Hi,
I was checking the “Hardened Windows Profile for ITSM 6.10” and that profile have an exclusion on containment, exclusion group “Shared Spaces” and in “Shared Spaces” I can see that the folder “%USERPROFILE%\Downloads*” is included.
Doesn’t that mean that anything, executable’s, documents etc. an user download into the download folder will run without the protection from containment?
That can’t be good? =)
Hi @Noiden
Sorry for wrong content on previous post. Shared Space are the only place where a contained application can write permanent data.
Assume you have an application that we didn’t know and run inside the container. You can create some data with it and if you save anywhere other than the shared folder, the data would be saved on virtual resources and wouldn’t be accessible by trusted applications. However, if you save it on shared folder (like downloads folder by default), you would be able to access the same data when we analyse and whitelist your application through our Valkyrie service.
So, it is not exclusion to containment but exclusion to only virtual hard drive component.
Ilker
Hi @Ilker
Ok… let’s see if I got it right this time. If i run an unknown app/document etc. from the standard download folder and it is in the exclusion list it’s not excluded from the containment security and if an app/document etc. is running in containment/virtual/sandbox it can write to the folders in the exclusion list? =)
Thanks.
Hello @Noiden
I stand corrected as I shared with you the wrong set of information. As what Ilker posted, the statement in your post above is correct.