than COMODO when the desktop loads up (to load up its icon and processes)
 
  • Like
Reactions: Handsome Recluse

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Is Edge protected by default in the exploit settings?
The only fact that I don't like of VoodooShield is that it slows down my boot time more than COMODO when the desktop loads up (to load up its icon and processes)
1 Edge runs in appcontainer so it is inherently secure.
2 voodooshield protection kicks in much faster after system startup, maybe that is why it slows boot time, compared to comodo, whose protection starts very late.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
When set like this (screenshot) it crash all my extensions...:eek:

View attachment 170464
Good thing you weren't running any HIPS at the time, I have read of some nasty crashes that cripple the OS when that is enabled and run with a HIPS themed software, someone should try it and see what happens ? :sneaky:
I need to go re-find the article but I think in order to get the result I mention, the HIPS software has to be on the system before that option is enabled ?
I will go look for and post the article Sunday evening. I have to go speak this evening at a safety event for an old employer so I have a full schedule till Sunday afternoon.
 
Last edited:
  • Like
Reactions: VecchioScarpone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top