I was checking the “Hardened Windows Profile for ITSM 6.10” and that profile have an exclusion on containment, exclusion group “Shared Spaces” and in “Shared Spaces” I can see that the folder “%USERPROFILE%\Downloads*” is included.
Doesn’t that mean that anything, executable’s, documents etc. an user download into the download folder will run without the protection from containment?
That can’t be good? =)