Hi guest, I set Windows Defender exploit protection to protect SVCHOST.exe, which launches other DLL's. So the parent process is protected and...
You do use OneDrive then ?
What is "block suspicious SVCHOST process behaviors" ? I am mainly interested in protecting svchost, because Windows Defender's exploit protection...
Hi, I don't use OneDrive, but I think one shouldn't set to UnRestricted anything inside AppData. Even if you specify a specfic exe. Because that...
I rely on http://hardenwindows10forsecurity.com . The site updated just recently
Well, with ini file given above. I can terminate c:\windows\notepad.exe and I did start that particular notepad in ]windows from explorer. This...
Is the developer of Memprotect here in this forum ?
[LETHAL] [LOGGING] [#INSTALLMODE] [#DEFAULTALLOW] [#MODULEFILTER] [WHITELIST] *>* [BLACKLIST] *TaskMgr.exe>C:\Windows\notepad.exe...
Hi, The default ini file's Taskmgr line doesn't work in Win 10 v1809. Can't stop Task Manager from killing notepad. And yes I was running notepad...
Hi, I am experiencing a problem with the latest version that says Internet Connection Not Detected. Windows is online. And VoodooShield and...
Hi Minimalist, I am thinking of blocking reg.exe, regedit.exe and regini.exe for the System account. Because one can reset SRP by changing the...
Hi Umra, I have 2 layers for blocking execution of programs. VoodooShield and Simple Software Restriction Policy SSRP.
Thanks for the links ITman. Beginning to read them.
Hi, Just want to throw out a question for open discussion. What can be done about privilege escalation? I have plated around with PowerUp, a...
Thanks mood, didn't know that.
I added the Users group back to ARP.exe and ran cmd-low.exe as a normal user and tried to run arp: got access is denied. Process Explorer shows...
Hi, I just did a small experiment. Made a low-integrity cmd.exe, then used to it access a NoReadUp NoExeUp NoWriteUp arp.exe. The arp also has...
I think I found what I am looking for. Using WireShark, I could filter packet capture to display only traffic to and from 1 host.. Since I mostly...
Hi, I have read an article at Dark Reading on detecting Indicators of Compromise. The top IoC listed is unusual outbound transmissions. I think...
One thing you need to do to stop WannaCry is disable SMBv1 in Control Panel > Program and Features.> Turn Windows Features on or off. Because it...
Hi, I have read that deep packet inspection means to be able to interpret layer 7. So pfsense has snort, which are rules that examine layer 7 and...
Thanks stapp. What you linked to is the same error as mine. Good to know that it is normal and not an attack. Thanks everyone for their help.
Hi mood, Can you do a Windows update now and see if my error occurs? I re-imaged the HD and just did a Windows Update, and the error is...
Hi mood, Yours is different from mine. My Event ID 1000 was for svchost_AppReadiness. Maybe they are the same, as yours probably happened when it...
Hi, Can someone check their Windows 10 Home Creators Update Event Viewer ? I have an application error Event ID 1000 in the Application Log....
Separate names with a comma.
