Jump to content

Recommended Posts

Posted

Hi guys! I'm back with a new guide, this time giving some tips of how to harden Low Restricted group.

 

Without further delay, these are the steps to follow:

 

1.- Go to Settings -> Security Settings -> Advanced Protection -> Intrusion Prevention, and set:

 

IP.thumb.png.c4c96e199a538100f054db06e017921b.png

 

This may be a bit aggressive, so for newbies and / or standard users, probably better to leave Trust digitally signed applications enabled. That will lead to get less blocking in legit applications.

 

2.- Go to Settings -> Security Settings -> Advanced Settings -> Exclusions and actions on object detections, and set:

 

INTERACTIVEMODE.thumb.png.a085004f44f79ef74dd52d58e648f4ec.png

 

3.- Now We are going to hard a bit also Trusted group, so go to Settings -> Security Settings -> Advanced Protection -> Intrusion Prevention -> Manage Applications.

 

 T1.png.42e743c67bb8a9d84a9f896df3ce013b.png

 

Once Manage Applications window is open, select Trusted group with Your mouse pointer, then 1 click on mouse right button -> Details and Rules, and in the new window, go to tab Rights:

 

T2.thumb.png.4f96ecb6f1196fff939f1009e6ae467f.png

 

In this new window We have to change the selected rights in orange color, to do so, again just select with Your mouse pointer in Shut down Microsoft Windows (1), then 1 click on the small arrow down on the right (2), then select Ask User (3), and later repeat the same to enable Log events (4):

 

 T3.thumb.png.412a2db107a0ebec11df24e399101f46.png

 

Repeat the same to change the remaining orange rights shows in previous capture, once ended, click on Save (and allow saving the changes in the next Kaspersky prompt window).

 

4.- And finally going to harden Low Restricted group. We are going to repeat all the steps in previous point to harden Trusted group, but this time with Low Restricted group:

 

Go to Settings -> Security Settings -> Advanced Protection -> Intrusion Prevention -> Manage Applications.

 

Once Manage Applications window is open, select Low Restricted group with Your mouse pointer, then 1 click on mouse right button -> Details and Rules, and in the new window, go to tab Rights:

 

 LR1.thumb.png.e0a8372e04854e9c7891929aff9ee3d8.png

 

LR2.thumb.png.099b5b789cb2be700af63e073a438a00.png

 

And then set all the changes in the rights inside red squares, don’t forget to click on Save once you're done.

 

5.- Additionally and to finish, I also added some restrictions in Intrusion Prevention -> Manage Resources:

 

 MR.thumb.png.4e23cc0c4945faf4a10d3fc8d2c5758a.png

 

Added my user folder (Windows account located in C:\Users\<Your account>\) with those hardened restrictions, if you don’t know how to do so, check my previous guide, also in this community section:

 

Implementing Protected Folders via Manage Resources + Anti-Exe / Default Deny

 

Feel free to ask questions and / or doubts!

 

Thanks all folks!!!! 😊

  • Like 5
  • Thanks 2
  • The title was changed to Hardening the Low Restricted Group
  • The topic was featured
  • 2 weeks later...
Posted

We can also, harden some additional tweaks, setting to Deny the following options, in Settings -> Security Settings -> Advanced Protection -> Intrusion Prevention -> Manage Applications. Once Manage Applications window is open, select Low Restricted group with Your mouse pointer, then 1 click on mouse right button -> Details and Rules, and in the new window, go to tab Rights:

 

  •  Perform Low-Level Access to Disk
  • Perform Low-Level Access to the File System
  • Start Scheduler
  • KLDriver

 

And finally, We will set Password-Protect Access to the Application Management Functions

  • Like 2


×
×
  • Create New...