Using basic user for certain processes under Windows7

Discussion in 'other anti-malware software' started by Kees1958, Jan 9, 2011.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    Yes, there is applocker on Windows7, but I like to run as Admin :)

    On our Vista PC's we run Safe-admin and make sure some threatgate programs (IE, Mail, etc) run as Basic User. This has the advantage that Vista does not request for elevation.

    In my Windows 7 ultimate I can't run a process as basic user (when running admin), like in Vista. The OS treats basic user as deny execute.

    Anyone who knows how to make this work?

    Thanks


    See for example the SRP setup on my wife's Vista Laptop (running Windows FW + UAC disable installer recognition + UAC only allow signed aps to elevated + UAC on quiet + 1806 trick + SRP as outlined below).
     

    Attached Files:

    Last edited: Jan 9, 2011
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Muhh, see picture, I would have to remove the exe from the SRP list?

    Thing I found out with Vista is that when you set a exe or path as basic user, UAC will not intercept and ask whether you want to elevate it. In Vista it contains it as basic user (the rights which the program was started).

    Regards Kees
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Its all still a bit sketchy for me as I haven't messed with it much. I am unsure and will have to test it at some point. My thoughts would be something like this..

    SRP in admin mode would be to create a black list, so while you apply SRP to all users, you only apply it to very specific objects because the default is to allow unrestricted. The admin then must pick and choose which object will get denied or restricted.

    The file extension list is a bit ambiguous to me. On one hand, it has an effect, on another it does not. My tests showed that if you remove the .exe entry, then any path rule for .exe @ basic user would be treated as basic user.

    If the .exe is in the extension list, then any path rule for the .exe would be to deny execution.

    I wanted to test and see more of what happens in different circumstances if you were to remove .exe from the list. Is it needed for SRP to work? or can it not exist and things still work. Is the file extension list a critical component in the admin account especially considering how SRP is used?

    If you want to do some testing in that realm, what little time I have this next week could be diverted to testing that, as I am curious as well.

    Sul.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Nah, spend your time on Safe-Admin if may say so :D
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I have played with AppGuard (provides simular protection) and Spyshelter (using it's restricted applications mode and tuning down its HIPS a little so it it does memory modification protection as good or better than AppGuard).

    On Vista I would use the freebie PGS of Sully, on WIndows 7 32 bits I would choose SpyShelter and on 64 bits I would choose AppGuard (now in beta).

    When you use Chrome as a Browser, it much critised installation in the user area is for Windows7 an advantage (you can tweak UAC to never elevate from unsafe places, which the user directories are).

    For people not willing to spend money running all internet applications with LOW rights will provide this containment.
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    makes sese guys;)
     
Loading...
Thread Status:
Not open for further replies.