Hard_Configurator - Windows Hardening Configurator

[509322]

All Hard_Configurator reviews, even in the popular printed magazine, were about portable (non existent) program. Autors gave it good marks, but complained that help files did not work, etc. Now I know, that if the program is in a compressed archive, everyone will assume that it is portable.

Add "YOU MUST READ ME!!!!!!!!!!!!.txt" inside the compressed archive. They don't read it, and complain, then you can't point back to >>> YOU MUST READ ME!!!!!!!!!!.txt...

It is like this...

I'll use combat vest for example:

1. Your product suxx ! It did not stop bullet !
2. Where you wearing the vest ?
3. Yes
4. Did you put armor plates in it - front & back
5. No... I forgot... or... I didn't know I needed to do that...
6. Did you read directions ?
7. No...
8. That's why bullet went through your chest, so stop complaining.

You would not believe it, but Mickey Mouse things like this happen.

 

[Andy Ful]

Good joke.
I am happy that I do not have to earn money as a software maker. I would get depressed.
On the other side, the software is for people, so it should be adjusted to the average user.
It will be a hard task to do with Hard_Configurator (as the software description suggest).

 

[Arequire]

Agree with @Lockdown. I've had zero problems with the semi-portable version sat in my Windows directory but a version that's allowed a full installation would be preferable.

 

[Andy Ful]

The simple solution to make Hard_Configurator an Easy_Configurator, is forget about SRP. The program could be fully portable and easy to understand. Maybe some day I give up, and will make it so.

 

[HarborFront]

Yes, I replaced the old file. The only difference is in the file Installation.txt . The file Hard_Configurator_3.0.0.0_(semiportable).zip is not in official Hard_Configurator folder, because it is a special version for MalwareTips members.

Thank a lot. Just read it. Now it makes installation easier.

A video would be nicer

 

[HarborFront]

Hi @Andy Ful

Just to check. I have ALL my portable software in C:\Users\My Name

I would like to find out if ALL the portables need to be whitelisted or some not required. Any guideline on this?

Also, in future, if there's a new update do I need to completely remove the current version and reinstall the new update or just update over the current version while keeping the whitelist? Re-whitelisting 20 to 30 apps is no joke.

Thanks

 

[Deleted member 178]

The simple solution to make Hard_Configurator an Easy_Configurator, is forget about SRP. The program could be fully portable and easy to understand. Maybe some day I give up, and will make it so.

and i won't even be interested anymore

 

[Andy Ful]

Hi @Andy Ful

Just to check. I have ALL my portable software in C:\Users\My Name

I would like to find out if ALL the portables need to be whitelisted or some not required. Any guideline on this?

Also, in future, if there's a new update do I need to completely remove the current version and reinstall the new update or just update over the current version while keeping the whitelist? Re-whitelisting 20 to 30 apps is no joke.

Thanks

If the portable application is in C:\Windows, C:\Program Files or C:\Program Files (x86) (for 64-bit Windows), then it does not have to be whitelisted. Those folders are already whitelisted by default. All other programs have to be whitelisted when running as standard user. There are some fixed standard locations that should not be whitelisted in the folder C:\Users\UserName: Appdata\Local\Temp, Desktop, Documents, Music, Pictures, Videos, etc. They are present on all computers so can be used by malware in the wild.

If you rarely use some applications, consider to use 'Run As SmartScreen', it can bypass SRP restrictions - the application is checked by SmartScreen, and then (if recognized as safe) run with administrative rights. If, so then it does not have to be whitelisted. Yet, this solution is not recommended for vulnerable applications like Web Browsers or any applications that are known targets for exploits.

The White List is stored in Windows Registry, so it can survive the program update. You can simply install the new version over the old one or, if you do not like possible leftovers, follow the instructions from the file Installation.txt.

The only way to wipe out the White List is using the <Restore Windows Defaults> option in <Tools>, or recover the system from the restore point.

I hope it will help.

 

[Andy Ful]

Hard_Configurator version 3.0.0.1 has been released (installer version).
Hard_Configurator_3.0.0.1.zip

Program Web Page:
GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS

INSTALLATION
0. Please do not use Hard_Configurator on laptops with the system installed on eMMC flash memory, because the program was not fully tested on this hardware.

1. Uninstall the previous version of Hard_Configurator (see DEINSTALLATION before program update).
2. Open the Zip archive Hard_Configurator_3.0.0.1.zip .
3. Run Hard_Configurator_setup(x86)_3.0.0.1.exe for 32Bit Windows version or Hard_Configurator_setup(x64)_3.0.0.1.exe for 64Bit Windows version.
4. The program will be installed in 'Windows\Hard_Configurator' folder. It can be run, using a shortcut from the Desktop.

Please read Installation.txt (included in the archive) for detailed information.
As compared to version 3.0.0.0, the autoruns checking has been corrected, and this version is the first English version with installer.

 

[HarborFront]

Hard_Configurator version 3.0.0.1 has been released (installer version).
Hard_Configurator_3.0.0.1.zip

Program Web Page:
GitHub - AndyFul/Hard_Configurator: GUI to Manage Software Restriction Policies and harden Windows Home OS

INSTALLATION
0. Please do not use Hard_Configurator on laptops with the system installed on eMMC flash memory, because the program was not fully tested on this hardware.

1. Uninstall the previous version of Hard_Configurator (see DEINSTALLATION before program update).
2. Open the Zip archive Hard_Configurator_3.0.0.1.zip .
3. Run Hard_Configurator_setup(x86)_3.0.0.1.exe for 32Bit Windows version or Hard_Configurator_setup(x64)_3.0.0.1.exe for 64Bit Windows version.
4. The program will be installed in 'Windows\Hard_Configurator' folder. It can be run, using a shortcut from the Desktop.

Please read Installation.txt (included in the archive) for detailed information.
As compared to version 3.0.0.0, the autoruns checking has been corrected, and this version is the first English version with installer.

So where's the portable version?

Thanks

 

[Andy Ful]

Here is the semiportable version ('Hard_Configurator' folder must be copied to 'C:\Windows'):
Hard_Configurator_3.0.0.1_(semiportable).zip

It is recommended to read the Install.txt included in 'Hard_Configurator' folder.

The version with installer can be easily made semiportable (after installing):
1. Change the name of the program folder temporarily (for example Hard_Configurator -> aHard_Configurator).
2. Uninstall Hard_Configurator using the standard Windows procedure.
3. Restore the initial folder name (aHard_Configurator -> Hard_Configurator).

 

[HarborFront]

Hi @Andy Ful

I'm not seeing the version number on the GUI of Hard Configurator. Do you think you can add that in future?

Thanks

 

[Andy Ful]

So where's the portable version?

Thanks

I have just uploaded semiportable version, too.
See the previous post to consider

Hi @Andy Ful

I'm not seeing the version number on the GUI of Hard Configurator. Do you think you can add that in future?

Thanks

It is somewhat hidden. Press <Minimize>. Navigate to Windows notification area and right-click Hard_Configurator icon, next choose 'About'.
I think that your suggestion is better, the label with the version number will be added soon.

 

[HarborFront]

I have just uploaded semiportable version, too.
See the previous post to consider

It is somewhat hidden. Press <Minimize>. Navigate to Windows notification area and right-click Hard_Configurator icon, next choose 'About'.
I think that your suggestion is better, the label with the version number will be added soon.

Thanks. I have downloaded and installed the portable version.

 

[shmu26]

In the new version, under "more restrictions", there is an option for "disable elevation on SUA".
There seem to be two different off settings: off1 and off3.
Could you explain?

 

[Deleted member 178]

In the new version, under "more restrictions", there is an option for "disable elevation on SUA".
There seem to be two different off settings: off1 and off3.
Could you explain?

i asked already.

Hard_Configurator - Windows Hardening Configurator

 

[Daniel Keller]

Thank you Andy for this great tool. I really love it and already recommend it to others as well.

Until today I used SSRP instead (Software Policy :: Software Policy user manual).
I think your tool is more powerful an offers more features. Please keep up the great support.

Also thank you for the very good and complete documentation. This is much work but is highly appreciated as well!

 

[Andy Ful]

Thank you Andy for this great tool. I really love it and already recommend it to others as well.

Until today I used SSRP instead (Software Policy :: Software Policy user manual).
I think your tool is more powerful an offers more features. Please keep up the great support.

Also thank you for the very good and complete documentation. This is much work but is highly appreciated as well!

Thanks.
The documentation is a real pain in the neck for me, because English is not my native language.

Edit.
SSRP is a very good program. It was also SRP starter for me.

 

[Daniel Keller]

Hi everybody,

I´m curios. Does SRP / Hard Configurator prevent infection with WannaCry if you work on an unpatched machine and WannaCry tries to infect you from another PC in the same network using the network file service? Anybody tried?

 

[Andy Ful]

zerosum0x0: DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis
NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide

From the above articles, I learned that:

1. Wannacry uses SMB1 vulnerability based on EternalBlue exploit and DoublePulsar memory backdoor (persistent due to changing the Registry).
2. The DoublePulsar lives in memory, until the machine is rebooted.
3. If the machine is infected, DoublePulsar can load and execute a payload.

So, it seems that Wannacry can be stopped by Default Deny SRP/Hard_Configurator (with blocking DLLs setting). But, DoublePulsar backdoor cannot be stopped.

EDIT
I reedited the above text, because Wannacry uses also the persistence mechanism (EternalBlue exploit).
Ransomware Infographic: An Anatomy of the WannaCry Cyberattack