Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
Windows 11
Windows 11 22H2 no longer supports Software Restriction Policies (SRP)
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1026622"><p>I combine the two public Microsoft recommended block lists - the first is WIndows S Mode block list and the other is the WDAC bypass-prevention blocklist:</p><p></p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/windows-hardware/drivers/install/Windows10SDriverRequirements[/URL]</p><p></p><p>[URL unfurl="true"]https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules[/URL]</p><p></p><p>I would not block PowerShell.exe if you are going to use it for routine (as in "frequent") localhost sysadmin.</p><p></p><p>I remove any processes from the combined list that do not exist on the OS image. Since SAC is now running, I would also cross-reference and remove any LOLBins that are blocked by default SAC policy - IF - you are running it full-time in "ON."</p><p></p><p>My system is not 100% Microsoft. Over about 8 months I've had not a single major issue. The Windows Defender Security Center GUI can get unstable when many items are added, but that is just a GUI bug and not any kind of real problem. It is a lot faster and easier to many Exploit Guard using PowerShell if you are going to want to disable or re-enable Exploit Guard policies on a frequent basis.</p><p></p><p>There is some trial and error to figure out what works best for you personally.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1026622"] I combine the two public Microsoft recommended block lists - the first is WIndows S Mode block list and the other is the WDAC bypass-prevention blocklist: [URL unfurl="true"]https://learn.microsoft.com/en-us/windows-hardware/drivers/install/Windows10SDriverRequirements[/URL] [URL unfurl="true"]https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules[/URL] I would not block PowerShell.exe if you are going to use it for routine (as in "frequent") localhost sysadmin. I remove any processes from the combined list that do not exist on the OS image. Since SAC is now running, I would also cross-reference and remove any LOLBins that are blocked by default SAC policy - IF - you are running it full-time in "ON." My system is not 100% Microsoft. Over about 8 months I've had not a single major issue. The Windows Defender Security Center GUI can get unstable when many items are added, but that is just a GUI bug and not any kind of real problem. It is a lot faster and easier to many Exploit Guard using PowerShell if you are going to want to disable or re-enable Exploit Guard policies on a frequent basis. There is some trial and error to figure out what works best for you personally. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
