Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Windows 11 22H2 no longer supports Software Restriction Policies (SRP)
Message
<blockquote data-quote="Andy Ful" data-source="post: 1026490" data-attributes="member: 32260"><p>The discussion about blocking LOLBins is interesting, but not really necessary for home users in the thread about (classic) SRP. Blocking LOLBins is not necessary when using a properly configured SRP at home on Windows 10+, with some hardening of Microsoft Office. The same is probably true when using SAC, because it has got some SRP-like features (for files with MOTW) that are not included in AppLocker and WDAC. People who turned ON the SAC, can block some LOLBins to protect the system against infections from flash drives (no MOTW).</p><p>Some LOLBins should be blocked when using AppLocker or WDAC to avoid known bypasses.</p><p></p><p>In the business environment, blocking some LOLBins (and unnecessary Windows features) is advantageous with any protection, because of the danger of lateral movement.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1026490, member: 32260"] The discussion about blocking LOLBins is interesting, but not really necessary for home users in the thread about (classic) SRP. Blocking LOLBins is not necessary when using a properly configured SRP at home on Windows 10+, with some hardening of Microsoft Office. The same is probably true when using SAC, because it has got some SRP-like features (for files with MOTW) that are not included in AppLocker and WDAC. People who turned ON the SAC, can block some LOLBins to protect the system against infections from flash drives (no MOTW). Some LOLBins should be blocked when using AppLocker or WDAC to avoid known bypasses. In the business environment, blocking some LOLBins (and unnecessary Windows features) is advantageous with any protection, because of the danger of lateral movement. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
