Hi Georgi, I just tried to update Defender in Win 10 Home using Windows Defender. And I don't see any mpam inside \AppData\Local\Temp or...
Hi DoesntMatter, Does the mpam*-*.exe get downloaded when you use the Windows Update method to update Defender ? Or is it downloaded when you use...
Found the solution. One has to whitelist 'GapaEngine.DLL=1" and 'MPEngine.DLL=1' in the Custom Policies section. Windows Defender creates NEW...
Hi Norman Do you have includeDLLs=1 ?
Hi, Something changed today, my Simple Software Restriction Policy is blocking Windows Defender Updates. I have already allowed files in...
Hi bo elam I currently run all browsers inside 1 sandbox. I suppose running them in separate sandboxes is better. What is the reason for...
Hi bo elam Thanks for pointing that out. I have never created a sandbox in Sandboxie for programs other than my browsers.
Hi pling_man, If you are configuring Sandboxie with Settings > Restrictions > Start Run Access, then it is almost an Anti-Executable. Abiet it is...
Create Standard user account UAC set to Max Set Windows Firewall active profile to Public Uncheckmark all networking protocols except for IPv4 No...
Hi boredog, I block them using Software Restriction Policy on Win 10 Pro, and Simple Software Restriction Policy on Win 10 Home. (SSRP is a free...
Hi, I think I'll block script engines like others do. powershell.exe powershell_ise.exe wscript.exe cscript.exe mshta.exe ScriptRunner.exe (only...
Hi Everyone, Wonder what everybody is doing regarding fileless attacks? See coverage :...
Hi Peter2150, If a piece of malware has made itself permanently resident on the system, then why would they need to terminate VS ? Wouldn't that...
I am in favor of the lockdown. If an attacker has an attack in memory, he would want to disable VS in order to write something to the HD in order...
This may not be VS related, but how would one stop a Metasploit command prompt shell ?
Hi Dan, Wondering if Voodoo Shield will detect RATs. Did anyone test it against remote access trojans ? I think they are really deadly.
Do I need to do wireshark using a router/switch mirror/span machine? Or is it OK to run wireshark on the affected/attacked machine ?
Hi, I remember seeing a bashrc configuration a long time ago, that allows one to log all the commands issued and lets the admin see what an...
Does WFC allow one to block incoming traffic to Edge ? Or to any of the self-repairing firewall rules that MS thinks should be always active ?
Hi Dan, It appears that the fix for switching user accounts is not working all the time. Just now I tried to switch from a standard account to an...
Hi Rasheed187, What system monitors are you thinking of?
Hi, How does one detect a RAT ? SysInternal's Autoruns may reveal it if one knows one's run key contents. How else can one detect a RAT ? Netstat...
Just re-imaged machine from an offline image. Can confirm that Opera does use dllhost on first start up. After running Opera directly, then...
Hi, On a different machine, I created a new Windows account and I tried opening Opera directly first and then closing it. Then start Sandboxie...
Hi, I am using Opera browser with Sandboxie. And I have Restriction > Start Run access set only to allow the Opera exe. I am getting a prompt...
Separate names with a comma.
