Protections tab
- The Minimum plan includes:
- Software restriction policy path rules for the appdata folder, all folders beneath appdata, the “local” (as opposed to “roaming”) appdata folder, and the Recycle Bin.
- It also includes protections related to program naming, including blocking of double file extensions and exploits related to the direction of text interpretation.
- Please follow the provided link for more information regarding the right-to-left override character:
- View the client documentation for more information on the specific locations these locations include
- The Default plan includes:
- Software restriction policy path rules for the programdata folder, the user profiles folders, and the start menu startup folders.
- Three additional Windows utilities are also potentially blocked under this plan, vssadmin.exe, syskey.exe, and cipher.exe.
- Please note that these are legitimate tools that have been known to be co-opted by malicious software.
- If you have no use of these tools and you do not use applications that rely upon them, you may safely enable those protections.
- The miscellaneous protections included in the Default plan will block some additional vectors for existing malware as well as the option to disable the use of legacy “Sidebar and Gadget” applications.
- The Sidebar and Gadget” option is recommended by Microsoft due to known security implications of their usage:
- View the client documentation for more information on the specific locations these locations include
- The Maximum plan includes:
- Software restriction policy path rules for the subfolders beneath localappdata and folders where files are temporarily extracted from archives, such as ZIP files
- The Block Windows Programs section will optionally prevent the use of the following Windows utilities: bcdedit.exe, wscript.exe, and cscript.exe.
- Disable Windows Script Host option
- You may not want to enable this option because long login delays were reported when enabling this option in environments that utilize login scripts.
- It should be safe to enable this option in a non-domain environment and when you do not rely upon the use of Windows scripts.
- For more information, please review these sites:
- View the client documentation for more information on the specific locations these locations include
- The default selections (shown in the picture above) are the recommended “set and forget” options that should not cause issues with any legitimate applications
- these are the same protections as selecting the Default Protection plan in the CryptoPrevent client