February 3rd, 2016
“We’ve done it!” – The majority of your users have admin rights removed, meaning your environment is far more secure than it was before and you’ve successfully mitigated 85% of critical vulnerabilities in Windows. But are you as secure as you think? A surprisingly common pitfall that we come across in the support team are those who, either intentionally or unwittingly, elevate everything. Everything.
- May 12th, 2011
Privilege Guard (Edit: now Defendpoint) first introduced UAC (User Account Control) integration in version 2.5, which enables rules to be defined that trigger when an application requires administrator privileges in order to run. Further enhancements to the UAC rule in version 2.7 now allow you to elevate applications that may trigger UAC after the application has already launched. For instance, disk defragmenter and task manager are two applications that launch with standard user rights and only trigger UAC when the user attempts to perform an operation that requires administrator privileges.
- March 19th, 2010
Solutions that provide application whitelisting or application control need to provide the administrator with a set of rules that can be used to precisely identify applications. The most common types of rule will check the file name or certain attributes of the file, as these rules are relatively simple to maintain, and in most circumstances will provide adequate protection, assuming a least privilege approach is in place, where users can’t tamper with application files.