Windows 10 Hardening via Local Group Policy

Status
Not open for further replies.
ParaXY

ParaXY

Level 6
Thread author
Verified
Mar 14, 2017
273
Andy Ful said:
Some computers can be set to require the SAS when logging to the account or run applications with elevation (using different policy settings than the above). The "Disable or enable software secure attention sequence" policy was created for sending of Ctrl-Alt-Del (SAS) on the remote computer. You can enable/restrict/disable this by properly setting this policy. This of course makes sense if the SAS is enabled.
.
Why SAS is good for security?
When for example, you execute the program that requires elevation, then when using this setting, you first will see the SAS alert, press OK, and then press CTRL+ALT+DEL to see UAC window. The malware cannot replicate this behavior (cannot do CTRL+ALT+DEL programmatically). This is an additional security when the malware is going to fool you showing the fake UAC alert and next stealing your admin password.
Post was edited.
Click to expand...

I don't run any remote control or other software remotely on my machine. Does this mean I should or shouldn't enable this option?

DeepWeb said:
I am using the good driver policy. Everything will boot perfectly fine unless you use some extreme modded drivers from some forum.
If you want to go really secure try this:
Enable virtualization-based protection of code integrity
Click to expand...

I wanted to enable code integrity. I really wanted to also use VBS (virtual based security) but I have three serious issues with it when I wanted to use it or try it out:

  1. It requires HyperV - as a VMware Workstation user (I use it every single day) you can't run VMware and HyperV side by side and HyperV is required to use VBS/code of integrity
  2. When I did try it, it blue screened my machine when I played videos - I guess it didn't like some of my drivers
  3. It was difficult and unfriendly to use
So in the end I dumped it and bought AppGuard and couldn't be happier!
 
  • Like
Reactions: DeepWeb
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,119
ParaXY said:
I don't run any remote control or other software remotely on my machine. Does this mean I should or shouldn't enable this option?
...
Click to expand...
This setting is not for you. It allows the remote administrator (or hacker) to send SAS programmatically during the remote session on your computer. Leave the "Disable or enable software secure attention sequence" as 'Not configured" (default Windows setting). Then only some special Windows applications (Ease of Access applications like: Magnifier, Narrator, On-Screen Keyboard, and Speech Recognition) will be able to simulate SAS on the secure desktop. The remote administrators, hackers, and malware will not be able to simulate SAS.
 
  • Like
Reactions: DeepWeb
ParaXY

ParaXY

Level 6
Thread author
Verified
Mar 14, 2017
273
Ok, so I'll leave this setting to "Not configured then".

What about the following policy:

Boot-start Driver initialization Policy

Should this be enabled/configured?
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,119
ParaXY said:
Ok, so I'll leave this setting to "Not configured then".

What about the following policy:

Boot-start Driver initialization Policy

Should this be enabled/configured?
Click to expand...
This policy allows you bypassing the default setting that blocks bad and unknown drivers. This can be useful when you must use such drivers. If your system boots with all necessary drivers, then setting this policy is useless and makes a hole in your security.
 
  • Like
Reactions: harlan4096
ParaXY

ParaXY

Level 6
Thread author
Verified
Mar 14, 2017
273
  • Like
Reactions: askmark, harlan4096, Andy Ful and 1 other person
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
KB5035941: Windows 10 gets new Lock Screen widgets and Windows Spotlight desktop backgrounds
Replies
0
Views
202
Windows 10
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
New Update Windows 10 22H2 preview update (KB5034203)
Replies
1
Views
561
Windows 10
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
Avira now freezing Windows at boot with 100% CPU / RAM usage
Replies
8
Views
1,046
Avira
AlexCa
A

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top