HotCakeX
commented
1 year ago Hi, Using 3rd party AV is neither needed nor supported by the script since it activates all of the Microsoft Defender features and heavily relies on it. The screenshot and issue you are having is not related to the script. it must be obvious when user reads the Readme that Microsoft Defender and all the features the script activates is more than any other 3rd party AV solution.
Everything in the Readme is equally Important, extra info are provided by links to Microsoft websites, I already inform users to read the Readme at the beginning of the script when they run it.
About Smart App Control, manual registry modification is neither recommended nor needed, all users have to do in order to activate or deactivate it is to use the toggle in Windows Security GUI. The behavior of Smart App Control is described in the websites I linked to in Smart App Control section, so users are expected to click on them and read them, no warning needed.
Have you completely read everything and made sure the Security measure you are suggesting hasn't already been implemented? Yes.
Hi @HotCakeX ,
I have some suggestions for the project as the title says, I was running the script and unfortunately, I got a Inacessible_BOOT_DEVICE error, and I think I discover the problem. Since I start to use Kaspersky Plus, has a possibility of Kaspersky block some powershell scripts and cause the issue. Here's a screenshot
Maybe some warning, like we have for Battle.net will be useful for the users.
Other suggestion is warn the users about Smart App Control since this feature is controlled by Microsoft and I think that only azure members could configure the smart app control policy template, some users could have some issues while running the programs or games. The alternative recommendation is use WDAC, which users has totally control of the whitelist and blocklist of apps.
But if users want to use Smart App Control and they have some issues, here's a workaround I found 1 - Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy and change VerifiedAndReputablePolicyState to desired state: Enabled - 1 Evaluation Mode - 2 Off - 0
You will notice that in the following regedit key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Protected VerifiedAndReputablePolicyStateMinValueSeen is set to 1, which mean is Enabled, don't touch in this.
2 - After change the state of Smart App Control, you can use the programs and games that was having some issues with Smart App Control, when you finish to use the programs, games make sure to navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Policy and change VerifiedAndReputablePolicyState to 1 again.
WARNING: Do not restart the computer before restoring the state of VerifiedAndReputablePolicyState to 1 which is Enabled, if you restart your computer after change the state and not restore to Enabled, Smart App Control will be permanently disabled.