Previous Topic

Next Topic

Easy Mode - Miscellaneous

The security policies listed in this category do not belong to other categories.

Prevent Dangerous Device Access

This setting prevents the system devices and drivers from the application of various dangerous commands such as formatting hard drive. It is recommended to have this protection always on.

Full list of protected actions:

  • Dismount volume
  • Lock volume
  • Set compression
  • Unlock volume
  • Disk eject media
  • Disk format tracks
  • Disk load media
  • Disk media removal
  • Disk reassign blocks
  • Disk set drive layout
  • Disk set partition info
  • Disk verify
  • Serial lsrmst insert

Prevent Low Level API (PLLAPI)

Each Windows application interfaces with the operating system through an Application Programming Interface (Win32 API). Some portions of this API are intended for use by operating system only and not by regular applications. Prevent Low Level API function protects these portions of API:

If PLLAPI is enabled following functions are blocked:

  • AdjustTokenPrivileges
  • SetFileSecurity
  • SetKernelObjectSecurity
  • SetServiceObjectSecurity
  • SetSecurityInfo
  • SetNamedSecurityInfo
  • SetUserObjectSecurity
  • CreateProcessAsUser
  • CreateProcessWithLogonW
  • SHCreateProcessAsUserW

If PLLAPI is enabled System low-level access is prevented and the function wants

to work in other process than in the caller process

  • WriteProcessMemory
  • CreateRemoteThread
  • VirtualAllocEx
  • VirtualProtectEx

See Also

Sandbox Settings in Easy Mode

When Do You Want To Use Easy Mode

Easy Mode - Registry

Easy Mode - Services

Easy Mode - VBA macros

Easy Mode - Spawning

Easy Mode - OLE & COM