SRP from Windows 7 (and maybe higher)

Please rate my policies... again.

I applied the policies to admins too, so non-whitelisted programs won't execute, even if elevated. I whitelisted the Windows folder (obviously), but I only whitelisted certain program folders which I need, like C:/Program Files (x86)/Google. I don't whitelist the whole Program Files and Program Files (x86) folders. Since I installed my games in a non-protected folder, I whitelisted the executables only. Thankfully those games only have three executables at most, so it's not too troublesome.

All the whitelistings above use path rules. I don't use the hash rules because I want the programs to execute in the certain folders only.

Also, I blacklisted/disallowed some executables in Windows folder, such as follows:

- cmd (system32 and sysWOW64)
- cscript (system32 and sysWOW64)
- regini (system32 and sysWOW64)
- regsvc (system32)
- regsvr32 (system32 and sysWOW64)
- splwow64 (Windows folder)
- spoolss (system32)
- spoolsv (system32)
- vbscript (system32 and sysWOW64)
- wscript (system32 and sysWOW64)

Is this okay? Thank you.

 

Well I allways disabled those you mentioned (except spool) for basic users not admins, for basic user I also disabled

ntvdm.exe (in C:\Windows\System32) when you don't use 16 bits aps

powershell.exe (in C:\Windows\System32\WindowsPowerShell\Vxx) when you don't run Powershell scripts (also add PS1 file extension to guarded list).

 

Thanks for that. I'll try to do it as well.

 

Check whether you have .VBS as extension added to the monitored files, also forgot good tips of MrBrian to block folders in Windows to which user has write access, see https://www.wilderssecurity.com/showpost.php?p=1679077&postcount=7

 

IIRC VBS is included.

Thanks for that. Man that's a lot of blacklisting.