PDA

View Full Version : FP with new localmachine_lockdown



Kalimba
2006-08-22, 19:39
Just a minor correction, really: when Spybot S&D checks the localmachine_lockdown entry, it found the iexplore.exe entry on my system set to 0 in HKCU. However, the HKLM entry was set to 1 and the (handy) referenced MSDN page says "If the setting is present in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, the most secure setting is used."

Also, for some reason the Bug Report panel refers to forums.net-integration.net. That might prevent potentially useful info from being presented. :D:

Thanks for a really useful security program!

md usa spybot fan
2006-08-22, 20:00
Kalimba:

I would appear that you are correct according to the following article
Local Machine Zone Lockdown
http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx
It also appears that Spybot does not detect the "iexplore.exe"=dword:00000000 in the HKLM registry hive. This entry was not detected after the 2006-08-18 updates:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
@=""
"iexplore.exe"=dword:00000000

(m/f)
2006-08-23, 18:03
Thank you all for your interest. It is right, Spybot did not detect the statement in the HKLM hive. We have corrected this so that Spybot will detect it now in both the HKCU and HKLM hive. This is, as stated by Kalima, the most secure setting. :bigthumb:

md usa spybot fan
2006-08-23, 18:52
(m/f):

Thanks for looking into and fixing the problem.

Regards,
md usa spybot fan

Kalimba
2006-08-23, 19:29
Thanks for looking into and fixing the problem.
I second that sentiment! :)

Rosenfeld
2006-08-27, 03:23
Despite what is said that the most secure setting is used, I have iexplore set to 1 in HKLM, but to 0 in HKCU. The latter was set to 0 when i checked the option to allow active content to run in files on my computer (IE options advanced tab).

Checking that option does change IE behaviour for the current user, so presumably the iexplore=0 setting in HKCU is not altogether overridden by the 1 in HKLM.

For example, one useful effect of checking that option I've found is if you have clicked through some links on a page at a site with ads blocked through HOSTS redirect entries, you only need to click back once, it runs through the ads URLs and returns to the page, instead of your having to click back several times or using the back button drop down box to bypass the ads URLs.
(I hope that is understandable...)

IE 7 RC1, XP home SP2 all updates.

Kalimba
2006-08-27, 22:39
Checking that option does change IE behaviour for the current user, so presumably the iexplore=0 setting in HKCU is not altogether overridden by the 1 in HKLM.
Interesting! I'll have to experiment a bit. :)