Okay, I cleared Windows Defender threat of Hard_Config download. I turned off Windows Defender protection, downloaded and installed Hard_Config, added C/Windows/Hard_Config exclusion to Defender. Loaded Config_Defender 18.104.22.168 to C/Windows/Hard_Config, opened Hard_Config GUI and applied protections, logged out. Logged back in re- activated Windows Defender protections. Bit of a dance but all good.
Nice! That's one of the nice things about using Windows built-in. It's definitely clunky and could be refined, but less problems overall.