![]() Processes nearly always running in medium IL (= my c) or installed (my d and e) these are the often attacked because malware writers know they are on a PC. System processes to important not to run in a pristine state (only running Microsoft signed or co-signed stuff) = (my a and b)Ģ. When I recall correctly they used three two for selecting the processesġ. This is based on information I found on a website for admins (I forgot which) where admins shared info on which processes could be added to Code Integrity without running into performance or compatibilty problems. This is only possible when you use Microsoft Defender as Antivirus, because many 3p Antivirus inject DLL's in vulnarable processes. Powershell.exe (it is the only command processor I have not disabled)Ĭ) Processes which are nearly always running (and might be tempted to target by a sarcastic malware writer)ĭ) Windows processes easy to target, because every Windows PC has themĮ) Microsoft Office programs and Edge broker process (renderer has SIG enabled by default) for same reason (most of corporate PC's have them) Regini (setting/changing registry values/permission)Ĭacls and icacls.exe (setting file permissions)įorfiles (passing arguments/commands to files) I create a profile that directs Syncback to check for file differences between folder X on the computer and folder Y on an external drive, and to resolve the differences as directed in the profile (e.g., copy files from folder X to folder Y). ![]() Ful and have enabled Code Integrity Guard forĪ) Important system processes also running at Medium ILī) Powerful system processes (are blocked to run as standard user by SRP) I use Windows Syncback free, not for periodic automatic backup of the entire hard drive, but for periodic manual backups of specific folders. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |