FirewallHardening tool

D

Decopi

Level 8
Verified
Oct 29, 2017
361
Andy Ful said:
Look into the Windows Registry and export the content of the below key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules
Click to expand...

Yeah, I was also already aware that I could see the rules and commands in regedit. But both, whether importing the rules through Windows Firewall, or also through regedit, both ways are a more laborious way to view and manipulate the rules and commands (one by one, too much handy work).

I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.

But don't worry @Andy Ful , I've already taken up too much of your time, I really appreciated your contacts, so thank you.
 
  • Like
Reactions: Andy Ful
ErzCrz

ErzCrz

Level 24
Verified
Top Poster
Well-known
Aug 19, 2019
1,334
Decopi said:
Yeah, I was also already aware that I could see the rules and commands in regedit. But both, whether importing the rules through Windows Firewall, or also through regedit, both ways are a more laborious way to view and manipulate the rules and commands (one by one, too much handy work).

I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.

But don't worry @Andy Ful , I've already taken up too much of your time, I really appreciated your contacts, so thank you.
Click to expand...
You can export the policy by right clicking Windows Defender>

1720893423338.png


Unfortunately being .wfw extension, not something you can import into the likes of WFC as that uses .wpw Anyway, manually adding doesn't take all that long and most AVs and FWs leave Windows Firewall running. E.g. Comodo and Windows Firewall run along side each other so you can still use the hardening rules and those files will be blocked natively by windows firewall. In the case of WFC, at long as a conflicting rule created it works fine.
 
  • Like
Reactions: Andy Ful, oldschool and simmerskool
D

Decopi

Level 8
Verified
Oct 29, 2017
361
ErzCrz said:
You can export the policy by right clicking Windows Defender>

Unfortunately being .wfw extension, not something you can import into the likes of WFC as that uses .wpw Anyway, manually adding doesn't take all that long and most AVs and FWs leave Windows Firewall running. E.g. Comodo and Windows Firewall run along side each other so you can still use the hardening rules and those files will be blocked natively by windows firewall. In the case of WFC, at long as a conflicting rule created it works fine.
Click to expand...

Thank you.
Import/Export through Windows Firewall is what @Kongo had already suggested in previous messages, and I was also already aware of this possibility.
It happens that import/export through WF or Regedit, both are two very laborious ways to view and manipulate (around 100) rules and commands. And I was looking for a simple list with the rules/commands.
Anyway, once again, thank you all very much for your intention to help.
 
  • Like
Reactions: oldschool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,966
Decopi said:
I thought that perhaps you had on your hands a simple list of rules and commands, and I thought that perhaps it was simpler to ask you the favor of sharing that list with me.
Click to expand...

The exact list of rules is that one exported from the Windows Registry. There is no simpler list of rules.
To manage many LOLBins, you must use a program. This can be done by using a file that contains the paths of LOLBins and the script that reads the paths one by one from that file , creates the firewall rule for each path, and writes the rules into the Windows Registry.
 
Last edited:
  • +Reputation
  • Thanks
Reactions: Decopi and simmerskool
simmerskool

simmerskool

Level 42
Verified
Top Poster
Well-known
Apr 16, 2017
3,135
@Andy Ful -- I have used your tools before but not in a systematic controlled way (my_bad -- trying again)
I have ESET Nod32 on win10_VM and I had Windows Firewall Control running with but suspect that your Firewall Hardening Tool is better, so I uninstalled WFC, installed FWH, selected: Recommended + LOLBins + ms_office + adobe_acrobat & rebooted. No issues seen. I was looking for written instructions for FWH, ie, if any are needed and didn't find any on github. I also enabled Log, but not sure what where blocks are logged. I guess if you noticed something blocked, check the Log and change the rule if brave, or stupid... :unsure:
PS I often check dnsleaktest.com (labeled as ivpn site) and now no return it stays blank, while other dns checkers work ok. Sorta wondering what dnsleaktest is doing to get blocked by FWH. -- I know check the Log...:rolleyes:
 
  • Like
Reactions: Dave Russo, Andy Ful and Sorrento
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,966
simmerskool said:
Sorta wondering what dnsleaktest is doing to get blocked by FWH. -- I know check the Log...:rolleyes:
Click to expand...

