ConfigureDefender utility for Windows 10/11

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I chose the Default Profile and rebooted the system. The default profile resolved the issue, and now everything works properly.
It is strange. Normally, the Default Profile turns OFF the PUA protection, so "App & browser control" is not fully turned ON. :unsure:
The warning disappears when one press "Dismiss":

1685286405573.png


I think that when you apply the HIGH Protection Level now, then everything should be OK.
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
I have found that anything developed by Andy Ful, I use Hard_Configurator, is first rate, and never has given me issues. Recently, I setup Windows 10, 22H2, on my wife's newest laptop, with latest Beta version of H_C, and it runs flawlessly (y) Not at all surprised.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
@Andy Ful

Why not remove hxxps:// hard-configurator from the opening post?

What Office products does ASR support?

I have Windows Update set to "notify for download". How do I get Defender updates independent of WU?
I kind of agree. I had the website bookmarked and didn’t realize it was decommissioned. It has a lovely redirect to a virus/adware laden site. Just was testing some dns response time and clicked it. Oops. Haha.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
@Andy Ful

Why not remove hxxps:// hard-configurator from the opening post?

What Office products does ASR support?

I have Windows Update set to "notify for download". How do I get Defender updates independent of WU?
The link has been removed. Thanks.
MS Office (for any rule that includes the "office" term in its description).
Use Security Center to update Defender manually or right-click on the Defender icon (on the system tray) and choose the appropriate option.
 
F

ForgottenSeer 100397

Block executable files from running unless they meet a prevalence, age, or trusted list criteria

1. Does this also pertain to installed programs?
2. Will adding the blocked program to Defender's exclusion list bypass this protection?
3. Can setting the protection to "Warn" (to allow) and then back to "ON" permanently allow the blocked program?
4. Will moving the CD executable require me to reapply the protection levels?
 
Last edited by a moderator:
  • Like
Reactions: Gandalf_The_Grey

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Block executable files from running unless they meet a prevalence, age, or trusted list criteria

1. Does this also pertain to installed programs?
2. Will adding the blocked program to Defender's exclusion list bypass this protection?
3. Can setting the protection to "Warn" (to allow) and then back to "ON" permanently allow the blocked program?
4. Will moving the CD executable require me to reapply the protection levels?
  1. Yes.
  2. No. But, you can use the exclusions for ASR rules.
  3. Bypassing Warn, should allow the file for 24 hours. But, it is also possible that during this time, Microsoft can whitelist the file.
  4. If you apply the settings via ConfigureDefender, they are written into the Windows Registry as native Defender settings. ConfigureDefender is not required to keep them working.
 
F

ForgottenSeer 100397

Is a system restart and clicking Refresh necessary for CD with individual settings changed?

Do settings like these or others impact Windows Update?
"Block executable files from running unless they meet prevalence, age, or trusted list criteria."

I am replacing ON with Warn (where available) while using High Protection. Do you have any suggestions?

Does ON notify me about blocking?
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Is a system restart and clicking Refresh necessary for CD with individual settings changed?

Yes. That is why It is noted in the Configuredefender HELP.

1688551229801.png


Anyway, there are a few settings that do not require Windows Restart, like SmartScreen settings.
The REFRESH option only checks if the new settings were properly written in the Registry - some AVs can silently block such changes. So if you are sure that nothing tampers with ConfigureDefender, then the REFRESH can be skipped.


Do settings like these or others impact Windows Update?
"Block executable files from running unless they meet prevalence, age, or trusted list criteria."

No. But there was a single event when one of the ASR rules for MS Office caused a mess on the users' Desktops (shortcuts killed by Defender after Defender update).

I am replacing ON with Warn (where available) while using High Protection. Do you have any suggestions?

It is OK.

Does ON notify me about blocking?

Mostly Yes, but not always.
 
Last edited:

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
No. But there was a single event when one of the ASR rules for MS Office caused a mess on the users' Desktops (shortcuts killed by Defender after Defender update).
If I still have a good memory, this happened on January 13, 2023 on a Friday (the 13th) lol, when my desktop shortcuts started disappearing after a Defender update that Microsoft pushed on users, this day will be unforgettable lol. :LOL:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
ConfigureDefender 3.1.1.1 with an updated digital certificate:

No changes as compared to ver 3.0.1.1, except for adding the updated certificate. In the ConfigureDefender window, this version is still described as 3.0.1.1. The code of x86 and x64 executables is identical in versions 3.0.1.1 and 3.1.1.1. But, because of adding new certificates, the file hashes are different.
 
F

ForgottenSeer 100397

@Andy Ful

I think that the “High” Protection Level with “Block Executables From Running” is very secure and can handle zero-day threats. This protection is as good as, or even better than, the default protection from third-party vendors such as Kaspersky, Eset, or Bitdefender. What is your response?

Does the "Block Executables" rule allow or block program updates if I exclude the program's folder under ASR Exclusions?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
@Andy Ful
...
Does the "Block Executables" rule allow or block program updates if I exclude the program's folder under ASR Exclusions?
Yes, this rule can block non-prevalent applications, usually for about two days. You can set this rule to 'Warn' and this will allow unblocking the application for 24 hours.
 
F

ForgottenSeer 100397

@Andy Ful

Can the “Block Executables” rule handle only EXE files?

My issue is with the Defender update, since I have Windows Update set to “notify” me. I attempted to use Task Scheduler for the automatic update, but it didn’t work for Defender. I haven’t tried Group Policy yet. Should I avoid using GP for Defender with CD?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
@Andy Ful

Can the “Block Executables” rule handle only EXE files?

The ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" blocks *.exe files.

My issue is with the Defender update, since I have Windows Update set to “notify” me. I attempted to use Task Scheduler for the automatic update, but it didn’t work for Defender.
I probably worked, but I never managed to update the new signatures more frequently than 2 or three times a day. Maybe this can be different in the paid versions of Microsoft Defender.

I haven’t tried Group Policy yet. Should I avoid using GP for Defender with CD?

You can use GPO, when the settings are unrelated to Realtime Protection, File scanning, ASR rules, Controlled Folder Access, and Network Protection.
 
F

ForgottenSeer 100397

The signature version in Windows Security matches the Defender update available in Windows Update. It appears Windows Update installs the Defender update but doesn’t update History or remove the listed update until the next run.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top