ConfigureDefender utility for Windows 10

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
I am installing now the Windows 10 upgrade and will try to reproduce your problems. Yet, your problem with Edge should not be related to Hard_Configurator or ConfigureDefender, except if you have set SRP to check DLLs. If you have done this, then the problem will remain, because Edge and this SRP setting were incompatible also in the older Windows 10 versions. We will see, I will come back after some hours.(y)
 
  • Like
Reactions: askmark, oldschool, shmu26 and 3 others
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,033
Andy Ful said:
I am installing now the Windows 10 upgrade and will try to reproduce your problems. Yet, your problem with Edge should not be related to Hard_Configurator or ConfigureDefender, except if you have set SRP to check DLLs. If you have done this, then the problem will remain, because Edge and this SRP setting were incompatible also in the older Windows 10 versions. We will see, I will come back after some hours.(y)
Click to expand...
FYI, I'm not using Edge so it isn't an issue to me
 
  • Like
Reactions: oldschool and shmu26
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
I am installing now the Windows 10 upgrade and will try to reproduce your problems. Yet, your problem with Edge should not be related to Hard_Configurator or ConfigureDefender, except if you have set SRP to check DLLs. If you have done this, then the problem will remain, because Edge and this SRP setting were incompatible also in the older Windows 10 versions. We will see, I will come back after some hours.(y)
Click to expand...

I finally was able to uninstall Hard_Configurator by turning off Windows Defender protection plus turning off protected folders, I then could go into GUI without triggering Windows Defender. I turned off H_C SRP and Protections and logged off WITHOUT entering Config/Defender GUI. I then logged back into the Account and used H_C tools to uninstall H_C. After prompted reboot I was able to get an internet connection with Edge.

Andy, curious if the process of uninstall returned Defender to default settings?

I will run without Hard_Configurator on two machines and not touch the other two until the issues with Microsoft get resolved. Thanks again.
 
  • Like
Reactions: oldschool and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
I am back, after upgrading to Windows 10 ver. 1609.
  1. Installed Hard_Configurator ver. 4.0.0.0 - WD quarantined ConfigureDefender, but allowed to install Hard_Configurator.
  2. Applied the recommended settings.
  3. Opened Edge.
  4. Opened Task Manager (some people reported problems).
  5. Uninstalled Hard_Configurator and installed again without problems.
  6. Activated DLL checking and blocked all available sponsors.
  7. Opened Edge again.
So far, no issues. Even the CPU problem with Task Manager is absent on my system (Windows Pro).

Turned off WD real time protection. Ran ConfigureDefender - High Defender Settings were activated and additionally all ASR rules were set to ON and Network Protection was set to ON. Controlled Folder Access was set to OFF.
 
  • Like
Reactions: vtqhtr413, oldschool, shmu26 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Reldel1 said:
...
Andy, curious if the process of uninstall returned Defender to default settings?
...
Click to expand...
Yes. Uninstalling Hard_Configurator changes the WD settings to default values. It seems that one of ConfigureDefender settings (probably 'Network Protection') could cause some problems with the Internet connection on your machine.
The other problem is blocking Hard_Configurator on your machine. You probably used it to run ConfigureDefender and the local WD AI connected this with malware chain and next time also Hard_Configurator was blocked (but not quarantined). When you clear the WD threat history, then you should use H_C without problems.(y)
 
  • Like
Reactions: vtqhtr413, harlan4096 and oldschool
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
Yes. Uninstalling Hard_Configurator changes the WD settings to default values. It seems that one of ConfigureDefender settings (probably 'Network Protection') could cause some problems with the Internet connection on your machine.
The other problem is blocking Hard_Configurator on your machine. You probably used it to run ConfigureDefender and the local WD AI connected this with malware chain and next time also Hard_Configurator was blocked (but not quarantined). When you clear the WD threat history, then you should use H_C without problems.(y)
Click to expand...
Thanks, will give it a go in a bit. Yes, I am inclined to believe it was the network protection that blocked Edge.
 
  • Like
Reactions: Andy Ful and oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
The simplest way to avoid problems with Hard_Configurator blocking is opening the Hard_Configurator folder and let WD quarantine ConfigureDefender.
If someone likes to use ConfigureDefender then two things should be done from WD Security Center:
  1. Recover ConfigureDefender from quarantine.
  2. Add ConfigureDefender executable to WD exclusions.
I am trying to fulfill the new Microsoft requirements in the new ConfigureDefender version which is now analyzed by Microsoft.
 