If you suspect something is wrong, you can use the Firewall-Hardening Log - especially if you activated many LOLBins. Most of the blocked events are not harmful (telemetry) and do not disturb running applications.
If you want to know what the DNS leak test does, you may post to the FirewallHardening thread:
malwaretips.com

FirewallHardening tool

FIREWALLHARDENING (new ver. 3.0.0.1, July 2024) FirewallHardening is a part of the Hard_Configurator project and can be used also as a standalone application among a few others included in the H_C_HardeningTools repository...
malwaretips.com malwaretips.com
 
  • Like
  • +Reputation
Reactions: simmerskool, Dave Russo, ErzCrz and 1 other person
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
8,059
rashmi said:
Can I extract WHHL with an archiver in "C:\PortablePrograms" to use only ConfigureDefender and FirewallHardening?
Click to expand...
ErzCrz said:
Just download the Hardening Tools here: H_C Hardening Tools FWH is part of that zip package.
Click to expand...
Indeed. @rashmi download H_C, extract to location of your choice. You can then copy FHT.exe and place it where you like. Delete parts of the H_C package you don't need. Easy.
 
  • Like
Reactions: ErzCrz, piquiteco and simmerskool
R

rashmi

Level 18
Jan 15, 2024
884
I know that, but I wonder if @Andy Ful recommends the default location. For example, WHHL extracts in the program data folder and creates a shortcut folder on the desktop. @Andy Ful mentioned the default desktop location for the shortcut folder is safer/more secure. I wonder if it's the same for extracting the tools.

I can run no tools if I extract Hard Configurator with an archiver, but I can with WHHL.
 
Last edited:
  • Like
Reactions: ErzCrz and piquiteco
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,966
rashmi said:
I know that, but I wonder if @Andy Ful recommends the default location. For example, WHHL extracts in the program data folder and creates a shortcut folder on the desktop. @Andy Ful mentioned the default desktop location for the shortcut folder is safer/more secure. I wonder if it's the same for extracting the tools.
Click to expand...

Instead of extracting the tools to the user-chosen folder, I would recommend installing WHHLight and using the tools you need without changing their location. Another recommendation would be copying the needed tools into %ProgramFiles% (the location will be non-writable with standard rights).
The WHHL package is installed in the folder %ProgramData%\WindowsHybridHardening_Tools, which is created as non-writable with standard rights. Non-writable locations are slightly safer than typical locations in userspace (writable by default).
 
  • Like
  • +Reputation
Reactions: simmerskool, rashmi, Jan Willy and 1 other person
BulletKnowledge

BulletKnowledge

Level 1
Dec 20, 2024
20
FirewallHardening tool add its rule on Windows Firewall.
It can be used if FortiFirewall can work together with Windows Firewall and if it not the case you have to add all the rule manually on FortiFirewall.
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,966
blueblackwow65 said:
can this be used with fortfirewall or is it too much? Thanks
Click to expand...
Fort Firewall alerts when the LOLBin tries to make the outbound connection. If you choose "Block," then this will work as with FirewallHardening.
If you do not know/remember which LOLBins are worth blocking, you can use FirewallHardening.
FirewallHardening blocks override the Fort Firewall settings.
 
  • Like
  • +Reputation
Reactions: simmerskool, oldschool, Digmor Crusher and 1 other person

Similar threads

M
    • Like
Question Everything.exe blocked due to certificate revoked
Replies
10
Views
1,306
Hard_Configurator Tools
Digmor Crusher
Digmor Crusher
R
    • Like
    • Applause
Serious Discussion HideAway VPN—Introducing Custom Rules!
Replies
7
Views
938
VPN and DNS
rashmi
R
silversurfer
    • Like
    • +Reputation
    • Applause
New Update Brave for Android now lets you block elements, just like on desktop
Replies
1
Views
134
Brave
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top