Windows' Security Tweaks

Will you use these Windows Security Tweaks?


  • Total voters
    53
Joined
Dec 23, 2014
Messages
1,577
OS
Windows 10
Antivirus
Microsoft
#41
Can you make that .bat file for me, please?
...
Here are the BAT files if required, as attachments to this post. Change the txt extension to bat .
Edit
They have to be executed by "Run As Administrator" from Explorer right click context menu.
 

Attachments

Last edited:
Likes: Av Gurus

Windows_Security

Level 16
Content Creator
Trusted
Joined
Mar 13, 2016
Messages
793
OS
Windows 7
#45
Question for those using Windows Defender exploit protection: It seems that after every (major) windows update the default values for already listed programs are reset. I had added protections for Winword,exe for example, but thet are reverted back to ALSR only after (major) updates. Have you observed simular behavior?

I am now trying addig the extra protection using full path, see whether that with stands update reset.

Attached my Exploit Protection settings (it is an XML file, renamed to txt)

(note APC.exe is Albelli Photobook Creator (I posted settings of my wife's laptop running Windows 10)
 

Attachments

Last edited:
Likes: shmu26

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,086
#47
Is this applicable to Windows 10 Pro version 1803?
Yes. You can check it with Process Explorer. Protected processes are colored magenta. Check the colors in the Process Explorer options.

Before enabling the key, lsass.exe does not run as a protected process; after creating the key and rebooting the system, lsass.exe runs as a protected process.
 
Joined
Apr 19, 2018
Messages
86
#48
Hmm, so I did a search with "RunAsPPL" in regedit and I found that HKLM\SYSTEM\ControlSet001\Control\Lsa also has a dword called RunAsPPL with a default value of 1, yet I had to enable the one in CurrentControlSet in order for lsass.exe to show up as protected. As far as I've read ControlSet001 is supposed to be a backup of CurrentControlSet, interesting

I also wonder how many keys located in HKLM\SYSTEM\CurrentControlSet\Control could I randomly add RunAsPPL to them and suddenly something starts running as protected process? You never know what microsoft might have left hidden with their 0 documentation, I'll try to test it when I have more time
 
Likes: shmu26

Similar Threads

Similar Threads