Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Windows 11 22H2 no longer supports Software Restriction Policies (SRP)
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1026511"><p>I would agree, but Microsoft says otherwise. It blocks LOLBins on its own OS and advocates that users do the same - IF - they do not need the process. There is a lot of paranoia about "What-If" this or that gets blocked during usage and, in reality, those cases are rare or easily solved.</p><p></p><p>Examining SRP block logs from thousands upon thousands of endpoints, shows that a block that breaks something is rare. Even then, it is not permanently broken. It just takes a fix. But I get that most unmanaged home users have no inclination or aptitude for this.</p><p></p><p>I know there has been lots of mis-information that global blocking creates an overwhelmingly negative user experience. That just ain't true. That claim is just what it is - deliberate mis-information FUD spread by those with an agenda.</p><p></p><p>LOLBin blocking is a higher-level protection model. It takes a bit of knowledge, but its not as if people could not learn it - IF - they wanted to. The whole premise of LOLBin blocking is to throw-up a major speed-bump-wall against more sophisticated threat actors. Most home users don't even know what that is, let alone care. The protection model is not absolutely effective under any possible circumstances. However, to a large extent it handily deters all those talented malc0ders looking to exploit the chink in the armor.</p><p></p><p>There is no right or wrong protection model. Users should be provided ALL of the information so that they can determine for themselves what works best for them personally.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1026511"] I would agree, but Microsoft says otherwise. It blocks LOLBins on its own OS and advocates that users do the same - IF - they do not need the process. There is a lot of paranoia about "What-If" this or that gets blocked during usage and, in reality, those cases are rare or easily solved. Examining SRP block logs from thousands upon thousands of endpoints, shows that a block that breaks something is rare. Even then, it is not permanently broken. It just takes a fix. But I get that most unmanaged home users have no inclination or aptitude for this. I know there has been lots of mis-information that global blocking creates an overwhelmingly negative user experience. That just ain't true. That claim is just what it is - deliberate mis-information FUD spread by those with an agenda. LOLBin blocking is a higher-level protection model. It takes a bit of knowledge, but its not as if people could not learn it - IF - they wanted to. The whole premise of LOLBin blocking is to throw-up a major speed-bump-wall against more sophisticated threat actors. Most home users don't even know what that is, let alone care. The protection model is not absolutely effective under any possible circumstances. However, to a large extent it handily deters all those talented malc0ders looking to exploit the chink in the armor. There is no right or wrong protection model. Users should be provided ALL of the information so that they can determine for themselves what works best for them personally. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
