Hello @Andy Ful ,
I have a question.
Is "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" a robust protective rule or are there non-sophisticated ways it can be easily bypassed?
Hello @Andy Ful ,
I have a question.
Is "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" a robust protective rule or are there non-sophisticated ways it can be easily bypassed?
I've found that particular option being more trouble then it's worth; in essence creating a lockdown mode where EVERYTHING new-ish needs to be whitelisted in order to run.
I've found that particular option being more trouble then it's worth; in essence creating a lockdown mode where EVERYTHING new-ish needs to be whitelisted in order to run.
Yes, It can block new installations/updates with low prevalence. The block disappears after about 2 days. One can use that ASR rule set to Warn to avoid most problems.
Of course, it will be inconvenient when one has many applications that auto-update frequently. That is why it is not included in ConfigureDefender HIGH settings.
Yes, It can block new installations/updates with low prevalence. The block disappears after about 2 days. One can use that ASR rule set to Warn to avoid most problems.
Of course, it will be inconvenient when one has many applications that auto-update frequently. That is why it is not included in ConfigureDefender HIGH settings.
Don't get me wrong; I'm not in any way, shape or form saying that you or Hard Configurator is bad. I just mean that particular ASR option doesn't fit my needs, for reasons you mentioned. My opinion, this or @danb's Configure Defender should be on every system without exception.
Yes, I know.
Anyway, I do not think that you need H_C or ConfigureDefender. For many MT members, any advanced protection is a kind of insurance, learning, or fun.