shmu26

Level 78
Content Creator
Trusted
Verified
Does everything work well when this ASR rule is disabled (reboot is necessary) in ConfigureDefender and mshta.exe is unblocked in H_C?
I am asking, because something else interferes with this issue, too. The driver/software actions are not fully blocked or something prevents the proper logging.
What Enforcement setting do you have?
I always had success in the past when disabling this particular ASR rule.
Yesterday I disabled a lot of ASR rules, and did not test that one in particular.

As for MSHTA, I used to run the program as admin, to get around the problem. The program is not installed right now.
 

shmu26

Level 78
Content Creator
Trusted
Verified
Wow, that was a boring review. The only thing he was thinking about was how many mouse clicks you need to scroll through the GUI, he didn't even mention ASR, which is the heart of the matter. Brinkman was sleeping on the job.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
Wow, that was a boring review. The only thing he was thinking about was how many mouse clicks you need to scroll through the GUI, he didn't even mention ASR, which is the heart of the matter. Brinkman was sleeping on the job.
The article needs to be understood by all users reading it as it is an introductory one. If he goes technical then none will read and they will just close it. Either that or he is not qualified to go technical but the first assumption makes sense to me so i will give him a pass.
 

In2an3_PpG

Level 17
Content Creator
Verified
Where is the name drop? "ConfigureDefender is an open source tool for Microsoft's Windows operating system that helps system administrators configure Windows Defender." In that first line it should read, ConfigureDefender is an open source tool created by @Andy Ful for Microsoft's Windows operating system....

Then the comments at the bottom. One person being paranoid for not upgrading to Windows 10, trying to get the app to work on 8 :ROFLMAO:. The other saying disabled WD is the only way i roll.
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
Where is the name drop? "ConfigureDefender is an open source tool for Microsoft's Windows operating system that helps system administrators configure Windows Defender." In that first line it should read, ConfigureDefender is an open source tool created by @Andy Ful for Microsoft's Windows operating system....

Then the comments at the bottom. One person being paranoid for not upgrading to Windows 10, trying to get the app to work on 8 :ROFLMAO:. The other saying disabled WD is the only way i roll.
Fortunately, if the user is going to run ConfigureDefender on Windows 8.1 and prior versions, the program will show the alert: "This program works only on Windows 10.":giggle:
 

oldschool

Level 26
Verified
@shmu26 - I read GHacks regularly and that is Martin's style. He appears to prefer a neutral tone for his articles and rarely (ever?) writes a typical review. I think his intent is to introduce the function and UI of a software and occasionally will compare it generally to another program. I appreciate his site precisely for this informative style which leaves the real reviews to others.

Kudos to @Andy Ful ! (y)
 

shmu26

Level 78
Content Creator
Trusted
Verified
@shmu26 - I read GHacks regularly and that is Martin's style. He appears to prefer a neutral tone for his articles and rarely (ever?) writes a typical review. I think his intent is to introduce the function and UI of a software and occasionally will compare it generally to another program. I appreciate his site precisely for this informative style which leaves the real reviews to others.

Kudos to @Andy Ful ! (y)
Thanks. I didn't know that. My apologies to Martin :)
 

oldschool

Level 26
Verified
The new version 2.0.0.0 of ConfigureDefender is available on GitHub:
Added two new WD ASR rules:
1. Block only Office communication applications from creating child processes (includes Outlook protection).
2. Block Adobe Reader from creating child processes.
I assume this will be integrated into the next version of H_C?
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
Please let me know, if someone has a problem with printing. In "Defender high settings", there are two rules which can block creation of child processes, one rule for MS Office applications and one for Adobe Reader (the last was introduced in Windows ver. 1809). As @shmu26 reported, the first rule might cause problems with printing (HP printer).
 

shmu26

Level 78
Content Creator
Trusted
Verified
Please let me know, if someone has a problem with printing. In "Defender high settings", there are two rules which can block creation of child processes, one rule for MS Office applications and one for Adobe Reader (the last was introduced in Windows ver. 1809). As @shmu26 reported, the first rule might cause problems with printing (HP printer).
My problems were specifically with the print to fax driver. Regular printing worked fine. Even if I put MS Office in a "cage", using Excubits MemProtect, I can do regular printing.
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
@Andy Ful Would it be possible to post Sha256 for your releases? On chip.de you can download stuff without their installer when you click the words "manuelle Installation". It a "nearly" invisible small Button on the right next to their big download button.View attachment 200604
This is also possible on dobreprogramy.pl, but many users will simply download website installers anyway.
The hashes of version 2.0.0.0
ConfigureDefender_x64.exe
112366df0ddc6102c5d7efe9e59ca37ff2abb03cc3b70516e6767dc0a29157af
ConfigureDefender_x86.exe
9941cf56d5d8aeee9227fc8806efe3f633c3a3cb402b842052970c8fe82a8d14
The problem with Sha256 hash is that it can be replaced by the malc0ders with the hash of the malicious file.