Will you use these Windows Security Tweaks?


  • Total voters
    54

Andy Ful

Level 34
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,390
Operating System
Windows 10
Antivirus
Windows Defender
#41
Can you make that .bat file for me, please?
...
Here are the BAT files if required, as attachments to this post. Change the txt extension to bat .
Edit
They have to be executed by "Run As Administrator" from Explorer right click context menu.
 

Attachments

Last edited:
Likes: Av Gurus

Av Gurus

Level 29
MWT-Tester
Verified
Joined
Sep 22, 2014
Messages
1,807
Operating System
Windows 10
#42
Here are the BAT files if required, as attachments to this post. Change the txt extension to bat .
Edit
They have to be executed by "Run As Administrator" from Explorer right click context menu.
Tnx, but I'm gonna stick with this reg files ;)

Clipboard01.jpg
 

Windows_Security

Level 21
Content Creator
Verified
Joined
Mar 13, 2016
Messages
1,010
Operating System
Windows 7
#45
Question for those using Windows Defender exploit protection: It seems that after every (major) windows update the default values for already listed programs are reset. I had added protections for Winword,exe for example, but thet are reverted back to ALSR only after (major) updates. Have you observed simular behavior?

I am now trying addig the extra protection using full path, see whether that with stands update reset.

Attached my Exploit Protection settings (it is an XML file, renamed to txt)

(note APC.exe is Albelli Photobook Creator (I posted settings of my wife's laptop running Windows 10)
 

Attachments

Last edited:
Likes: shmu26

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,342
#47
Is this applicable to Windows 10 Pro version 1803?
Yes. You can check it with Process Explorer. Protected processes are colored magenta. Check the colors in the Process Explorer options.

Before enabling the key, lsass.exe does not run as a protected process; after creating the key and rebooting the system, lsass.exe runs as a protected process.
 
Joined
Apr 19, 2018
Messages
86
#48
Hmm, so I did a search with "RunAsPPL" in regedit and I found that HKLM\SYSTEM\ControlSet001\Control\Lsa also has a dword called RunAsPPL with a default value of 1, yet I had to enable the one in CurrentControlSet in order for lsass.exe to show up as protected. As far as I've read ControlSet001 is supposed to be a backup of CurrentControlSet, interesting

I also wonder how many keys located in HKLM\SYSTEM\CurrentControlSet\Control could I randomly add RunAsPPL to them and suddenly something starts running as protected process? You never know what microsoft might have left hidden with their 0 documentation, I'll try to test it when I have more time
 
Likes: shmu26

DeepWeb

Level 21
Verified
Joined
Jul 1, 2017
Messages
1,061
Operating System
Windows 10
Antivirus
Kaspersky
#49
Has anyone tried this yet? Apparently you can run Windows Defender Antivirus in a sandbox now:

Windows Defender Antivirus can now run in a sandbox - Microsoft Secure
Users can also force the sandboxing implementation to be enabled by setting a machine-wide environment variable (setx /M MP_FORCE_USE_SANDBOX 1) and restarting the machine. This is currently supported on Windows 10, version 1703 or later.
No real instructions on how to do this so I assume: This PC (right-click) -> Properties -> Advanced System Settings (left panel) -> Environmental Variables -> System variables -> "New..." -> Cut & paste "MP_FORCE_USE_SANDBOX 1"???? But where? As a variable or as a value (see attachment) and if I choose one, what is the other? No directory to point to? Why can't they give us clear instructions to this? Geez.

I don't know if this actually works. I use a 3rd party AV so if anyone more knowledgeable would like to chime in on how to set this environmental variable please feel free to do so.
 

Attachments

Last edited:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,342
#54
Has anyone tried this yet? Apparently you can run Windows Defender Antivirus in a sandbox now:

Windows Defender Antivirus can now run in a sandbox - Microsoft Secure


No real instructions on how to do this so I assume: This PC (right-click) -> Properties -> Advanced System Settings (left panel) -> Environmental Variables -> System variables -> "New..." -> Cut & paste "MP_FORCE_USE_SANDBOX 1"???? But where? As a variable or as a value (see attachment) and if I choose one, what is the other? No directory to point to? Why can't they give us clear instructions to this? Geez.

I don't know if this actually works. I use a 3rd party AV so if anyone more knowledgeable would like to chime in on how to set this environmental variable please feel free to do so.
It is not for you. It is "experiemental" or "work-in-progress, not-released."

Another justification that some people will come up with to explain why there is no documentation and\or something is hidden in Windows.

Reality is something entirely different. If it is shipped with the OS, then it is released.
 

DeepWeb

Level 21
Verified
Joined
Jul 1, 2017
Messages
1,061
Operating System
Windows 10
Antivirus
Kaspersky
#55
It is not for you. It is "experiemental" or "work-in-progress, not-released."

Another justification that some people will come up with to explain why there is no documentation and\or something is hidden in Windows.

Reality is something entirely different. If it is shipped with the OS, then it is released.
There are documentations that Microsoft has posted before meant for administrators and they are easier to understand than this LOL. Emphasis on the term "users can". I honestly do not care since this has been the theme of Windows Defender since the beginning. You need a rocket science degree in order to configure it.
 

DeepWeb

Level 21
Verified
Joined
Jul 1, 2017
Messages
1,061
Operating System
Windows 10
Antivirus
Kaspersky
#56
Likes: Andy Ful

Andy Ful

Level 34
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,390
Operating System
Windows 10
Antivirus
Windows Defender
#57
...
  • Allow Clipboard synchronization across devices
  • Allow Clipboard History
  • Do not allow Clipboard redirection
  • Prevent Automatic Updates
  • Turn off Windows Location Provider
All the above settings, except Clipboard redirection, can be also set without using policies.
Clipboard redirection can be important only when the user uses Remote Desktop.
 

DeepWeb

Level 21
Verified
Joined
Jul 1, 2017
Messages
1,061
Operating System
Windows 10
Antivirus
Kaspersky
#58
All the above settings, except Clipboard redirection, can be also set without using policies.
Clipboard redirection can be important only when the user uses Remote Desktop.
Yes but for me, Group policy allows me to keep my settings during each feature update. I realized that Microsoft wipes the registry but Group policy persists so I have changed from registry tweaks to finding the equivalent in Group policy. Set it and forget it. :)