I see, so to bypass whitelisting, you just need to bypass whitelisting then you can bypass the whitelisting?
I don't follow, what you've just described is a whitelisting feature, right?
-
-
yes, but it's super flawed - e.g. just get Comodo to sign something, you'll see samples like that in Virustotal too. I don't know if you've ever done it at scale but it's.. not great. As always, combination - disable for users who never need it, add app whitelisting etc.
-
Don’t let perfect be the enemy of good. The ASD E8 has a nice progression of whitelisting/macro restrictions: https://acsc.gov.au/publications/protect/essential-eight-maturity-model.htm …
- 16 more replies
New conversation -
-
-
Whitelist the fileshare your finance team uses and you’ll be 90% of the way there.
-
That's what we did at my last place. There's still gaps - they can save malware to it and run it - but it was acceptable risk for me.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.