ConfigureDefender utility for Windows 10/11

rhythm said:
I chose the Default Profile and rebooted the system. The default profile resolved the issue, and now everything works properly.
Click to expand...
It is strange. Normally, the Default Profile turns OFF the PUA protection, so "App & browser control" is not fully turned ON. :unsure:
The warning disappears when one press "Dismiss":

1685286405573.png


I think that when you apply the HIGH Protection Level now, then everything should be OK.
 
  • Like
Reactions: Nevi, Zero Knowledge and simmerskool
I have found that anything developed by Andy Ful, I use Hard_Configurator, is first rate, and never has given me issues. Recently, I setup Windows 10, 22H2, on my wife's newest laptop, with latest Beta version of H_C, and it runs flawlessly (y) Not at all surprised.
 
  • Like
  • Applause
Reactions: Nevi, Zero Knowledge, piquiteco and 5 others
rhythm said:
@Andy Ful

Why not remove hxxps:// hard-configurator from the opening post?

What Office products does ASR support?

I have Windows Update set to "notify for download". How do I get Defender updates independent of WU?
Click to expand...
I kind of agree. I had the website bookmarked and didn’t realize it was decommissioned. It has a lovely redirect to a virus/adware laden site. Just was testing some dns response time and clicked it. Oops. Haha.
 
  • Like
  • Sad
Reactions: Nevi, Zero Knowledge, simmerskool and 4 others
rhythm said:
@Andy Ful

Why not remove hxxps:// hard-configurator from the opening post?

What Office products does ASR support?

I have Windows Update set to "notify for download". How do I get Defender updates independent of WU?
Click to expand...
The link has been removed. Thanks.
MS Office (for any rule that includes the "office" term in its description).
Use Security Center to update Defender manually or right-click on the Defender icon (on the system tray) and choose the appropriate option.
 
  • Like
Reactions: Nevi, Zero Knowledge, ForgottenSeer 100397 and 3 others
Block executable files from running unless they meet a prevalence, age, or trusted list criteria

1. Does this also pertain to installed programs?
2. Will adding the blocked program to Defender's exclusion list bypass this protection?
3. Can setting the protection to "Warn" (to allow) and then back to "ON" permanently allow the blocked program?
4. Will moving the CD executable require me to reapply the protection levels?
 
Last edited by a moderator:
  • Like
Reactions: Gandalf_The_Grey
rhythm said:
Block executable files from running unless they meet a prevalence, age, or trusted list criteria

1. Does this also pertain to installed programs?
2. Will adding the blocked program to Defender's exclusion list bypass this protection?
3. Can setting the protection to "Warn" (to allow) and then back to "ON" permanently allow the blocked program?
4. Will moving the CD executable require me to reapply the protection levels?
Click to expand...
  1. Yes.
  2. No. But, you can use the exclusions for ASR rules.
  3. Bypassing Warn, should allow the file for 24 hours. But, it is also possible that during this time, Microsoft can whitelist the file.
  4. If you apply the settings via ConfigureDefender, they are written into the Windows Registry as native Defender settings. ConfigureDefender is not required to keep them working.
 
  • Like
Reactions: Nevi, Mercenary, ForgottenSeer 100397 and 4 others
Is a system restart and clicking Refresh necessary for CD with individual settings changed?

Do settings like these or others impact Windows Update?
"Block executable files from running unless they meet prevalence, age, or trusted list criteria."

I am replacing ON with Warn (where available) while using High Protection. Do you have any suggestions?

Does ON notify me about blocking?
 
Last edited by a moderator:
rhythm said:
Is a system restart and clicking Refresh necessary for CD with individual settings changed?
Click to expand...

Yes. That is why It is noted in the Configuredefender HELP.

