Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
ConfigureDefender utility for Windows 10/11
- Thread starter Andy Ful
- Start date
- Mar 29, 2018
- 7,595
Look at point f) in my post:
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-811782
I really have no patience for users who don't read manuals or change logs! Oh wait, that's me!
Thanks Andy. I'll see if adding exceptions helps with the two small issues (blocks) I see in the log.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Please, be very careful with adding exclusions for ASR rules. These exclusions will apply for all ASR rules (except 2 rules which do not support exclusions).I really have no patience for users who don't read manuals or change logs! Oh wait, that's me!
- Jul 3, 2015
- 8,153
Thanks to both of you for pointing this out. And also for the warning that the exclusions are applied almost globally.
Which are the two rules that don't support exclusions?
- Mar 29, 2018
- 7,595
"Impede JavaScript and VBScript to launch executables"
"Block process creations originating from PSExe and WMI commands"
And as you said in an earlier post, most of the ASR glitches come from the "lsass.exe" rule. On my system the log shows this rule blocked an operation by Bleachbit but BB seems to be working fine (unless there is some effect I'm not aware of). Same with Brave update. This is puzzling to me.
Edit: Now that I think of it, it was probably Bleachbit performing its occasional update check.
- Jul 3, 2015
- 8,153
Thanks.And as you said in an earlier post, most of the ASR glitches come from the "lsass.exe" rule. On my system the log shows this rule blocked an operation by Bleachbit but BB seems to be working fine (unless there is some effect I'm not aware of). Same with Brave update. This is puzzling to me.
Edit: Now that I think of it, it was probably Bleachbit performing its occasional update check.
It is common for lsass blocking to fill up the log with entries, but not interfere with functionality of the app involved.
- Mar 29, 2018
- 7,595
Thanks. I thought you or Andy had posted a comment about this previously, thus my 2nd question in post #439.
- Mar 13, 2016
- 1,298
@Andy Ful
I updated your excellent program on my ASUS 2-in-1 again and noticed the disable USB execution was greyed out (and automatically turned from on to off). I know it has been reported as not working correctly, but on my Asus 2-in-1 it works fine. Would it be possible to provide an option to enable this (I had forgotten what reg-keys it were, so took me some time to find it again).
Also would you consider to adding rdpshell.exe to the list of sponsors?
** note for myself ** Disable usb-execution (so I find it easily when you keep it switched off)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
"Deny_Execute"=dword:00000001
Thanks for all the effort you have put into H_C, ConfigureDefender and documentsanti-exploit). Using your software, WD is the only security I need:emoji_clap:
I updated your excellent program on my ASUS 2-in-1 again and noticed the disable USB execution was greyed out (and automatically turned from on to off). I know it has been reported as not working correctly, but on my Asus 2-in-1 it works fine. Would it be possible to provide an option to enable this (I had forgotten what reg-keys it were, so took me some time to find it again).
Also would you consider to adding rdpshell.exe to the list of sponsors?
** note for myself ** Disable usb-execution (so I find it easily when you keep it switched off
)Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
"Deny_Execute"=dword:00000001
Thanks for all the effort you have put into H_C, ConfigureDefender and documentsanti-exploit). Using your software, WD is the only security I need
:emoji_clap:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Thanks for the kind words. I will think about it, although it will be risky for some users.
Anyway, if you have installed Windows 10, then there is an ASR rule that blocks untrusted and unsigned processes that run from USB. Furthermore, the execution from USB is blocked by recommended SRP settings. Do you have any problem with applying these restrictions?
From what I learned about rdpshell.exe it could work only with opened Remote Desktop session. But, H_C blocks it and some other remote features via <Block Remote Access>.
Do you have in mind the scenario, when the user wants to use some remote features and block only RemoteApp session?
- Mar 13, 2016
- 1,298
@Andy Ful
Blocking USB unsigned. Have to check that ASR, thanks. Since USB block works on all our devices (a Desktop a Leneovo Yoga and a Asus Transformer) the width/impact of the problem is low in my personal experience. No problem when you don't facilitate, but H_C is actively disabling it now.
RDPshell. not really at the moment, but when Microsoft starts to advice to block some unneeded programs (thx to @shmu26 Discuss - Microsoft Recommends Default-Deny (Sort of)) why not block this unnessecary (when not using remote also). Remote desktop allows access, RDPshell the (possibly malicious) action, so blocking both is a sort of double lock.
Regards Kees
Blocking USB unsigned. Have to check that ASR, thanks. Since USB block works on all our devices (a Desktop a Leneovo Yoga and a Asus Transformer) the width/impact of the problem is low in my personal experience. No problem when you don't facilitate, but H_C is actively disabling it now.
RDPshell. not really at the moment, but when Microsoft starts to advice to block some unneeded programs (thx to @shmu26 Discuss - Microsoft Recommends Default-Deny (Sort of)) why not block this unnessecary (when not using remote also). Remote desktop allows access, RDPshell the (possibly malicious) action, so blocking both is a sort of double lock.
Regards Kees
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
From the next version, H_C will stop actively disabling this feature. I do not want to enable it in H_C because when it fails, then the computer is bricked even after restarting into Safe Mode.
I am sure that you do not need to block it. Blocking remote control is very important for home users, so it is applied in H_C by default. The only way to use rdpshell.exe with disabled Remote Desktop could be related to some unknown Windows exploit and installation of some additional modules. But, your requests are always important to me so I will add rdpshell.exe to blocked Sponsors in the next version of H_C.
Last edited:
- Jul 3, 2015
- 8,153
Is there a way to make the Sponsors list customizable, sort of like the Whitelist By Path list is? Then, extreme security enthusiasts can torture their own systems as they wish.I will add rdpshell.exe to blocked Sponsors in the next version of H_C.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
I am thinking about it for a long time, but still not sure. Blocking more than is actively used by malc0ders is dangerous to the system/software stability (H_C can block over 170 programs and modules from Windows folder).
H_C allows only those tortures which cannot kill the victim for sure.
- Jul 3, 2015
- 8,153
I think you should include that line in the manual LOLLLLL
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
After reading the manual, the user will not believe it anyway.
- Dec 24, 2011
- 480
Thx AndyFul for this great tool!
Finally WD does what it is supposed to do
Would you say OSArmor could add some protection over all the tweaks you made in your app, or would it be overlapping?
/W
Finally WD does what it is supposed to do
Would you say OSArmor could add some protection over all the tweaks you made in your app, or would it be overlapping?
/W
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
You can use OSArmor. It overlaps a little with ASR rules, but can add some useful protection.
You have to remember that some OSArmor advanced settings related to PowerShell may block the actions of ConfigureDefender, so you have to make exclusions in OSArmor.
You have to remember that some OSArmor advanced settings related to PowerShell may block the actions of ConfigureDefender, so you have to make exclusions in OSArmor.
Last edited:
- Mar 29, 2018
- 7,595
@Andy Ful when does the new version of CD arrive?
- Jul 3, 2015
- 8,153
Question about "Max" settings: When I get a smartscreen block on a new file, such as a beta version of one of your tools, it seems that I can't click past smartscreen anymore, even if I want to. What is recommended?
- Mar 29, 2018
- 7,595
That's because Max sets SS > Block in Edge, etc. Please change > 'warn" or "user". I always first choose a protection level and then manually adjust individual features as needed.
Similar threads
-
- Sticky
