ConfigureDefender utility for Windows 10

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I want to add a ConfigureDefender section to the Hard_Configurator home page because ConfigureDefender is an important part of H_C. But I'm still missing a text/phrase. @Andy Ful @shmu26 @oldschool

A section with the test results from the Hub (H_C tweaks and SmartScreen without any AV as usual) will be added later. Any help or advice (EDIT: changed tip to advice perhaps of confusion) is welcome! (maybe an extra FAQ?)
Maybe something like this as an additional introductory section?
***************************
Enables some important Windows Defender features.
Such as: PUA Protection, advanced Cloud Protection Levels, Attack Surface Reduction rules, Network Protection, etc. These features are not available from Windows Security Center. The configuration can be done via ConfigureDefender tool and includes three predefined security profiles, which can be customized by the user.
*************************
You can also use the @oldschool post and help from ConfigureDefender when constructing the page dedicated to ConfigureDefender tool.:giggle:
The help file is in the attachment (DOCX file, please delete the .txt )

We can also work on FAQ, so ConfigureDefender users are invited to ask questions here. (y)
 

Attachments

  • ConfigureDefenderHelp.docx.txt
    10.1 KB · Views: 364

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
516
Maybe something like this as an additional introductory section?
***************************
Enables some important Windows Defender features.
Such as: PUA Protection, advanced Cloud Protection Levels, Attack Surface Reduction rules, Network Protection, etc. These features are not available from Windows Security Center. The configuration can be done via ConfigureDefender tool and includes three predefined security profiles, which can be customized by the user.
*************************
You can also use the @oldschool post and help from ConfigureDefender when constructing the page dedicated to ConfigureDefender tool.:giggle:
The help file is in the attachment (DOCX file, please delete the .txt )

We can also work on FAQ, so ConfigureDefender users are invited to ask questions here. (y)

Thanks for the Doc! :D
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@askalan @Andy Ful @shmu26

I imagine you want something short and sweet. Here's my first shot at it:

"ConfigureDefender is an open source tool that enables users to easily configure Windows Defender advanced features. It includes three predefined security profiles and allows the user to customize Windows Defender settings."
Based on @oldschool's text, here is another possible variation:
"ConfigureDefender is an open source tool that enables users to easily configure Windows Defender advanced features such as Attack Surface Reduction rules. It includes three predefined security profiles, and also allows customization of individual Windows Defender settings."

Oops, I didn't see the other posts...
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
@oldschool @shmu26
Although it is typical for all projects that are at Github to be open source, ConfigureDefender is closed source to my knowledge.

Thanks for the document @Andy Ful ! Maybe for later: The .odt format (Open Document Format) might be better for collaborations, because this format is open source and therefore more readable for LibreOffice or Softmaker. Or better: Cloud collaboration (Google Docs or similar).
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
Thanks for the document @Andy Ful ! Maybe for later: The .odt format (Open Document Format) might be better for collaborations, because this format is open source and therefore more readable for LibreOffice or Softmaker. Or better: Cloud collaboration (Google Docs or similar).
No problem. :giggle:
 

Attachments

  • ConfigureDefenderHelp.odt.txt
    6.7 KB · Views: 353

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,236
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.

Yes, it means MS WD default settings. And you may just delete the file to remove. I usually move the appropriate .exe file to Windows folder when I use it, since it is protected.
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
So I am trying this out, downloaded and then moved icon to desktop, deleted everything else that was downloaded. If I decide to remove this I assume that I just go to gui and select default, that default means Windows Defender defaults? Then I can just delete icon.
Yes, it means MS WD default settings. And you may just delete the file to remove. I usually move the appropriate .exe file to Windows folder when I use it, since it is protected.
Good to know.
Also have a virgin clean-installed Win 10 (Home) 1903, which i want to keep as simple as possible.
Thinking of just running ConfigureDefender, at High setting, and Firefox with uBlock (medium mode) and password manager extensions only.
(Maybe H_C instead ... later).

Another virgin clean-installed Win 10 1903 will be used for other adventures / combos.
 
Last edited:

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
Does Windows Defender have to be active (no 3rd party AV or maybe periodic scanning) for the ASR rules to work?
For example you first use WD and set it on high with CD and after that you install an 3rd party AV.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Does Windows Defender have to be active (no 3rd party AV or maybe periodic scanning) for the ASR rules to work?
For example you first use WD and set it on high with CD and after that you install an 3rd party AV.
If you have a 3rd party AV, the ASR rules will not apply. WD needs to be providing active protection for ASR rules to apply.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I am on 1903 with tamper protection enabled, with most of the ASR rules and other mitigations enabled.
I clicked the default button, and the tool reports that everything reverted to default settings. It still shows that after a reboot.
But I thought tamper protection prevents some of the changes?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I am on 1903 with tamper protection enabled, with most of the ASR rules and other mitigations enabled.
I clicked the default button, and the tool reports that everything reverted to default settings. It still shows that after a reboot.
But I thought tamper protection prevents some of the changes?
Two of these options can be configured in ConfigureDefender, but disabling them will be blocked. Of course, disabling these options would be stupid, anyway.:D
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
@Andy Ful It's being flagged by SmartScreen's App Rep on Microsoft Edge (Chromium dev).

1565689768775.png

Sent a report as Safe.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
@Andy Ful It's being flagged by SmartScreen's App Rep on Microsoft Edge (Chromium dev).

View attachment 219816

Sent a report as Safe.
Thanks. :giggle:
It seems that the SmartScreen on Edge Dev works like the old native Edge versions. From over a year, the native Edge does not trigger the SmartScreen alert on files which are not in the base but are not recognized as malicious.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
ConfigureDefender ver. 2.0.1.1
The ConfigureDefender's code signing certificate is now accepted by SmartScreen.

What is new?

Version 2.0.1.1
1. Added additional ASR rule: "Block persistence through WMI event subscription".
2. Minor GUI improvements.
Version 2.0.1.0
The ConfigureDefender executables are now digitally signed with Certum Open Source Code Signing certificate.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top