Who has already played with new W10 security features?

Have you enabled and added folders to secure folder access feature?

  • YEs

    Votes: 27 29.7%
  • No

    Votes: 46 50.5%
  • What ??

    Votes: 18 19.8%

  • Total voters
    91

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
My wife (who only uses her PC like average users do) has report ZERO issues. But as said she only uses Microsoft Office, Photo app to cut and crop photo's, Albelli photo book and Chrome.
Windows built-in security was always usable, when users do not:
  • install many programs,
  • make system tweaks,
  • change connected devices,
  • make system maintenance,
but stick with the fixed software and standard daily tasks (Internet browsing, document viewing/editing, watching media, etc). If so, then the old built-in security (SRP, blocking scripts, AppContainer ....) and the new (Exploit protection, Control Folders Access) can be very useful.
 

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Windows built-in security was always usable, when users do not:
  • install many programs,
  • make system tweaks,
  • change connected devices,
  • make system maintenance,
but stick with the fixed software and standard daily tasks (Internet browsing, document viewing/editing, watching media, etc). If so, then the old built-in security (SRP, blocking scripts, AppContainer ....) and the new (Exploit protection, Control Folders Access) can be very useful.

You may have struck a cord here. I only have MBAE free and VS, that could be enough to create some sort of conflict with WD anti exploit feature.
I hope to get around it soon as an extra layer of protection is good to have.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
No Hard Configurator then? ;)
That is why Hard_Configurator can help, because the user can quickly configure, turn off, turn on, save security profiles, etc. But still, this is not a tool for newbies. It is rather for 'above average' user, who wants to configure his own computer (Windows Home) or the computers of newbies.
If the inexperienced user has no help from experienced one, then the preferred security is just standard AV (Defender in Windows 10) + PUA protection. More complicated security causes more problems than it is worth.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
That is why Hard_Configurator can help, because the user can quickly configure, turn off, turn on, save security profiles, etc. But still, this is not a tool for newbies. It is rather for 'above average' user, who wants to configure his own computer (Windows Home) or the computers of newbies.
If the inexperienced user has no help from experienced one, that the preferred security is just standard AV (Defender in Windows 10) + PUA protection. More complicated security causes more problems than it is worth.
Some of the Hard Config settings are very good for noobs, such as disable script host and powershell. There are probably a couple others that can work painlessly for a noob.
Maybe you should make a special noob config or installation package?
Windows 10 with updates + WD + a couple Hard Config tweaks = decent security without headaches.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Windows 10 default security (without hardening) is not the best, but pretty good for home users. It can be compared with any free solution, but the user has to download and install applications through EXE/MSI files using the web browser.
If downloaded installers are in archive format (*.zip, 7-zip, *.arj, etc.) or their direct source is not web browser (for example FAT32 pendrive, file downloader, torrents, etc), then SmartScreen does not work as usual, and malware detection may be worse.
.
Edit
There will be also problems with detection of obfuscated malicious scripts embedded in documents.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Some of the Hard Config settings are very good for noobs, such as disable script host and powershell. There are probably a couple others that can work painlessly for a noob.
Maybe you should make a special noob config or installation package?
Windows 10 with updates + WD + a couple Hard Config tweaks = decent security without headaches.
I am thinking about it, from a couple of months. It should be a predefined profile (one or more) + simple GUI to choose the profile, turn ON/OFF the protection. Who knows, maybe in the next year?
.
Edit
I am also thinking about adding <Exploit Protection> option to Hard_Configurator to configure some useful mitigations.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I tried Exploit Protection and found it more complicated than EMET. Using EMET was very simple as compared to Exploit Protection.
Folder protection (Controlled folder access) is very basic. It only covers write/modify access to protected folders. But, If I remember correctly, there is an option to add programs that will have access to protected folders. So, I think that the alerts can be avoided after the proper configuration.
 
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
I did a few of hard configurator tweaks manually (disable remote stuff, set UAC to block unsigned) plus disabled macro's add-ons etc in Office 2016 Pro. Only blok I noticed was Chrome installer being blocked to write chrome shortcut to the desktop. Both the Exploit Guard tweaks (for Office) and Controlled Folders access give zero problems.
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
I am thinking about it, from a couple of months. It should be a predefined profile (one or more) + simple GUI to choose the profile, turn ON/OFF the protection. Who knows, maybe in the next year?
.
Edit
I am also thinking about adding <Exploit Protection> option to Hard_Configurator to configure some useful mitigations.
Looking forward to that. Especially if one does not want to fork out for AppGuard Business.

And Exploit Protection option would be a bonus.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top