Feb 17 2021 02:03 AM
Hi pls exist list with security recommendation ? I know exist, Microsoft Security Compliance Toolkit, but our vendor want some URL from M$ where is information about NativeMessaging. We want set Allow user-level native messaging hosts (installed without admin permissions): Disabled, but nativecomponent from vendor not want create instaler to HKLM.... Thanx
Feb 17 2021 08:27 AM
Feb 17 2021 02:30 PM
Feb 18 2021 01:20 AM - edited Feb 18 2021 01:22 AM
Hi @Marek_G,
there is also a security benchmark for Microsoft Edge published by CIS (Center for Internet Security).
Regarding the native messaging, this is a good read: https://textslashplain.com/2020/09/04/web-to-app-communication-the-native-messaging-api/
Maybe you also want check resources from Google since native messaging is a feature of chromium.
Best regards
Joe
Feb 18 2021 02:19 AM
Feb 18 2021 01:34 PM
this link i send vendor. But answer vendor ? "I do not know these sites and I need to see specific and relevant information from a credible source "
I want only disable user level nativemessaging level......
thanx all for answer
Feb 19 2021 06:04 AM
Feb 19 2021 01:35 PM
SolutionConfirming that the link shared by @HotCakeX (https://textslashplain.com/2020/09/04/web-to-app-communication-the-native-messaging-api/) is a blog by a Microsoft Edge Principal Program Manager (Eric Lawrence / Ericlaw). He often releases blogs to fill gaps in official documentation and is a trusted source for Microsoft information.
Feb 19 2021 01:35 PM
SolutionConfirming that the link shared by @HotCakeX (https://textslashplain.com/2020/09/04/web-to-app-communication-the-native-messaging-api/) is a blog by a Microsoft Edge Principal Program Manager (Eric Lawrence / Ericlaw). He often releases blogs to fill gaps in official documentation and is a trusted source for Microsoft information.