Andy Ful

Level 48
Verified
Trusted
Content Creator
I want to add a ConfigureDefender section to the Hard_Configurator home page because ConfigureDefender is an important part of H_C. But I'm still missing a text/phrase. @Andy Ful @shmu26 @oldschool

A section with the test results from the Hub (H_C tweaks and SmartScreen without any AV as usual) will be added later. Any help or advice (EDIT: changed tip to advice perhaps of confusion) is welcome! (maybe an extra FAQ?)
Maybe something like this as an additional introductory section?
***************************
Enables some important Windows Defender features.
Such as: PUA Protection, advanced Cloud Protection Levels, Attack Surface Reduction rules, Network Protection, etc. These features are not available from Windows Security Center. The configuration can be done via ConfigureDefender tool and includes three predefined security profiles, which can be customized by the user.
*************************
You can also use the @oldschool post and help from ConfigureDefender when constructing the page dedicated to ConfigureDefender tool.:giggle:
The help file is in the attachment (DOCX file, please delete the .txt )

We can also work on FAQ, so ConfigureDefender users are invited to ask questions here. (y)
 

Attachments

Andrew3000

Level 6
Verified
Malware Tester
Maybe something like this as an additional introductory section?
***************************
Enables some important Windows Defender features.
Such as: PUA Protection, advanced Cloud Protection Levels, Attack Surface Reduction rules, Network Protection, etc. These features are not available from Windows Security Center. The configuration can be done via ConfigureDefender tool and includes three predefined security profiles, which can be customized by the user.
*************************
You can also use the @oldschool post and help from ConfigureDefender when constructing the page dedicated to ConfigureDefender tool.:giggle:
The help file is in the attachment (DOCX file, please delete the .txt )

We can also work on FAQ, so ConfigureDefender users are invited to ask questions here. (y)
Thanks for the Doc! :D
 

shmu26

Level 83
Verified
Trusted
Content Creator
@askalan @Andy Ful @shmu26

I imagine you want something short and sweet. Here's my first shot at it:

"ConfigureDefender is an open source tool that enables users to easily configure Windows Defender advanced features. It includes three predefined security profiles and allows the user to customize Windows Defender settings."
Based on @oldschool's text, here is another possible variation:
"ConfigureDefender is an open source tool that enables users to easily configure Windows Defender advanced features such as Attack Surface Reduction rules. It includes three predefined security profiles, and also allows customization of individual Windows Defender settings."

Oops, I didn't see the other posts...
 

askalan

Level 16
Verified
Malware Hunter
@oldschool @shmu26
Although it is typical for all projects that are at Github to be open source, ConfigureDefender is closed source to my knowledge.

Thanks for the document @Andy Ful ! Maybe for later: The .odt format (Open Document Format) might be better for collaborations, because this format is open source and therefore more readable for LibreOffice or Softmaker. Or better: Cloud collaboration (Google Docs or similar).
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
...
Thanks for the document @Andy Ful ! Maybe for later: The .odt format (Open Document Format) might be better for collaborations, because this format is open source and therefore more readable for LibreOffice or Softmaker. Or better: Cloud collaboration (Google Docs or similar).
No problem. :giggle:
 

Attachments

So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.
 

oldschool

Level 35
Verified
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.
Yes, it means MS WD default settings. And you may just delete the file to remove. I usually move the appropriate .exe file to Windows folder when I use it, since it is protected.
 

paulderdash

Level 4
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.
Yes, it means MS WD default settings. And you may just delete the file to remove. I usually move the appropriate .exe file to Windows folder when I use it, since it is protected.
Good to know.
Also have a virgin clean-installed Windows 10 (Home) 1903, which i want to keep as simple as possible.
Thinking of just running ConfigureDefender, at High setting, and Firefox with uBlock (medium mode) and password manager extensions only.
(Maybe H_C instead ... later).

Another virgin clean-installed Windows 10 1903 will be used for other adventures / combos.
 
Last edited:

shmu26

Level 83
Verified
Trusted
Content Creator
Does Windows Defender have to be active (no 3rd party AV or maybe periodic scanning) for the ASR rules to work?
For example you first use WD and set it on high with CD and after that you install an 3rd party AV.
If you have a 3rd party AV, the ASR rules will not apply. WD needs to be providing active protection for ASR rules to apply.
 

shmu26

Level 83
Verified
Trusted
Content Creator
I am on 1903 with tamper protection enabled, with most of the ASR rules and other mitigations enabled.
I clicked the default button, and the tool reports that everything reverted to default settings. It still shows that after a reboot.
But I thought tamper protection prevents some of the changes?
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
I am on 1903 with tamper protection enabled, with most of the ASR rules and other mitigations enabled.
I clicked the default button, and the tool reports that everything reverted to default settings. It still shows that after a reboot.
But I thought tamper protection prevents some of the changes?
Two of these options can be configured in ConfigureDefender, but disabling them will be blocked. Of course, disabling these options would be stupid, anyway.:D
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
@Andy Ful It's being flagged by SmartScreen's App Rep on Microsoft Edge (Chromium dev).

View attachment 219816

Sent a report as Safe.
Thanks. :giggle:
It seems that the SmartScreen on Edge Dev works like the old native Edge versions. From over a year, the native Edge does not trigger the SmartScreen alert on files which are not in the base but are not recognized as malicious.
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
ConfigureDefender ver. 2.0.1.1
The ConfigureDefender's code signing certificate is now accepted by SmartScreen.

What is new?

Version 2.0.1.1
1. Added additional ASR rule: "Block persistence through WMI event subscription".
2. Minor GUI improvements.
Version 2.0.1.0
The ConfigureDefender executables are now digitally signed with Certum Open Source Code Signing certificate.