ConfigureDefender utility for Windows 10/11

shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
Does everything work well when this ASR rule is disabled (reboot is necessary) in ConfigureDefender and mshta.exe is unblocked in H_C?
I am asking, because something else interferes with this issue, too. The driver/software actions are not fully blocked or something prevents the proper logging.
What Enforcement setting do you have?
Click to expand...
I always had success in the past when disabling this particular ASR rule.
Yesterday I disabled a lot of ASR rules, and did not test that one in particular.

As for MSHTA, I used to run the program as admin, to get around the problem. The program is not installed right now.
 
  • Like
Reactions: oldschool, In2an3_PpG and Andy Ful
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Wow, that was a boring review. The only thing he was thinking about was how many mouse clicks you need to scroll through the GUI, he didn't even mention ASR, which is the heart of the matter. Brinkman was sleeping on the job.
 
  • Like
Reactions: Tiny, oldschool, In2an3_PpG and 3 others
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
shmu26 said:
Wow, that was a boring review. The only thing he was thinking about was how many mouse clicks you need to scroll through the GUI, he didn't even mention ASR, which is the heart of the matter. Brinkman was sleeping on the job.
Click to expand...
The article needs to be understood by all users reading it as it is an introductory one. If he goes technical then none will read and they will just close it. Either that or he is not qualified to go technical but the first assumption makes sense to me so i will give him a pass.
 
  • Like
Reactions: oldschool, Andy Ful, In2an3_PpG and 2 others
In2an3_PpG

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
Where is the name drop? "ConfigureDefender is an open source tool for Microsoft's Windows operating system that helps system administrators configure Windows Defender." In that first line it should read, ConfigureDefender is an open source tool created by @Andy Ful for Microsoft's Windows operating system....

Then the comments at the bottom. One person being paranoid for not upgrading to Windows 10, trying to get the app to work on 8 :ROFLMAO:. The other saying disabled WD is the only way i roll.
 
  • Like
Reactions: oldschool, Andy Ful and shmu26
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
In2an3_PpG said:
Where is the name drop? "ConfigureDefender is an open source tool for Microsoft's Windows operating system that helps system administrators configure Windows Defender." In that first line it should read, ConfigureDefender is an open source tool created by @Andy Ful for Microsoft's Windows operating system....

Then the comments at the bottom. One person being paranoid for not upgrading to Windows 10, trying to get the app to work on 8 :ROFLMAO:. The other saying disabled WD is the only way i roll.
Click to expand...
Fortunately, if the user is going to run ConfigureDefender on Windows 8.1 and prior versions, the program will show the alert: "This program works only on Windows 10.":giggle:
 
  • Like
Reactions: oldschool, Freki123, In2an3_PpG and 1 other person
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
@shmu26 - I read GHacks regularly and that is Martin's style. He appears to prefer a neutral tone for his articles and rarely (ever?) writes a typical review. I think his intent is to introduce the function and UI of a software and occasionally will compare it generally to another program. I appreciate his site precisely for this informative style which leaves the real reviews to others.

Kudos to @Andy Ful ! (y)
 
  • Like
Reactions: Andy Ful, In2an3_PpG, harlan4096 and 1 other person
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
oldschool said:
@shmu26 - I read GHacks regularly and that is Martin's style. He appears to prefer a neutral tone for his articles and rarely (ever?) writes a typical review. I think his intent is to introduce the function and UI of a software and occasionally will compare it generally to another program. I appreciate his site precisely for this informative style which leaves the real reviews to others.

Kudos to @Andy Ful ! (y)
Click to expand...
Thanks. I didn't know that. My apologies to Martin :)
 
  • Like
Reactions: Tiny, Andy Ful, In2an3_PpG and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
The new version 2.0.0.0 of ConfigureDefender is available on GitHub:
Added two new WD ASR rules:
1. Block only Office communication applications from creating child processes (includes Outlook protection).
2. Block Adobe Reader from creating child processes.
 
  • Like
Reactions: ForgottenSeer 85179, In2an3_PpG, harlan4096 and 6 others
oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Andy Ful said:
The new version 2.0.0.0 of ConfigureDefender is available on GitHub:
Added two new WD ASR rules:
1. Block only Office communication applications from creating child processes (includes Outlook protection).
2. Block Adobe Reader from creating child processes.
Click to expand...

I assume this will be integrated into the next version of H_C?
 
  • Like
Reactions: In2an3_PpG, Andy Ful and shmu26
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
Please let me know, if someone has a problem with printing. In "Defender high settings", there are two rules which can block creation of child processes, one rule for MS Office applications and one for Adobe Reader (the last was introduced in Windows ver. 1809). As @shmu26 reported, the first rule might cause problems with printing (HP printer).
 
  • Like
Reactions: oldschool, Gandalf_The_Grey, In2an3_PpG and 3 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
Please let me know, if someone has a problem with printing. In "Defender high settings", there are two rules which can block creation of child processes, one rule for MS Office applications and one for Adobe Reader (the last was introduced in Windows ver. 1809). As @shmu26 reported, the first rule might cause problems with printing (HP printer).
Click to expand...
My problems were specifically with the print to fax driver. Regular printing worked fine. Even if I put MS Office in a "cage", using Excubits MemProtect, I can do regular printing.
 
  • Like
Reactions: oldschool, Gandalf_The_Grey, In2an3_PpG and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
  • Like
Reactions: Sunshine-boy, In2an3_PpG, silversurfer and 5 others
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@Andy Ful Would it be possible to post Sha256 for your releases? On chip.de you can download stuff without their installer when you click the words "manuelle Installation". It a "nearly" invisible small Button on the right next to their big download button.
Untitled.jpg
 
  • Like
Reactions: Gandalf_The_Grey, Andy Ful, silversurfer and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,482
Freki123 said:
@Andy Ful Would it be possible to post Sha256 for your releases? On chip.de you can download stuff without their installer when you click the words "manuelle Installation". It a "nearly" invisible small Button on the right next to their big download button.View attachment 200604
Click to expand...
This is also possible on dobreprogramy.pl, but many users will simply download website installers anyway.
The hashes of version 2.0.0.0
ConfigureDefender_x64.exe
112366df0ddc6102c5d7efe9e59ca37ff2abb03cc3b70516e6767dc0a29157af
ConfigureDefender_x86.exe
9941cf56d5d8aeee9227fc8806efe3f633c3a3cb402b842052970c8fe82a8d14
The problem with Sha256 hash is that it can be replaced by the malc0ders with the hash of the malicious file.
 
  • Like
Reactions: Sunshine-boy, In2an3_PpG, shmu26 and 4 others

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,090
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,414
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,224
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top