I have developed an Antivirus software, however how do I set it as the default Antivirus and make Windows stop displaying the missing Antivirus messages?
You should add it to the Security Center inside the windows, but I'm not sure that maybe you need a digital signature.
Related
I have noticed that calls to MgCmdRun.exe GetDeviceTicket -AccessKey <SOME_KEY> were causing glitches in a rendering application I am working on.
I was wondering if there was a way I could temporarily disable these calls.
Here is a list of what I have tried:
Disabling WAM (Windows Automatic Maintenance) using the registry: https://winaero.com/how-to-disable-automatic-maintenance-in-windows-10/
Disabling Windows Defender RealTimeMonitoring using the registry and powershell: https://www.majorgeeks.com/content/page/how_to_turn_on_or_off_windows_defender_real_time_protection.html
As of right now, none of these solutions worked. By disabling WAM, I noticed that Windows Defender Scheduled tasks were no longer being executed. However, some calls to GetDeviceTicket were still being made.
I would appreciate a solution that would disable/enable these calls without the need to reboot the system. I also still need Windows Defender to be running.
Thanks!
We have Symantec Wise Package Studio to build simple custom MSI files (Yes I know the product is beyond end-of-life but for our needs it serves it's purpose)
It used to work fine but now when we try to run it , the main executable "PackageStudio8.exe" gets blocked by something which seems to be SmartScreen maybe?
Translation : This application has been blocked for your protection.
An administrator prevents you from running this application. To know more, contact the administrator.
Could it be some kind of GPO I don't know about?
Based on web findings I tried setting the following values :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Off"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=dword:00000000
"ShellSmartScreenLevel"=-
But it doesn't change anything, it still gets blocked and that window still appears. Turning off SmartScreen (disabled) in the Windows 10 GUI still doesn't make it go away.
Interesting thing I noticed is if you open a shell (cmd or powershell) AS AN ADMINISTRATOR and run the exe, it runs fine and everything works. So for now we make do by running it as administator, but it's not ideal.
What gets bypassed when you run as admin and how can I find and adjust what creates this prompt?
Much appreciated.
Turns out it's UAC actually. I found out that the only way to get rid of that prompt is to completly disable UAC for example : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System (set value ' EnableLUA' to 0) but of course it's a security risk. I guess the safer way is to run it as administrator simply, instead of getting rid of UAC completly just for that program! Wondering why UAC blocks it though? Is it because the app has "EDITOR/PUBLISHER : UNKNOWN" ?
Like some cyber coffee applications that disables the user ability to use any other application but only the ones started inside that cyber admin application panel, I searched the Internet for some way of doing it in Delphi:
Remove the Windows Task bar;
Disable the Alt+Tab function;
Disable the Task Manager;
Be able to do/undo that changes in a configuration panel.
These needs are for keeping users from downloading viruses and making changes to Windows configuration or even play games, if it is the system administrator's preference. The own program would serve as a container for authorized applications to run inside then as if it were a MDI application. That is already working
Of course that the system manager will have the options to disable that or revert.
Is there a way to make those four configurations in run-time with Delphi XE3?
I'm not familiar with Delphi. I'm also not sure if it is possible during run-time. But you could do the following:
Write to the registry to prevent alt-tab see this.
Again write to the registry to disable Task Manager see this.
Sounds like you can disable the task bar too by the registry see this.
On your control panel have options and when they hit save, save and restart the computer.
This is provided that Delphi can write to the registry (I believe C# and C++ can). If not, you could create .reg files and execute those by calling cmd.exe with arguments. This I think will cause some pop-ups though.
Update: You may be able to load in the registry changes without a signing out by killing explorer.exe and then loading it again. This may only load parts of the updated registry though.
I'd suggest booting your hardware into Linux, and then run a Windows virtual machine that is as locked down as possible using the existing kiosk mode security settings in Windows. This VM then runs your MDI application when the VM boots. When the MDI application exists the VM reverts to a snapshot of the known good Windows configuration.
You strip down a Linux OS to include only the bare minimum components needed to host your Windows VM.
I'm assuming your MDI windows will only host applications your organization has written, not arbitrary Windows executables. Otherwise you are asking to re-write Windows itself, which will prove impossible.
We have the following problem. We want to be able to install software without UAC and then later on switch the user and have UAC enabled. With the help of BrekIT (brekit.com) we then automate an installation process with UAC enabled.
In order to be able to be flexible we need to have a solution where we can toggle between UAC on and off without user interaction. It's executed in a secured test area so we don't need to worry about possible security risks.
Also worth to note. We use a vSphere Server with many vm's for testing. Perhaps with vmware there might be an alternate easier solution.
Thank you very much!
Julian
The short answer is that this is not possible. Imagine the security implications: All malware has to do is temporarily disable UAC, install the payload, and enable it again. Sorry.
Is there any way to programmatically add an .exe file to the exception list for the Windows Vista firewall to allow it to run normally? I'm using VC++.
Yes - if you take a look at the WindowsFirewallAddApp method here, it should give you some ideas how to do it.
I don't know for certain about the Vista firewall, but I would defeinitely excpect that it is a violation of the security of any computer to allow programmatic access to firewall exception lists. I would be very surprised if Windows allowed arbitrary code to fiddle with the Firewall in this way.
The user sitting in front of the computer, or a network administrator setting network wide security policies would be the only two who should be able to do this. Notice that they are both actual people doing the process interactively.