1688551229801.png


Anyway, there are a few settings that do not require Windows Restart, like SmartScreen settings.
The REFRESH option only checks if the new settings were properly written in the Registry - some AVs can silently block such changes. So if you are sure that nothing tampers with ConfigureDefender, then the REFRESH can be skipped.


rhythm said:
Do settings like these or others impact Windows Update?
"Block executable files from running unless they meet prevalence, age, or trusted list criteria."
Click to expand...

No. But there was a single event when one of the ASR rules for MS Office caused a mess on the users' Desktops (shortcuts killed by Defender after Defender update).

rhythm said:
I am replacing ON with Warn (where available) while using High Protection. Do you have any suggestions?
Click to expand...

It is OK.

rhythm said:
Does ON notify me about blocking?
Click to expand...

Mostly Yes, but not always.
 
Last edited:
  • Like
  • +Reputation
Reactions: Nevi, Zero Knowledge, simmerskool and 4 others
Andy Ful said:
No. But there was a single event when one of the ASR rules for MS Office caused a mess on the users' Desktops (shortcuts killed by Defender after Defender update).
Click to expand...
If I still have a good memory, this happened on January 13, 2023 on a Friday (the 13th) lol, when my desktop shortcuts started disappearing after a Defender update that Microsoft pushed on users, this day will be unforgettable lol. :LOL:
 
  • Like
Reactions: Nevi, Zero Knowledge, simmerskool and 3 others
ConfigureDefender 3.1.1.1 with an updated digital certificate:

No changes as compared to ver 3.0.1.1, except for adding the updated certificate. In the ConfigureDefender window, this version is still described as 3.0.1.1. The code of x86 and x64 executables is identical in versions 3.0.1.1 and 3.1.1.1. But, because of adding new certificates, the file hashes are different.
 
  • Like
  • +Reputation
Reactions: Nevi, Zero Knowledge, Mercenary and 5 others
@Andy Ful

I think that the “High” Protection Level with “Block Executables From Running” is very secure and can handle zero-day threats. This protection is as good as, or even better than, the default protection from third-party vendors such as Kaspersky, Eset, or Bitdefender. What is your response?

Does the "Block Executables" rule allow or block program updates if I exclude the program's folder under ASR Exclusions?
 
  • Like
Reactions: piquiteco and Andy Ful
rhythm said:
@Andy Ful
...
Does the "Block Executables" rule allow or block program updates if I exclude the program's folder under ASR Exclusions?
Click to expand...
Yes, this rule can block non-prevalent applications, usually for about two days. You can set this rule to 'Warn' and this will allow unblocking the application for 24 hours.
 
  • +Reputation
  • Like
Reactions: piquiteco, ForgottenSeer 100397, ErzCrz and 1 other person
@Andy Ful

Can the “Block Executables” rule handle only EXE files?

My issue is with the Defender update, since I have Windows Update set to “notify” me. I attempted to use Task Scheduler for the automatic update, but it didn’t work for Defender. I haven’t tried Group Policy yet. Should I avoid using GP for Defender with CD?
 
rhythm said:
@Andy Ful

Can the “Block Executables” rule handle only EXE files?
Click to expand...

The ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" blocks *.exe files.

rhythm said:
My issue is with the Defender update, since I have Windows Update set to “notify” me. I attempted to use Task Scheduler for the automatic update, but it didn’t work for Defender.
Click to expand...
I probably worked, but I never managed to update the new signatures more frequently than 2 or three times a day. Maybe this can be different in the paid versions of Microsoft Defender.

rhythm said:
I haven’t tried Group Policy yet. Should I avoid using GP for Defender with CD?
Click to expand...

You can use GPO, when the settings are unrelated to Realtime Protection, File scanning, ASR rules, Controlled Folder Access, and Network Protection.
 
  • Like
Reactions: oldschool, piquiteco, ForgottenSeer 100397 and 1 other person
The signature version in Windows Security matches the Defender update available in Windows Update. It appears Windows Update installs the Defender update but doesn’t update History or remove the listed update until the next run.
 
  • Like
Reactions: piquiteco, Andy Ful and oldschool

You may also like...