Using icacls on certain executables

Wasn't aware of a workaround.

Still, seems like a pain in the ass to have to give individual files that integrity. Though I suppose you could create a high integrity folder and simply copy them there.

 

It's one way of looking at it. Another one, simpler, would be to bring the IL back to its default, by using a batch file, for example. Then install whatever you need, and bring the IL back to High.

 

Whatever works for you.

 

I don't even think you'd need to lower the High IL to a medium IL. You actually add the process to be started on system boot to the Startup folder, and you'd be given the option to enter administrator credentials to write to the folder.

It's another option.

By the way, I wonder if Windows 8 ILs will go a step beyond in what concerns the ILs. I'd like an option to prevent higher ILs from reading from lower ILs. A flag NRD (NoReadDown). I think NRE (NoReadEqual) would also be welcome. Or, in other words, the option to prevent equal ILs from reading whatever object I apply such flag to.

Will it happen, though? lol

 

Run Autoruns with the option Include Empty Locations, see pic

Then run regedit manually and add them

 

What you previously mentioned was a bit cryptic, I must confess.

 

Dutch English = Dunglish

 

By the way, regarding the autorun entries.

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

and

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"

I'd only set it to High IL with no inheritance. That is, apply the option -noinherit with chml. Otherwise, every object will inherit a high IL as well, and anything running in the startup would run with a high IL (I don't have anything in the Startup, but logic makes me say it.).

 

How is this set for uTorrent?
I recently formatted my computer and tried a new security setup.

Now my problem is, I cannot seed on uTorrent. Downloading is fine. Seeding status seems to be good, but It just doesn't upload any data. I am sure that there's traffic on the torrents cos I have 300 torrents loaded. It's impossible for a day to go by without a single leecher.

Folder Security Permissions:

D:\

D:\Downloads (Download directory of uTorrent)

 

Well I don't use torrents, so I would suggest, try switching of 1806, try again, allowing users to execute on download, try again to see what causes this block.

PS have you allowed torrents on the firewall?

 

By the way, to change the current user registry entries integrity level to high, in the context of a standard user account, one would need to use SuRun to elevate regil, otherwise using UAC will affect the administrator account current user keys, and not the standard user account entries.