Q&A Anyone Test WD + Hard_Configurator?

oldschool

Level 12
Verified
Joined
Mar 29, 2018
Messages
567
OS
Windows 10
Antivirus
AVG
#1
In light of recent discussion here Q&A - Security Software obselete on Windows 10? and elsewhere, has anyone tested WD with Hard_Configurator - specifically with WD High settings and H_C set to Default-Deny/Recommended SRP? I'd be interested to know if anyone has tested this setup, or some variation of it. :emoji_thinking::emoji_thinking::emoji_thinking: I'm fairly certain some other members would like to know as well. Thanks to all who might reply. :whistle:
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,419
OS
Windows 10
Antivirus
Default-Deny
#2
Tested it, more secure than any AV and less prone to bug/issues.
of course, you have to cope with WD resource hunger, but if you don't mind it, it is a very solid combo.

1- Learn to use SRP, means learn about Windows processes.
2- Learn to use Windows Exploit Guard and other Win10's built-in security feature.
Once both point mastered, you will realize that using AVs is not necessary anymore.

Now if, as me, you like some particular mechanisms (full sandboxes, anti-exe, etc...), you may use 3rd party apps.
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,643
OS
Windows 10
#4
Hard_Configurator at Andy's recommended settings is a default/deny setup, which is a winner by definition. Default/deny is so strong that it makes very boring testing. The only caveat is that with Hard_Configurator, the user needs to flip on the vulnerable process protection (called "sponsors") if he happens to be running abusable apps that need extra protection. MS Office is not much of a threat, because it is already covered, either by WD at high settings, or by the H_C "Documents Anti-Exploit" setting.

About WD at high settings: @Evjl's Rain posted some links to his malware hub testing of it, they are in the thread you mentioned, Q&A - Security Software obselete on Windows 10?.
He found it to be strong but not bullet-proof. But WD at high settings + SmartScreen is very strong.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,643
OS
Windows 10
#6
As expected. Malware does not infect the system when default/deny protection is applied.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,916
#8
Keep in mind the systems are not clean either, as WD fails to detect the malware it sits there waiting.
If malware is present, but doing nothing, then vendors do not care about that. Most don't consider it a big deal. Even running processes that are detected as malware, but do nothing malicious are not a concern.
 
Last edited:

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
#9
Keep in mind the systems are not clean either, as WD fails to detect the malware it sits there waiting.
The same situation is with HIPS and BB when one uses any good AV.
Fortunately, that usually last only for a few days, until the AV will get the proper signatures.
WD (or another AV) is still welcome for two reasons:
  1. It will clean (after some time) the blocked (by H_C settings) but previously not detected malware files.
  2. It can detect the more sophisticated malware that could bypass H_C settings.
The sophisticated malware will usually hit first Enterprises and Institutions via targetted attacks, so they are not 0-days when trying to hit home users. Such malware can be detected by something like WD "Block first sight" feature (or Kaspersky KSN).
H_C is not inventing the wheel. This kind of protection is well known from years.
I simply chose the well known security 'lego bricks' which could be useful in the home user environment.
One brick (SmartScreen) required some invention to fit it into the smart-default-deny pattern.
Next, I put all of them into one configurator GUI and gathered the hardly found pieces of information in help files (+ manual) to make all of this more understandable. Furthermore, It was necessary to add the integration with some useful external tools (Sysinternals Autoruns, NirSoft FullEventLogView, 7-ZIP) for troubleshooting. In the end, I made some setting profiles which can be useful in a daily work for inexperienced or advanced users.
 
Last edited:

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
#10
As expected. Malware does not infect the system when default/deny protection is applied.
H_C can be used as the classic default-deny or the smart-default-deny. The Recommended Settings are based on the smart-default-deny setup, and this was tested by @askalan (H_C) and partially by @Evjl's Rain (for WD + forced SmartScreen). The classic default-deny will block the new installations. The smart-default-deny will allow the new installations if the installation file will pass the SmartScreen check.
The classic default-deny is slightly stronger, because some malware files (very rarely) can bypass even the SmartScreen Application Reputation filter.
 
Last edited:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,916
#11
As expected. Malware does not infect the system when default/deny protection is applied.
Default Deny is not a panacea. A particular security soft is not one either. Security cannot operate optimally by merely installing security softs. The person using the system matters - implicitly and inherently. Period. If anyone disagrees with that accurate and balanced approach, well...

And this whole expectation that security softs should and must solve all security issues is just plain ignorance.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
#12
The more usable is the security setup, the more knowledge is required to use it safely. If one will install several usable security applications to be more secure on Windows 10, then usually that will have the impact on the system stability/performance ( = decrease of usability).
The more restricted is the security setup, the more knowledge is required to configure and adjust it on the concrete machine for the concrete user.
So, the experienced (knowledgeable) users can adjust any security setup they like.

