Who has already played with new W10 security features?

Have you enabled and added folders to secure folder access feature?

  • YEs

    Votes: 27 29.7%

  • No

    Votes: 46 50.5%

  • What ??

    Votes: 18 19.8%
  • Total voters
    91
I have a ton of these, and have a pretty good balance in Win 10 Pro, some may remember me posting some here and there.
Things are changing, now MS is taking notice and at nearly every update of any importance resets "Services" that may have been user disabled, I used to notice it but not very often now I am seeing it more. kinda like how they reacted when you would remove one of the apps back in early Win10.
Wait for the list till after the Fall Update, and the first patch fix after that, then the list will have some new, and some wont work anymore (Most likely) so we could then skip having to re-edit it in such a short time.
Does that make sense ? I hope so lol
 
  • Like
Reactions: Prorootect, frogboy and Andy Ful
I also can't play with it as defender is disabled at my systems.
For me Excubits Products are doing quite a good job on performing these actions...
 
windows defender advanced threat protection services is not working, it's set to manual and if i try to change that I got error

Clipboard01.jpg Clipboard02.jpg

Also, I'm not sure if this is connected, but Win Defender can't update

Clipboard03.jpg

Try to run sfc /scannow and dism /online /cleanup-image /restorehealth but no problem found

Clipboard04.jpg
 
  • Like
Reactions: AtlBo
  • Like
Reactions: AtlBo and Av Gurus
Windows_Security said:
Thanks, please post your opinion also. New security features are half good :cool: IMO, what is your take on it?
Click to expand...
Controlled Folder Access (CFA) can confuse the average users while installing new applications. Most installers try to create shortcuts on the Desktop, which will be forbidden by CFA. Also, the applications for editing photos, media files, and documents often try to make special directories in protected folders. So, in the real world CFA should be deactivated when installing new applications.
ASR rules are probably related to Microsoft Office 2016, 2013, 2010 and Office 365. So, they are useless for anything else. But, they could be very useful for Microsoft Office users.
Exploit Guard is a very interesting feature, but not for the average users. Maybe, it is possible to prepare the setups for most exploited applications (I did it for 7-ZIP). But, that would require a collective work.
Cloud-delivered protection level cannot be changed in Windows Home editions.
My conclusion is that I will have much work to do.:)
 
  • Like
Reactions: CodaPG, AtlBo, _CyberGhosT_ and 3 others
Andy Ful said:
Exploit Guard is a very interesting feature, but not for the average users. Maybe, it is possible to prepare the setups for most exploited applications (I did it for 7-ZIP). But, that would require a collective work.
Click to expand...

Can you share that setup for 7zip?
 
  • Like
Reactions: AtlBo
@Andy Ful THX

DISABLE EXTENSIONS POINTS (exploit mitigation) seems to work on most processes. Poll - Who has already played with new W10 security features? This is a mitigation introduced with Windows 8 for Desktop Apps. Prevents certain built-in third party extension points from being enabled, preventing legacy extension point DLLs from being loaded into the process. I can't fid which legacy third party DLL''s are meant by M$, but possibly they just block Addobe flash and PDF and simular.
 
Last edited:
  • Like
Reactions: AtlBo, Tiny, _CyberGhosT_ and 3 others
Andy Ful said:
Controlled Folder Access (CFA) can confuse the average users while installing new applications. Most installers try to create shortcuts on the Desktop, which will be forbidden by CFA. Also, the applications for editing photos, media files, and documents often try to make special directories in protected folders. So, in the real world CFA should be deactivated when installing new applications.
ASR rules are probably related to Microsoft Office 2016, 2013, 2010 and Office 365. So, they are useless for anything else. But, they could be very useful for Microsoft Office users.
Exploit Guard is a very interesting feature, but not for the average users. Maybe, it is possible to prepare the setups for most exploited applications (I did it for 7-ZIP). But, that would require a collective work.
Cloud-delivered protection level cannot be changed in Windows Home editions.
My conclusion is that I will have much work to do.:)
Click to expand...

To see anything interesting without the exploit protections you would have to be on Windows 7 or earlier, with unpatched programs like Office 2010 and earlier, badly configured and upatched Windows and programs and do really dodgy, stupid stuff.

I am all for using native Windows protections as long as the user can figure it out. Problem is, 95% of users can barely turn on a PC, let alone figure out how to use Windows itself and tweak it.

I look at what M$ did with Exploit Guard and it makes absolutely no sense - at least not for the typical home user. Not even some multi-decade security forum members can figure out how to use Exploit Guard. There's no documentation. Typical M$ bullshit. Guess people are supposed to figure out they need to dig up ancient EMET guides or something.
 
Last edited by a moderator:
  • Like
Reactions: AtlBo, Andy Ful, Syafiq and 3 others
Lockdown said:
To see anything interesting without the exploit protections you would have to be on Windows 7 or earlier, with unpatched programs like Office 2010 and earlier, badly configured and upatched Windows and programs and do really dodgy, stupid stuff.

