ConfigureDefender utility for Windows 10/11

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Does everything work well when this ASR rule is disabled (reboot is necessary) in ConfigureDefender and mshta.exe is unblocked in H_C?
I am asking, because something else interferes with this issue, too. The driver/software actions are not fully blocked or something prevents the proper logging.
What Enforcement setting do you have?
I always had success in the past when disabling this particular ASR rule.
Yesterday I disabled a lot of ASR rules, and did not test that one in particular.

As for MSHTA, I used to run the program as admin, to get around the problem. The program is not installed right now.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Wow, that was a boring review. The only thing he was thinking about was how many mouse clicks you need to scroll through the GUI, he didn't even mention ASR, which is the heart of the matter. Brinkman was sleeping on the job.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
Wow, that was a boring review. The only thing he was thinking about was how many mouse clicks you need to scroll through the GUI, he didn't even mention ASR, which is the heart of the matter. Brinkman was sleeping on the job.
The article needs to be understood by all users reading it as it is an introductory one. If he goes technical then none will read and they will just close it. Either that or he is not qualified to go technical but the first assumption makes sense to me so i will give him a pass.
 

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
Where is the name drop? "ConfigureDefender is an open source tool for Microsoft's Windows operating system that helps system administrators configure Windows Defender." In that first line it should read, ConfigureDefender is an open source tool created by @Andy Ful for Microsoft's Windows operating system....

Then the comments at the bottom. One person being paranoid for not upgrading to Windows 10, trying to get the app to work on 8 :ROFLMAO:. The other saying disabled WD is the only way i roll.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Where is the name drop? "ConfigureDefender is an open source tool for Microsoft's Windows operating system that helps system administrators configure Windows Defender." In that first line it should read, ConfigureDefender is an open source tool created by @Andy Ful for Microsoft's Windows operating system....

Then the comments at the bottom. One person being paranoid for not upgrading to Windows 10, trying to get the app to work on 8 :ROFLMAO:. The other saying disabled WD is the only way i roll.
Fortunately, if the user is going to run ConfigureDefender on Windows 8.1 and prior versions, the program will show the alert: "This program works only on Windows 10.":giggle:
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
@shmu26 - I read GHacks regularly and that is Martin's style. He appears to prefer a neutral tone for his articles and rarely (ever?) writes a typical review. I think his intent is to introduce the function and UI of a software and occasionally will compare it generally to another program. I appreciate his site precisely for this informative style which leaves the real reviews to others.

Kudos to @Andy Ful ! (y)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
@shmu26 - I read GHacks regularly and that is Martin's style. He appears to prefer a neutral tone for his articles and rarely (ever?) writes a typical review. I think his intent is to introduce the function and UI of a software and occasionally will compare it generally to another program. I appreciate his site precisely for this informative style which leaves the real reviews to others.

Kudos to @Andy Ful ! (y)
Thanks. I didn't know that. My apologies to Martin :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
The new version 2.0.0.0 of ConfigureDefender is available on GitHub:
Added two new WD ASR rules:
1. Block only Office communication applications from creating child processes (includes Outlook protection).
2. Block Adobe Reader from creating child processes.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
The new version 2.0.0.0 of ConfigureDefender is available on GitHub:
Added two new WD ASR rules:
1. Block only Office communication applications from creating child processes (includes Outlook protection).
2. Block Adobe Reader from creating child processes.

I assume this will be integrated into the next version of H_C?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Please let me know, if someone has a problem with printing. In "Defender high settings", there are two rules which can block creation of child processes, one rule for MS Office applications and one for Adobe Reader (the last was introduced in Windows ver. 1809). As @shmu26 reported, the first rule might cause problems with printing (HP printer).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Please let me know, if someone has a problem with printing. In "Defender high settings", there are two rules which can block creation of child processes, one rule for MS Office applications and one for Adobe Reader (the last was introduced in Windows ver. 1809). As @shmu26 reported, the first rule might cause problems with printing (HP printer).
My problems were specifically with the print to fax driver. Regular printing worked fine. Even if I put MS Office in a "cage", using Excubits MemProtect, I can do regular printing.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@Andy Ful Would it be possible to post Sha256 for your releases? On chip.de you can download stuff without their installer when you click the words "manuelle Installation". It a "nearly" invisible small Button on the right next to their big download button.
Untitled.jpg
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
@Andy Ful Would it be possible to post Sha256 for your releases? On chip.de you can download stuff without their installer when you click the words "manuelle Installation". It a "nearly" invisible small Button on the right next to their big download button.View attachment 200604
This is also possible on dobreprogramy.pl, but many users will simply download website installers anyway.
The hashes of version 2.0.0.0
ConfigureDefender_x64.exe
112366df0ddc6102c5d7efe9e59ca37ff2abb03cc3b70516e6767dc0a29157af
ConfigureDefender_x86.exe
9941cf56d5d8aeee9227fc8806efe3f633c3a3cb402b842052970c8fe82a8d14
The problem with Sha256 hash is that it can be replaced by the malc0ders with the hash of the malicious file.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top