The Inexperienced users are not safe when using the usable security setup and are not able to configure properly the highly restricted security setup. Usually, they can use the restricted setup with occasional support from the advanced user or must learn to become advanced (experienced).
In any case, the knowledge is strictly related to the security.
Isn't that why Malwaretips was created for? :emoji_ok_hand:
 
Last edited:

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,643
OS
Windows 10
#13
Default Deny is not a panacea. A particular security soft is not one either. Security cannot operate optimally by merely installing security softs. The person using the system matters - implicitly and inherently. Period. If anyone disagrees with that accurate and balanced approach, well...

And this whole expectation that security softs should and must solve all security issues is just plain ignorance.
You guys know about all kinds of curve-ball malware exploits and worst-case scenarios. Science-fiction come true, like Powershell Empire and the like.
But in real life, if a home user has a decent default/deny setup, properly configured and in good working order, with patched OS and software, well, he is not going to get infected, unless he shoots himself in the foot.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
#14
You guys know about all kinds of curve-ball malware exploits and worst-case scenarios. Science-fiction come true, like Powershell Empire and the like.
But in real life, if a home user has a decent default/deny setup, properly configured and in good working order, with patched OS and software, well, he is not going to get infected, unless he shoots himself in the foot.
There is the known anti-default-deny reasoning:
Experienced (knowledgeable) users can configure/use default-deny but they do not need it. Inexperienced users alone, cannot properly configure default-deny, so they do not use it.
Some knowledge is always involved in using default-deny.
 
Joined
Sep 26, 2017
Messages
386
Antivirus
Microsoft
#15
The same situation is with HIPS and BB when one uses any good AV.
Fortunately, that usually last only for a few days, until the AV will get the proper signatures.
WD (or another AV) is still welcome for two reasons:
  1. It will clean (after some time) the blocked (by H_C settings) but previously not detected malware files.
  2. It can detect the more sophisticated malware that could bypass H_C settings.
The sophisticated malware will usually hit first Enterprises and Institutions via targetted attacks, so they are not 0-days when trying to hit home users. Such malware can be detected by something like WD "Block first sight" feature (or Kaspersky KSN).
H_C is not inventing the wheel. This kind of protection is well known from years.
I simply chose the well known security 'lego bricks' which could be useful in the home user environment.
One brick (SmartScreen) required some invention to fit it into the smart-default-deny pattern.
Next, I put all of them into one configurator GUI and gathered the hardly found pieces of information in help files (+ manual) to make all of this more understandable. Furthermore, It was necessary to add the integration with some useful external tools (Sysinternals Autoruns, NirSoft FullEventLogView, 7-ZIP) for troubleshooting. In the end, I made some setting profiles which can be useful in a daily work for inexperienced or advanced users.
BB and HIPS don't leave the files around, after detection the AV will rollback the changes and quarantine the file (if it's something proper like Kaspersky).
Default-Deny will only block the execution of the file, but will leave it there untouched and ready for another round. It's mostly user based as well, if the file is allowed to run it all comes down to nothing when using WD.
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,643
OS
Windows 10
#16
BB and HIPS don't leave the files around, after detection the AV will rollback the changes and quarantine the file (if it's something proper like Kaspersky).
Default-Deny will only block the execution of the file, but will leave it there untouched and ready for another round. It's mostly user based as well, if the file is allowed to run it all comes down to nothing when using WD.
It is recommended to combine default/deny with a decent AV. There is always the possibility of user error, so your AV is your safety net. The user is usually the weakest link in the security chain.
Windows Defender with ASR is not a bad choice for an AV.
 
Joined
Sep 26, 2017
Messages
386
Antivirus
Microsoft
#19
We are not discussing WD at default settings. It is not up to the challenge of true zero-days.
I'm not even talking 0-days nor unknown malware, WD signatures and cloud are a joke even against known malware compared to the competition. Hence why people rely on Default-Deny with it.

Default-Deny is not for Average Users, and WD can't protect Average Users without Default-Deny so it enters the Paradox. An Experienced User doesn't need an AV, so VoodooShield alone would be enough as Default-Deny without the resource heavy WD in the background.

So it enters my logic that WD shouldn't the recommended even with Custom Settings. It's your choice either way, I'm not here to tell others what to use and do in their own machines, just avoid recommending WD to average users.
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,643
OS
Windows 10
#20
I'm not even talking 0-days nor unknown malware, WD signatures and cloud are a joke even against known malware compared to the competition. Hence why people rely on Default-Deny with it.

Default-Deny is not for Average Users, and WD can't protect Average Users without Default-Deny so it enters the Paradox. An Experienced User doesn't need an AV, so VoodooShield alone would be enough as Default-Deny without the resource heavy WD in the background.

So it enters my logic that WD shouldn't the recommended even with Custom Settings.
If you don't like WD, you don't have to use it.
Compared to the invasive way that the top AVs rip through your system, and the issues and bugs that often result, WD's sins are relatively minor in comparison. Especially since it usually does well even at default settings in recent commercial AV testing.
 

Similar Threads

Similar Threads