Windows 10 UAC File Protection Loopholes

[Deleted member 178]

Could you explain how AG default policy stops these writable and executable places in the Windows folder from being abused?

Because AG block exe/dll/drivers launched from User-Space and some known vulnerable areas in System Space.
Read the help file.

 

[shmu26]

Because AG block exe/dll/drivers launched from User-Space and some known vulnerable areas in System Space.
Read the help file.

Well, the help file speaks in pretty general terms on this subject, it is hard to get specific info from it, on this point.
But if you can point me to specific info, please do.
Umbra, just to make my intent clear, I am not putting down Appguard or SRP or anything else. I am trying to understand "how things work". Sometimes that entails comparing product A to product B, which is always a touchy subject, and is sometimes inexact, but the intent is not to criticize either product.

 

[Deleted member 178]

Well, the help file speaks in pretty general terms on this subject, it is hard to get specific info from it, on this point.
But if you can point me to specific info, please do.

i remember a small table somewhere in the help file.

Umbra, just to make my intent clear, I am not putting down Appguard or SRP or anything else. I am trying to understand "how things work". Sometimes that entails comparing product A to product B, which is always a touchy subject, and is sometimes inexact, but the intent is not to criticize either product.

I know, don't worry.

 

[shmu26]

Still confused why we make such a big deal out of guarding appdata directory, if there are Windows folders that have R W X permissions.

 

[shmu26]

Still confused why we make such a big deal out of guarding appdata directory, if there are Windows folders that have R W X permissions.

So I think the answer is as follows: in order to execute anything from those Windows folders, without elevated privileges, you need to run a command line. So as long as you have your command line interpreters under control, you are okay.

 

[509322]

So I think the answer is as follows: in order to execute anything from those Windows folders, without elevated privileges, you need to run a command line. So as long as you have your command line interpreters under control, you are okay.

Plus you can create read-only\no-write\no-execution rules with SRP on top of what Windows provides. On top of disabling the unneeded garbage that is shipped with Windows.

 

[shmu26]

Plus you can create read-only\no-write\no-execution rules with SRP on top of what Windows provides. On top of disabling the unneeded garbage that is shipped with Windows.

On the subject of dangerous weapons that ship with Windows, how does the default, out-of-the-box Appguard policy handle wscript?
If I understand right, once you have wscript under control, you also have pretty good control over cscript, because it seems to call wscript in order to do the heavy lifting. Please correct if this is wrong.

 

[509322]

On the subject of dangerous weapons that ship with Windows, how does the default, out-of-the-box Appguard policy handle wscript?
If I understand right, once you have wscript under control, you also have pretty good control over cscript, because it seems to call wscript in order to do the heavy lifting. Please correct if this is wrong.

The default policy doesn't do anything with it. It should be disabled along with cscript.

 

[shmu26]

The default policy doesn't do anything with it.

Why?

 

[509322]

Why?

Because you are supposed to submit complaints about it not doing anything with either one.

Anyway, I have been advising for years to disable them.

 

[shmu26]

Because you are supposed to submit complaints about it

Done.