Windows 7 Home Premium and SRP

Discussion in 'other anti-malware software' started by Furion45086, Sep 18, 2013.

Thread Status:
Not open for further replies.
  1. Furion45086

    Furion45086 Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    6
    I've been messing around with using software restriction policies with Win7 home and ditching my antivirus. Everything looked to be going fine until I noticed that some files are not blocked. For example, portable opera and malwarebytes installer are blocked in the documents folder but the hitman pro exe file is not. Why would this happen?

    Also, used the text file from this thread to add to the registry.
    https://www.wilderssecurity.com/showthread.php?t=262686

    Would there be a better file somewhere to implement SRP in the home version of 7?
     
  2. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    Where did you start the hitman pro .exe? If in the documents folder then it must be blocked or you allow it as admin.
     
    Last edited: Sep 18, 2013
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You could try Parental Controls, but it can be a pain to use.
     
  4. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    Hitman install's a driver, therefore it ask for elevation (to admin rights) and is allowed to execute
     
  5. guest

    guest Guest

    Unless you applied it to all users including the admins, but you can lock yourself with that. To the OP, as long as you have UAC on Max, I don't think it's really necessary to worry about it. It will ask for elevation, unless there's a certain exploit which bypasses UAC. But that's another story.

    Although, I now see the beauty of ACL. Even if it's not as broad as SRP/AppLocker (and made me have to reformat the partitions multiple times o_O ), I prefer it over SRP somehow. So thanks for the SS on the other day. :D
     
  6. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    The OP refered to a thread of Lucy, I think the registry values Lucy provided were for all uesers except admin (quote), but you (GZ) are right can also be applied to all users.
     
  7. guest

    guest Guest

    Ah, just realized that Home Premium doesn't have GPO. Me brain is malfunctioning again. :D

    I'm probably wrong, but isn't the link for PGS dead? Otherwise, to the OP, try third party anti-exe programs if you don't mind. They usually will block it regardless of the user's rights.
     
  8. Furion45086

    Furion45086 Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    6
    Thank you for the responses. Yeah, the link for PGS is dead unfortunately. That was the first thing I tried to use. There is still the page on downloadplex but the installer is only a package for a terrible amount of crapware. PGS is not on their premium servers so it not available to download anymore.

    Hitman pro is in the documents folder and the UAC prompt will appear asking for permission to run. I have UAC set to max. I was just under the absumption that SRP would blocking every exe even with UAC disabled. The same thing occurs with the portable version of hwmonitor. Are there any changes I could make to the registry to try and tighten up what is allowed?
     
    Last edited: Sep 18, 2013
  9. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,060
    Location:
    Netherlands
    I had a version from Sully, download at http://www.fileswap.com/dl/HwZW8nzKLe/

    Best to return to version without manual registry hacks and try PGS (you can select the option to enable SRP for all users)

    regards Kees
     

    Attached Files:

    Last edited: Sep 19, 2013
  10. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Yes, concerning Hitman pro, it runs as admin, thus it is not blocked.

    I guess you have a 64bit machine. If so, did you add the x86 program folder in the default list of permitted folders? If yes, could you extract the srp registry settings and copy it here as a text file?
    If no, be aware that the x86 programs (installed in x86 program folder) may be blocked by default.
     
  11. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Hello Lucy.

    Long time no see. Good to see you post again.

    Later...

    Bob
     
  12. guest

    guest Guest

    Thanks for the link. :thumb:
     
  13. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Hi Bob,

    Like you, I rarely check windows forum as I went fully onto Linux (Ubuntu for family - wif, mum...) and scientific linux for myself.

    see you.
     
  14. Furion45086

    Furion45086 Registered Member

    Joined:
    Aug 13, 2012
    Posts:
    6
    Thank you for the link to PGS. Using that program definitely seems better than using manual registry hacks. I am trying all this out and when it is at a point I like I was going to start over with a fresh install of windows. I made a standard user account to see how things would work with that and noticed everything was being blocked. When I moved back to my admin account everything was being blocked just like in the SUA. Not sure why logging out and back in changed anything, but I'm glad it's working now.

    Thanks for all the replies and the help with trying to lock my computer down. It's great to see the kind of expertise you can get from this forum.
     
  15. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    It changes a lot, but not in the way you interact with your computer.

    UAC makes you act as if you were a standard user. But UAC is not a security boundary as microsoft stated, and there have been reports of in the wild malwares circumventing it.

    SUA on the other hand is a security boundary. You are a standard user, and everything from you is run in this context. If you need to perform an administrative task, you are offered the possibility to escalade to the admin user through UAC.

    What SRP adds is the execution restriction of what is not in your default program folders (windows and program), allowing to get rid of malwares running in the context of a standard user and which could perform actions such as listening, recording, erasing files, crypting files (all actions not requiring admin privileges)...

    So the best practice is to:
    - keep an admin account with password,
    - create a SUA
    - Use SUA only and use UAC for admin tasks or whenever necessary
    - set up SRP
    NB: you may use MS security essentials, but you don't have to.
    That's it. You are protected!
    You will find all in-depth explanations here:
    - http://www.mechbgon.com/build/security1.html during windows setup
    - http://www.mechbgon.com/build/security2.html on how to secure windows.

    rgds,
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.