ConfigureDefender utility for Windows 10/11

Andy Ful · Jun 18, 2019

askalan said:
I want to add a ConfigureDefender section to the Hard_Configurator home page because ConfigureDefender is an important part of H_C. But I'm still missing a text/phrase. @Andy Ful @shmu26 @oldschool

A section with the test results from the Hub (H_C tweaks and SmartScreen without any AV as usual) will be added later. Any help or advice (EDIT: changed tip to advice perhaps of confusion) is welcome! (maybe an extra FAQ?)

Maybe something like this as an additional introductory section?
***************************
Enables some important Windows Defender features.
Such as: PUA Protection, advanced Cloud Protection Levels, Attack Surface Reduction rules, Network Protection, etc. These features are not available from Windows Security Center. The configuration can be done via ConfigureDefender tool and includes three predefined security profiles, which can be customized by the user.
*************************
You can also use the @oldschool post and help from ConfigureDefender when constructing the page dedicated to ConfigureDefender tool.

The help file is in the attachment (DOCX file, please delete the .txt )

We can also work on FAQ, so ConfigureDefender users are invited to ask questions here.

Andrew3000 · Jun 18, 2019

Andy Ful said:
Maybe something like this as an additional introductory section?
***************************
Enables some important Windows Defender features.
Such as: PUA Protection, advanced Cloud Protection Levels, Attack Surface Reduction rules, Network Protection, etc. These features are not available from Windows Security Center. The configuration can be done via ConfigureDefender tool and includes three predefined security profiles, which can be customized by the user.
*************************
You can also use the @oldschool post and help from ConfigureDefender when constructing the page dedicated to ConfigureDefender tool.
The help file is in the attachment (DOCX file, please delete the .txt )

We can also work on FAQ, so ConfigureDefender users are invited to ask questions here.

Thanks for the Doc!

shmu26 · Jun 18, 2019

oldschool said:
@askalan @Andy Ful @shmu26

I imagine you want something short and sweet. Here's my first shot at it:

"ConfigureDefender is an open source tool that enables users to easily configure Windows Defender advanced features. It includes three predefined security profiles and allows the user to customize Windows Defender settings."

Based on @oldschool's text, here is another possible variation:
"ConfigureDefender is an open source tool that enables users to easily configure Windows Defender advanced features such as Attack Surface Reduction rules. It includes three predefined security profiles, and also allows customization of individual Windows Defender settings."

Oops, I didn't see the other posts...

AlanOstaszewski · Jun 18, 2019

@oldschool @shmu26
Although it is typical for all projects that are at Github to be open source, ConfigureDefender is closed source to my knowledge.

Thanks for the document @Andy Ful ! Maybe for later: The .odt format (Open Document Format) might be better for collaborations, because this format is open source and therefore more readable for LibreOffice or Softmaker. Or better: Cloud collaboration (Google Docs or similar).

Andy Ful · Jun 18, 2019

askalan said:
...
Thanks for the document @Andy Ful ! Maybe for later: The .odt format (Open Document Format) might be better for collaborations, because this format is open source and therefore more readable for LibreOffice or Softmaker. Or better: Cloud collaboration (Google Docs or similar).

No problem.

Digmor Crusher · Jul 5, 2019

So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.

oldschool · Jul 5, 2019

Digmor Crusher said:
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.

Yes, it means MS WD default settings. And you may just delete the file to remove. I usually move the appropriate .exe file to Windows folder when I use it, since it is protected.

Digmor Crusher · Jul 6, 2019

Thanks oldschool

paulderdash · Jul 6, 2019

Digmor Crusher said:
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.

oldschool said:
Yes, it means MS WD default settings. And you may just delete the file to remove. I usually move the appropriate .exe file to Windows folder when I use it, since it is protected.

Good to know.
Also have a virgin clean-installed Win 10 (Home) 1903, which i want to keep as simple as possible.
Thinking of just running ConfigureDefender, at High setting, and Firefox with uBlock (medium mode) and password manager extensions only.
(Maybe H_C instead ... later).

