ConfigureDefender utility for Windows 10/11

oldschool

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,595
Andy Ful said:
The new ConfigureDefender ver. 1.0.1.0 is available for testing:
Added ASR mitigations introduced in Windows ver. 1803 (they should work also on updated ver. 1709).
In the "Child Protection", all ASR mitigations are enabled, with some folder exclusions:
Windows, Program Files ..., ProgramData\Microsoft\Windows Defender.
.
I noticed that mitigation: "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" is more restrictive than Defender 'Cloud Protection Level' set to Block. Furthermore, most executables blocked by this mitigation (but not all) can be run after one day.
.
The mitigation "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" can block some schtaks.exe processes and also processes started by Windows Defender in the folder: ProgramData\Microsoft\Windows Defender.

Post edited.
The Lsass rule, does not support exclusions.
Click to expand...


Do you advise downloading this to replace current version - IF NOT testing?
 
  • Like
Reactions: Gandalf_The_Grey, shmu26 and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
The new ConfigureDefender ver. 1.0.1.1 is available:
for Windows 64-bit: AndyFul/ConfigureDefender
for Windows 32-bit: AndyFul/ConfigureDefender
.
1. Corrected a minor bug related to unnecessary folder exclusion for the ASR mitigation that does not support exclusions.
2. In <Defender high settings> the ASR mitigation 'Use advanced protection against ransomware' is set to ON, and 'Controlled Folder Access' is set to Audit.
.
<Defender high settings> can be adopted by most users.
<Child Protection> is very restrictive due to Controlled Folder Access, hiding the Defender Security Center, and two new mitigations:
  • Block executable files from running unless they meet a prevalence, age, or trusted list criteria
  • Block credential stealing from the Windows local security authority subsystem (lsass.exe)
The new version was sent to Microsoft and is whitelisted by Defender. It is not whitelisted by SmartScreen, yet. This will take some time.
Be safe.:)
 
  • Like
Reactions: ForgottenSeer 85179, Av Gurus, ForgottenSeer 72227 and 13 others
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Congrats on the official release. Had been running 1.0.1.0 on two 1803 installs without any issues or events showing in event viewer. Already changed both boxes to new 1.0.1.1 this morning. Using both ConfigureDefender and Hard Configurator have saved much time maintaining Pro versions that I used to configure SRP on myself. Greatly appreciated Andy.
 
  • Like
Reactions: Sunshine-boy, shmu26, oldschool and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Thanks. I will push the new version (4.0.0.0) ) of Hard_Configurator soon with integrated ConfigureDefender. In Hard_Configurator the user can use NirSoft FullEventLogView with the predefined config file to see Windows Defender alerts. I am waiting for whitelisting Hard_Configurator by Avast.
 
  • Like
Reactions: ForgottenSeer 85179, Av Gurus, shmu26 and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,229
Andy Ful said:
The new ConfigureDefender ver. 1.0.1.1 is available:
for Windows 64-bit: AndyFul/ConfigureDefender
for Windows 32-bit: AndyFul/ConfigureDefender
.
1. Corrected a minor bug related to unnecessary folder exclusion for the ASR mitigation that does not support exclusions.
2. In <Defender high settings> the ASR mitigation 'Use advanced protection against ransomware' is set to ON, and 'Controlled Folder Access' is set to Audit.
.
<Defender high settings> can be adopted by most users.
<Child Protection> is very restrictive due to Controlled Folder Access, hiding the Defender Security Center, and two new mitigations:
  • Block executable files from running unless they meet a prevalence, age, or trusted list criteria
  • Block credential stealing from the Windows local security authority subsystem (lsass.exe)
The new version was sent to Microsoft and is whitelisted by Defender. It is not whitelisted by SmartScreen, yet. This will take some time.
Be safe.:)
Click to expand...
Thanks for the update and this great piece of software (y)
What does "Audit" mean?
Do you get a popup?
 
  • Like
Reactions: vtqhtr413, shmu26, Andy Ful and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,476
Gandalf_The_Grey said:
Thanks for the update and this great piece of software (y)
What does "Audit" mean?
Do you get a popup?
Click to expand...
'Audit' means that the file will not be blocked (no visible alert), but the info about the possible block (if the setting was Enabled) is written to the Windows Event Log. It helps to find out how safe will be enabling the setting and what the user can expect after enabling it.
Import custom views to see Windows Defender Exploit Guard events
It is convenient to prepare a custom view only for Windows Defender. One can also use NirSoft tool FullEventLogView with the custom config. See the config file in attachment (change the file extension .txt --> .cfg).
 

Attachments

  • FullEventLogView.txt
    1.1 KB · Views: 473
Last edited:
  • Like
Reactions: vtqhtr413, shmu26, oldschool and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,229
  • Like
Reactions: vtqhtr413, shmu26, Andy Ful and 1 other person
Yellowing

Yellowing

Level 5
Verified
Jun 7, 2018
221
This is a very nice application! Good work! :)

Could you please keep the initial post up to date? I was wondering for a while if you switched to a different platform because the link threw 404.
I thought because microsoft bought it or something. :D

Thanks!
 
  • Like
Reactions: vtqhtr413, shmu26 and Andy Ful

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,064
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,410
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,215
Video Reviews - Security and Privacy
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top