Last edited:
  • Like
Reactions: Weebarra, vtqhtr413, harlan4096 and 5 others
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,114
I have not upgraded to 1809 yet. I already had H_C and ConfigureDefender excluded in CFA. I just opened CD, WD quarantined it, recovered from quarantine. Seems to work. Also, looking forward to next H_C. :)(y)

Edit: I should add that Hard_Configurator was not flagged by WD, only ConfigureDefender.
 
Last edited:
  • Like
Reactions: Weebarra, Andy Ful, vtqhtr413 and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Reldel1 said:
Thanks, will give it a go in a bit. Yes, I am inclined to believe it was the network protection that blocked Edge.
Click to expand...
It could be also that the local WD AI did some actions to prevent (imaginary) infection. Sometimes the AV actions can be like allergy, not adequate to the danger.
 
  • Like
Reactions: Weebarra, vtqhtr413, harlan4096 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
Microsoft Analyst was kind to accept the new version of ConfigureDefender - I submitted the ver. 1.1.1.1 as an incorrect detection. Here is the full answer:
"Analyst comments:

Hello Andy Ful,
Thank you for your inquiry.
We have reviewed the file and we have removed the detection. Please try the following steps to clear cached detections and obtain the latest malware definitions.
  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run MpCmdRun.exe -removedefinitions -dynamicsignatures
The latest definition is available for download here: Latest definition updates for Windows Defender Antivirus and other Microsoft antimalware - Windows Defender Security Intelligence
Best regards,
Windows Defender Response"

The new ConfigureDefender version 1.1.1.1 will be pushed on GitHub today in the night.
The commandline noted by the analyst will be helpful if the local WD AI blocked something by dynamic local signatures (not quarantined) that is actual whitelisted (like Hard_Configurator in the Reldel1 post).
 
Last edited:
  • Like
Reactions: Sunshine-boy, Weebarra, oldschool and 5 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
Microsoft Analyst was kind to accept the new version of ConfigureDefender - I submitted the ver. 1.1.1.1 as an incorrect detection. Here is the full answer:
"Analyst comments:

Hello Andy Ful,
Thank you for your inquiry.
We have reviewed the file and we have removed the detection. Please try the following steps to clear cached detections and obtain the latest malware definitions.
  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run MpCmdRun.exe -removedefinitions -dynamicsignatures
The latest definition is available for download here: Latest definition updates for Windows Defender Antivirus and other Microsoft antimalware - Windows Defender Security Intelligence
Best regards,
Windows Defender Response"

The new ConfigureDefender version 1.1.1.1 will be pushed on GitHub today in the night.
The commandline noted by the analyst will be helpful if the local WD AI blocked something by dynamic local signatures (not quarantined) that is actual whitelisted (like Hard_Configurator in the Reldel1 post).
Click to expand...
Thanks, Andy.
Aside from the disable Defender option that you removed, are there any other significant changes/improvements in the new build?
 
  • Like
Reactions: Sunshine-boy, Weebarra, oldschool and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,142
shmu26 said:
Thanks, Andy.
Aside from the disable Defender option that you removed, are there any other significant changes/improvements in the new build?
Click to expand...
Not at this moment. I am finishing the new version of Hard_Configurator which will include also the new version of ConfigureDefender. I am going to add the new ASR rules available on Windows 10 ver. 1809.
 
  • Like
Reactions: Sunshine-boy, Weebarra, Tiny and 6 others
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Reldel1 said:
Just tried to download Hard_Configurator and latest Microsoft definition 1.227.552.0 is blocking and deleting the download even if MpCmdRun.exe -removedefinitions -dynamicsignatures has been run.

It does allow download of for Windows 64-bit: AndyFul/ConfigureDefender. Note: Using Edge
Click to expand...

Okay, I cleared Windows Defender threat of Hard_Config download. I turned off Windows Defender protection, downloaded and installed Hard_Config, added C/Windows/Hard_Config exclusion to Defender. Loaded Config_Defender 1.1.1.1 to C/Windows/Hard_Config, opened Hard_Config GUI and applied protections, logged out. Logged back in re- activated Windows Defender protections. Bit of a dance but all good.
 
  • Like
Reactions: Andy Ful, Weebarra, shmu26 and 1 other person

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
255
Views
17,400
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
22,052
Hard_Configurator Tools
South Park
South Park
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus with Andy Ful WHHLight
Replies
38
Views
3,905
Video Reviews - Security and Privacy
LennyFox
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top