Another virgin clean-installed Win 10 1903 will be used for other adventures / combos.

Gandalf_The_Grey · Jul 15, 2019

Does Windows Defender have to be active (no 3rd party AV or maybe periodic scanning) for the ASR rules to work?
For example you first use WD and set it on high with CD and after that you install an 3rd party AV.

shmu26 · Jul 15, 2019

Gandalf_The_Grey said:
Does Windows Defender have to be active (no 3rd party AV or maybe periodic scanning) for the ASR rules to work?
For example you first use WD and set it on high with CD and after that you install an 3rd party AV.

If you have a 3rd party AV, the ASR rules will not apply. WD needs to be providing active protection for ASR rules to apply.

shmu26 · Aug 8, 2019

I am on 1903 with tamper protection enabled, with most of the ASR rules and other mitigations enabled.
I clicked the default button, and the tool reports that everything reverted to default settings. It still shows that after a reboot.
But I thought tamper protection prevents some of the changes?

Andy Ful · Aug 8, 2019

shmu26 said:
I am on 1903 with tamper protection enabled, with most of the ASR rules and other mitigations enabled.
I clicked the default button, and the tool reports that everything reverted to default settings. It still shows that after a reboot.
But I thought tamper protection prevents some of the changes?

New TrickBot Version Focuses on Microsoft's Windows Defender

A new version of the TrickBot banking Trojan continues its evolution of targeting security software in order to prevent its detection and removal. In this new version, TrickBot has set its sights on Windows Defender, which for many people is the only antivirus installed on a Windows 10 machine...

malwaretips.com

Two of these options can be configured in ConfigureDefender, but disabling them will be blocked. Of course, disabling these options would be stupid, anyway.

Ink · Aug 13, 2019

@Andy Ful It's being flagged by SmartScreen's App Rep on Microsoft Edge (Chromium dev).

Sent a report as Safe.

Andy Ful · Aug 13, 2019

Spawn said:
@Andy Ful It's being flagged by SmartScreen's App Rep on Microsoft Edge (Chromium dev).

View attachment 219816

Sent a report as Safe.

Thanks.

It seems that the SmartScreen on Edge Dev works like the old native Edge versions. From over a year, the native Edge does not trigger the SmartScreen alert on files which are not in the base but are not recognized as malicious.

Andy Ful · Aug 21, 2019

ConfigureDefender ver. 2.0.1.1

for Windows 64-bit: AndyFul/ConfigureDefender
for Windows 32bit: AndyFul/ConfigureDefender

The ConfigureDefender's code signing certificate is now accepted by SmartScreen.

What is new?

	Version 2.0.1.1
	1. Added additional ASR rule: "Block persistence through WMI event subscription".
	2. Minor GUI improvements.

	Version 2.0.1.0
	The ConfigureDefender executables are now digitally signed with Certum Open Source Code Signing certificate.

Burrito · Aug 21, 2019

Andy Ful said:
ConfigureDefender ver. 2.0.1.1

Thanks Andy.

shmu26 · Aug 22, 2019

Thanks, Andy. I can just copy it into C:\Windows\Hard_Configurator, and replace the existing file, yeah?

Andy Ful · Aug 22, 2019

shmu26 said:
Thanks, Andy. I can just copy it into C:\Windows\Hard_Configurator, and replace the existing file, yeah?

Yes. But I will push a new version of H_C today with updated H_C.

Digmor Crusher · Aug 23, 2019

Mr. Ful to update to new version just delete the old version, download new, set protection level, good to go?

Also. does running this in High setting make OSA redundant?

Thanks.

ConfigureDefender utility for Windows 10/11

From Hard_Configurator Tools

Attachments

Level 11

Level 85

Level 16

From Hard_Configurator Tools

Attachments

Level 25

Level 84

Level 25

Level 6

Level 83

Level 85

Level 85

From Hard_Configurator Tools

Administrator

From Hard_Configurator Tools

From Hard_Configurator Tools

Level 24

Level 85

From Hard_Configurator Tools

Level 25

Similar threads