The Default plan tab
- The following protect each of these locations from executable files:
- %programdata%
- Windows Vista + OS
- %programdata%\*.[executable extension]
- Windows Vista + OS
- %userprofile%
- All Supported OS
- %userprofile%\*.[executable extension] (does not include *.com extension)
- For each actual user folder at time of settings being applied, a rule for that specific user folder is added ([user folder location]\*.[executable extension]
- Windows Vista + OS
- [user folders location]\Public\*.[executable extension]
- Windows XP OS
- %allusersprofile%\*.[executable extension]
- All Supported OS
- Startup Folders (in Start Menu)
- Windows Vista + OS
- %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.[executable extension]
- %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.[executable extension]
- Windows XP OS
- %allusersprofile%\Start Menu\Programs\Startup\*.[executable extension]
- %userprofile%\Start Menu\Programs\Startup\*.[executable extension]
- Note this does not include the *.lnk extension because this is expected to be in these locations
- Windows Vista + OS
- %programdata%
- Block Windows Programs:
- vssadmin.exe
- syskey.exe
- cipher.exe
- Note: these are legitimate tools that have been known to be co-opted by malicious software.
- If you have no use of these tools and you do not use applications that rely upon them, you may safely disable those protections.
- Note: these applications are blocked from running in any location
- Misc. Protections:
- Prevent known malware from starting
- list of various known malware items
- Turn off Windows Sidebar and Gadgets
- disable the use of legacy “Sidebar and Gadget” applications.
- This option is recommended by Microsoft due to known security implications of their usage: https://technet.microsoft.com/library/security/2719662
- Prevent known malware from starting