Windows 10 UAC File Protection Loopholes

Status
Not open for further replies.
D

Deleted member 178

shmu26 said:
Could you explain how AG default policy stops these writable and executable places in the Windows folder from being abused?
Click to expand...
Because AG block exe/dll/drivers launched from User-Space and some known vulnerable areas in System Space.
Read the help file.
 
  • Like
Reactions: harlan4096
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Umbra said:
Because AG block exe/dll/drivers launched from User-Space and some known vulnerable areas in System Space.
Read the help file.
Click to expand...
Well, the help file speaks in pretty general terms on this subject, it is hard to get specific info from it, on this point.
But if you can point me to specific info, please do.
Umbra, just to make my intent clear, I am not putting down Appguard or SRP or anything else. I am trying to understand "how things work". Sometimes that entails comparing product A to product B, which is always a touchy subject, and is sometimes inexact, but the intent is not to criticize either product. :)
 
  • Like
Reactions: Azure and Deleted member 178
D

Deleted member 178

shmu26 said:
Well, the help file speaks in pretty general terms on this subject, it is hard to get specific info from it, on this point.
But if you can point me to specific info, please do.
Click to expand...
i remember a small table somewhere in the help file.

Umbra, just to make my intent clear, I am not putting down Appguard or SRP or anything else. I am trying to understand "how things work". Sometimes that entails comparing product A to product B, which is always a touchy subject, and is sometimes inexact, but the intent is not to criticize either product. :)
Click to expand...
I know, don't worry.
 
  • Like
Reactions: Azure and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Still confused why we make such a big deal out of guarding appdata directory, if there are Windows folders that have R W X permissions.
 
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
shmu26 said:
Still confused why we make such a big deal out of guarding appdata directory, if there are Windows folders that have R W X permissions.
Click to expand...
So I think the answer is as follows: in order to execute anything from those Windows folders, without elevated privileges, you need to run a command line. So as long as you have your command line interpreters under control, you are okay.
 
  • Like
Reactions: Sunshine-boy
5

509322

shmu26 said:
So I think the answer is as follows: in order to execute anything from those Windows folders, without elevated privileges, you need to run a command line. So as long as you have your command line interpreters under control, you are okay.
Click to expand...

Plus you can create read-only\no-write\no-execution rules with SRP on top of what Windows provides. On top of disabling the unneeded garbage that is shipped with Windows.
 
  • Like
Reactions: shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Lockdown said:
Plus you can create read-only\no-write\no-execution rules with SRP on top of what Windows provides. On top of disabling the unneeded garbage that is shipped with Windows.
Click to expand...
On the subject of dangerous weapons that ship with Windows, how does the default, out-of-the-box Appguard policy handle wscript?
If I understand right, once you have wscript under control, you also have pretty good control over cscript, because it seems to call wscript in order to do the heavy lifting. Please correct if this is wrong.
 
5

509322

shmu26 said:
On the subject of dangerous weapons that ship with Windows, how does the default, out-of-the-box Appguard policy handle wscript?
If I understand right, once you have wscript under control, you also have pretty good control over cscript, because it seems to call wscript in order to do the heavy lifting. Please correct if this is wrong.
Click to expand...

The default policy doesn't do anything with it. It should be disabled along with cscript.
 
  • Like
Reactions: shmu26
Status
Not open for further replies.

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,485
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,260
Windows Malware Removal Help & Support
nasdaq
nasdaq
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
HTG: 10 Windows File Explorer Features You Should Be Using
Replies
0
Views
802
System utilities
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top