Windows 10 UAC File Protection Loopholes

Status
Not open for further replies.
D

Deleted member 178

Could you explain how AG default policy stops these writable and executable places in the Windows folder from being abused?
Because AG block exe/dll/drivers launched from User-Space and some known vulnerable areas in System Space.
Read the help file.
 
  • Like
Reactions: harlan4096

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Because AG block exe/dll/drivers launched from User-Space and some known vulnerable areas in System Space.
Read the help file.
Well, the help file speaks in pretty general terms on this subject, it is hard to get specific info from it, on this point.
But if you can point me to specific info, please do.
Umbra, just to make my intent clear, I am not putting down Appguard or SRP or anything else. I am trying to understand "how things work". Sometimes that entails comparing product A to product B, which is always a touchy subject, and is sometimes inexact, but the intent is not to criticize either product. :)
 
D

Deleted member 178

Well, the help file speaks in pretty general terms on this subject, it is hard to get specific info from it, on this point.
But if you can point me to specific info, please do.
i remember a small table somewhere in the help file.

Umbra, just to make my intent clear, I am not putting down Appguard or SRP or anything else. I am trying to understand "how things work". Sometimes that entails comparing product A to product B, which is always a touchy subject, and is sometimes inexact, but the intent is not to criticize either product. :)
I know, don't worry.
 
  • Like
Reactions: Azure and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Still confused why we make such a big deal out of guarding appdata directory, if there are Windows folders that have R W X permissions.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Still confused why we make such a big deal out of guarding appdata directory, if there are Windows folders that have R W X permissions.
So I think the answer is as follows: in order to execute anything from those Windows folders, without elevated privileges, you need to run a command line. So as long as you have your command line interpreters under control, you are okay.
 
  • Like
Reactions: Sunshine-boy
5

509322

So I think the answer is as follows: in order to execute anything from those Windows folders, without elevated privileges, you need to run a command line. So as long as you have your command line interpreters under control, you are okay.

Plus you can create read-only\no-write\no-execution rules with SRP on top of what Windows provides. On top of disabling the unneeded garbage that is shipped with Windows.
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Plus you can create read-only\no-write\no-execution rules with SRP on top of what Windows provides. On top of disabling the unneeded garbage that is shipped with Windows.
On the subject of dangerous weapons that ship with Windows, how does the default, out-of-the-box Appguard policy handle wscript?
If I understand right, once you have wscript under control, you also have pretty good control over cscript, because it seems to call wscript in order to do the heavy lifting. Please correct if this is wrong.
 
5

509322

On the subject of dangerous weapons that ship with Windows, how does the default, out-of-the-box Appguard policy handle wscript?
If I understand right, once you have wscript under control, you also have pretty good control over cscript, because it seems to call wscript in order to do the heavy lifting. Please correct if this is wrong.

The default policy doesn't do anything with it. It should be disabled along with cscript.
 
  • Like
Reactions: shmu26
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top