Windows' Security Tweaks

Discussion in 'Microsoft' started by Umbra, Jun 9, 2016.

?

Will you use these Windows Security Tweaks?

  1. Yes

    45.7%
  2. No

    34.8%
  3. I already did!

    19.6%
  1. Omnipotent

    Omnipotent Guest

    It's the other way around @Umbra, You made a mistake. (ConsentPromptBehaviorAdmin) adds UAC password prompt and (ValidateAdminCodeSignatures) blocks unsigned processes/programs. Just tested it. ;)
     
    bribon77, Andy Ful, Av Gurus and 3 others like this.
  2. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    yes lol , thanks for noticing the mistake :p
     
    Omnipotent likes this.
  3. frogboy

    frogboy Level 61
    Trusted

    Jun 9, 2013
    6,228
    64,826
    Heavy Duty Mechanic.
    Western Australia
    Windows 10
    Emsisoft
    Thanks @Umbra i shall try these tweaks and see what happens. ;) Sorry i did not see them before. :)
     
    bribon77 and Logethica like this.
  4. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    Is this your web page or someone else?
    If it is yours, are you updating the tweaks?
     
    Sunshine-boy likes this.
  5. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    not mine
     
    Av Gurus likes this.
  6. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    Do you have some similar web pages with tweaks in your bookmarks to share with us?
    :rolleyes:
     
  7. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,169
    29,698
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Updated the "system tweaks" section by adding @ParaXY 's tweaks
     
    cryogent and boldrake like this.
  8. cryogent

    cryogent Level 3

    Oct 1, 2016
    113
    403
    DTP&GD
    Romania
    Windows 10
    Emsisoft
    Thanks @Umbra for this great topic.
    Barely wait to get home to make some changes.;).
     
    bribon77, Umbra and Sunshine-boy like this.
  9. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,184
    5,230
    IRAN
    Windows 10
    ESET
    Someone pls share new and effective tweak thanks.
     
    L S and bribon77 like this.
  10. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    Is it possible to make some kinda whitelist or something similar with this reg tweak?
    I have some portable app who are unsigned and can't run with this tweak (accept change that tweak everytime).
     
    silversurfer and Andy Ful like this.
  11. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,118
    4,824
    business
    Poland
    Windows 10
    Microsoft
    #31 Andy Ful, Sep 28, 2017
    Last edited: Sep 28, 2017
    No whitelisting possibility. You can run unsigned application using several ways:
    • via scheduled task trick (works only on admin account and run the program elevated);
    • using the bat files to deactivate/activate this feature via the Registry;
    • writing a simple loader script in powerhell or Windows Script Host.
    • running first, the signed file manager as administrator (Total Commander), and using it to run portable applications (they will be run elevated without UAC prompt).
    Nither of the above is especially convenient.
     
    Umbra, askalan, Av Gurus and 3 others like this.
  12. bribon77

    bribon77 Level 11

    Jul 6, 2017
    509
    3,480
    spain
    Windows 7
    Emsisoft
    Very good, Some adjustments already I make them. for a long time but this guide is very good, Thank you.
     
    Sunshine-boy likes this.
  13. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,184
    5,230
    IRAN
    Windows 10
    ESET
    Andy I know you have a lot of secret tweaks pls share it with us:notworthy:
     
    bribon77 likes this.
  14. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,118
    4,824
    business
    Poland
    Windows 10
    Microsoft
    #34 Andy Ful, Sep 28, 2017
    Last edited: Sep 28, 2017
    They are easily accessible, for example :
    Download Group Policy Settings Reference for Windows and Windows Server from Official Microsoft Download Center
    https://msdnshared.blob.core.windows.net/media/2017/08/Windows-10-RS2-Security-Baseline-FINAL.zip
    But, not many policies are usable for home computers. The most usable are (will be) included in Hard_Configurator.

    Edit 1
    Edited the link. Open the zip file and look into Documentation folder. Before applying any policy, gogle some info about it.

    Edit 2
    Manual reg tweaks are recommended only for experienced users, you can easily break your system. Personally, I use Shadow Defender, when testing reg tweaks.
     
    pablozi, Av Gurus and Sunshine-boy like this.
  15. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,184
    5,230
    IRAN
    Windows 10
    ESET
    Thanks! I was searching for a link like this one.
     
    Andy Ful likes this.
  16. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,118
    4,824
    business
    Poland
    Windows 10
    Microsoft
    You have been warned! :)
     
    Sunshine-boy likes this.
  17. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,184
    5,230
    IRAN
    Windows 10
    ESET
    I see thank you:D
     
    Andy Ful likes this.
  18. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,118
    4,824
    business
    Poland
    Windows 10
    Microsoft
    Added the second useful link, to my previous post.:)
     
    Sunshine-boy likes this.
  19. Av Gurus

    Av Gurus Level 28
    Trusted AV Tester

    Sep 22, 2014
    1,724
    10,668
    Testing security programs
    Earth
    Windows 10
    #39 Av Gurus, Sep 28, 2017
    Last edited: Sep 28, 2017
    Can you make that .bat file for me, please?

    EDIT:

    Can I make a quick reg files for change, like this?
    Enable.reg:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "ValidateAdminCodeSignatures"=dword:00000001

    Disable.reg:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "ValidateAdminCodeSignatures"=dword:00000000
     
    Andy Ful likes this.
  20. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,118
    4,824
    business
    Poland
    Windows 10
    Microsoft
    Yes, they are correct.:)
     
    Av Gurus likes this.
Loading...