Combining SRP with CFA would provide a very very strong ransomware protection. Therefore I would like to whitelist folders recursively, just as I can with software restriction policies in corporate environments. If users have local admin rights they would also have to know about the concept of CAF in order to manually whitelist the application again after upgrade. So on each application update the whitelist needs to be adapted. GIMP: "GIMP 2\bin\gimp-2.8.exe" or LibreOffice: "LibreOfficeĥ\program\soffice.bin" etc.). This is really crap since some applications use versions in path/filename (e.g. This would be very secure as programs installed in official installation locations can only be modified by administrators and are considered to be "safe".Īt the moment it seems only to be possible to add full application paths (binary paths) to the whitelist. Downloaded scripts/exploits/ransomware as well as untrusted portable apps and the like will get restricted access to protected folders.
With programs installed in official program folders. This way you would still get full protection as normal users don't have admin rights and can't tamper I am looking for an option to allow or auto-whitelist all applications installed in official installation folders (%ProgramFiles%, %ProgramFiles(x86)%). The machines are pre-installed with a couple of standard applications including Firefox, GIMP, IrfanView, LibreOffice, Picasa, VLC. Well worth watching.I am willing to ship assembled PCs with controlled folder access (CFA) enabled in Windows Defender to increase protection fo non-IT-professional users. Keeping the Youtube videos going, this one by Jason Githens and Jeremy Chapman looks at the updates to drivers and updates in general. If you use Hello for Business, check out this post on how to configure passwordless RDP connections This post from Damien Van Robaeys looks at importing Intune data into Log Analytics for manipulation.Īnd finally, some content direct from Microsoft:įor anyone using update compliance (if you’re not, read this), it’s worth noting that the machine now has to be in Azure AD for it to report back.
Technically a multi-part one again, but I’m skipping part 1 and going straight to the Intune bits. OneDrive and its (Un)known Folder Move (KFM) – Part 2
0 kommentar(er)
