Advice Request Windows 10 64 bits Home security setup, suggestions for a simple setup.

Please provide comments and solutions that are helpful to the author of this topic.

Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
It is worth to recall how the <Validate Admin C.S.> option works. If it is set to ON, then the UAC prompt will be not displayed when the unsigned file is executed and the execution will be blocked if the elevation of privileges is required. But, if the malware can bypass UAC, then this setting will not block the execution with an elevation of privileges.
So, <Validate Admin C.S.> can be useful to stop the installation of malware that pretends to be a legal application, but will not stop the malware which uses UAC bypass.
<Validate Admin C.S.> is stronger on Standard User Account (SUA), because most of the known UAC bypasses (except a few) do not work on SUA.

I also analyzed over 20 of Windows Defender (MAX settings) tests made on Malware Hub this year by Evjl's Rain and SeriousHoax. Only one EXE sample (among all EXE samples) was missed. So, it seems that ConfigureDefender MAX Profile is extremely good for detecting/blocking EXE samples and can be used safely with the H_C profile: Windows_10_MT_Windows_Security_hardening.
 
Last edited:
  • Like
Reactions: Gangelo, oldschool and Gandalf_The_Grey
Lenny_Fox

Lenny_Fox

Level 22
Thread author
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Andy Ful said:
  1. Unsigned applications will not update when installed in Program Files and Program Files (x86). To update them, the setting <Validate Admin C.S.> has to be turn off temporarily.
  2. Your brother will not be able to bypass SmartScreen when running applications downloaded from the Internet (except if he will unblock the executable via file Properties).
  3. When using "Allow EXE and TMP" in H_C, it is good to apply also the FirewallHardening.
  4. ConfigureDefender MAX Profile is extremely good for detecting/blocking EXE samples and can be used safely with the H_C profile: Windows_10_MT_Windows_Security_hardening.
Click to expand...
1. He currently has no unsigned programs
2. Not able to bypass is good. I trust WD's verdict more than my brother's assessment
3. OK will do next time I am at my parents house
4. Also have blocked a lot of LOLBINS in H_C, so together with SRP rules and WD on Max he will be fine

Thanks for the detailed reply
 
  • Like
Reactions: oldschool, Gangelo, Gandalf_The_Grey and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Lenny_Linux said:
1. He currently has no unsigned programs
2. Not able to bypass is good. I trust WD's verdict more than my brother's assessment
3. OK will do next time I am at my parents house
4. Also have blocked a lot of LOLBINS in H_C, so together with SRP rules and WD on Max he will be fine

Thanks for the detailed reply
Click to expand...
You are welcome.:giggle:
 
  • Like
Reactions: Gangelo, Gandalf_The_Grey and harlan4096

Similar threads

simmerskool
    • Like
    • Applause
Advice Request Manjaro & vpn
Replies
38
Views
915
ChromeOS & Linux
lokamoka820
lokamoka820
LibertyExplorer
    • Like
Advice Request "First-Time DB Wealth Institute PC Build Advice and Compatibility Check"
Replies
1
Views
587
Hardware Discussions
eonline
eonline
X195
    • Like
Advice Request Help needed with DNS configuration
Replies
15
Views
972
AdGuard
Chuck57
Chuck57

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top