The benefit of no UAC pop-ups with the hard denial of unsigned programs is for me a convieniance - security balance. I have set UAC to deny elevation of unsigned programs and allowed admins to elevate silently. The behavioral shield really has improved. New cloud connect is probably reason for leaner update at-after startup (in full config, - not mine -, it uses at least 300 MB less disk I/O with all shields up in default). create/write of executables (excluded Program Data, still check on execution)Ĭ) Script shield (standard, only checking IE9, since IE9 is my banking browser and IE9 is hardened through group policy) execution of binaries (excluded Programs Files, Windows for execute, still checked at write, Program Files\Common files will be still be checked at execution) Since I have a deny execute/run as basic user policy implemented, I only run
0 kommentar(er)