I am all for using native Windows protections as long as the user can figure it out. Problem is, 95% of users can barely turn on a PC, let alone figure out how to use Windows itself and tweak it.

I look at what M$ did with Exploit Guard and it makes absolutely no sense - at least not for the typical home user. Not even some multi-decade security forum members can figure out how to use Exploit Guard. There's no documentation. Typical M$ bullshit. Guess people are supposed to figure out they need to dig up ancient EMET guides or something.
Click to expand...
That is true for now. But, there is a possibility to utilize the Exploit Guard by software developers. So for example, while installing 7-ZIP, the installator can automatically apply mitigations for 7-ZIP executables. It can also be done by using PowerShell (Set-ProcessMitigation cmdlet).
Enable or disable specific mitigations used by Exploit protection
One can create an application with predefined mitigations for mostly exploited software, etc.
So in my opinion, Exploit Guard feature can be useful for advanced users and software developers.
 
  • Like
Reactions: AtlBo, harlan4096 and Handsome Recluse
TerrakionSmash said:
2756ed2f-1ada-4c9e-a907-5ecc8d262587.png


Well this does exist.
Click to expand...

LOL. It doesn't explain much. It basically reviews the GUI. How the hell can you explain all the necessary details to fully explain exploit mitigations for all the programs in a 2 minute read ? Come on... like I said, typical M$ bullshit documentation. Exploit Guard was implemented into to Windows Home without consideration for the typical Home user - who is never going to figure it out without full, adequate documentation - which Microsoft NEVER provides for Windows - EVER.

That's why 95% of all Windows Home users can barely use Windows beyond the basic level. Most have difficulty with it.
 
Last edited by a moderator:
  • Like
Reactions: AtlBo
Yo Whats Up said:
...
They made exploit protection just what it needs to be - turned on by default with default settings for many commonly exploited programs...
Click to expand...
That is a very brave statement. I would replace the word 'many' with 'a few'.:)
But anyway, that is the right direction.
 
  • Like
Reactions: AtlBo, Handsome Recluse, Tiny and 1 other person
Andy Ful said:
That is a very brave statement. I would replace the word 'many' with 'a few'.:)
But anyway, that is the right direction.
Click to expand...

He doesn't even know what he is talking about because Exploit Guard is barely configured by default. Like I said, it makes no sense how Microsoft cobbled Exploit Guard together.

Typical statement by a typical member on a typical security forum. You can interject adjective expletives if you wish because such statements are extremely annoying and furthermore demonstrate the pervasive ignorance on these forums.

There's a reason that so few security soft publishers remain on the forums. That kind of post is the genera reason.
 
Last edited by a moderator:
  • Like
Reactions: AtlBo, harlan4096 and Tiny
More precisely, the below executables have special mitigations:
ExtExport.exe, ie4uinit.exe, ieinstal.exe, ielowutil.exe, ieUnatt.exe, iexplore.exe, mscorsvw.exe, msfeedssync.exe, mshta.exe, ngen.exe, ngentask.exe, PresentationHost.exe, PrintDialog.exe, runtimebroker.exe, svchost.exe, SystemSettings.exe .
There are also PrintIsolationHost.exe, splwow64.exe, spoolsv.exe included on the default Exploit Guard list, but they have only default system-wide mitigations (CFG, DEP, bottom-up ASLR, SEHOP, Heap Integrity).
 
  • Like
Reactions: AtlBo and harlan4096
That is interesting. From @Av Gurus malware test it follows, that the script Comprobante.js was blocked by ASR rule 'Impede JavaScript and VBScript to launch executables'. On the other side, when I tested ASR, it cannot stop the vbs script:
Code: 
Set WshShell = CreateObject("WScript.Shell")
WshShell.Run("c:\Windows\notepad.exe")
WScript.Quit
@Av Gurus, could you run a similar script on your setup to see if the executable will be blocked?
Edit.
Post edited.
 
Last edited:
  • Like
Reactions: AtlBo and Av Gurus
boredog said:
Maybe not for your average joe/Jane but for those of you that used EMET, you can import those settings into Windows 10 Exploit Protection. Also the Exploit Protection is aimed at enterprise as well as Appguard. Deploy Exploit protection mitigations across your organization
Click to expand...

No, Microsoft simply published documentation for Enterprise users and left Windows Home users to fend for themselves. If Microsoft meant for Exploit Guard not to be available in Windows Home, then Microsoft is pretty good at not implementing features in it and making them available only in Pro and\or Enterprise\Education. Just like it does with Group Policy.
 
  • Like
Reactions: AtlBo, harlan4096 and Deleted member 65228
I've seen people asking about Windows Defender Exploit Guard, and how to configure it correctly, who likely are not even aware what ASLR stands for. I don't see why there is a point to them wasting time by implementing features which will lack documentation and won't be appropriate for average users, for an OS version which is used by average users.
 
  • Like
Reactions: AtlBo, Weebarra and Andy Ful
You must log in or register to reply here.

You may also like...