Hard_Configurator - Windows Hardening Configurator

[Gandalf_The_Grey]

How do you get the Allow EXE settings of H_C?
Discussed here:

Using Defender as your first line of defense

Hello everybody! Hope you started your week the better way possible! I was thinking about a light, free setup for my secondary laptop, my first though was: 1. Windows Defender (Configure_Defender HIGH Settings) + VoodooShield Free As a second option, I thought about: 2. Windows Defender +...

malwaretips.com

Is that more or less the same as the WIndows_10_MT_Windows_Security_hardening profile?

 

[oldschool]

Is that more or less the same as the WIndows_10_MT_Windows_Security_hardening profile?

Yes. Look at the main GUI > Whitelist by path and you'll see it there Exe and Temp.

 

[Andy Ful]

How do you get the Allow EXE settings of H_C?
Discussed here:

Using Defender as your first line of defense

Hello everybody! Hope you started your week the better way possible! I was thinking about a light, free setup for my secondary laptop, my first though was: 1. Windows Defender (Configure_Defender HIGH Settings) + VoodooShield Free As a second option, I thought about: 2. Windows Defender +...

malwaretips.com

Is that more or less the same as the WIndows_10_MT_Windows_Security_hardening profile?

You can choose any profile and next use <Whitelist By Path> to choose <Add> under the label "Allow EXE and TMP".
Here are the H_C profiles that use it by default:
Windows_7_Avast_Hardened_Mode_Aggressive
Windows_8_Avast_Hardened_Mode_Aggressive
Windows_10_Avast_Hardened_Mode_Aggressive
Windows_10_MT_Windows_Security_hardening

You will see EXE, TMP displayed on the left on <Whitelist By Path> button.

 

[oldschool]

You can choose any profile and next use <Whitelist By Path> to choose <Add> under the label "Allow EXE and TMP".

I must have missed this previously. I thought it was only Windows_Security profile.

 

[Andy Ful]

I must have missed this previously. I thought it was only Windows_Security profile.

'Allow EXE and TMP'' simply adds two Unrestricted SRP rules:
*.exe
*.tmp
So any EXE or TMP file in any folder is whitelisted. These rules could be also added manually via <Add Path*Wildcards> feature, but most users probably do not know which rules can globally whitelist files by file extension.

 

[Andy Ful]

Ha, ha.
Someone used Chrome to manually download Hard_Configurator, installed it and configured - all was done in my favorite online Interactive malware hunting service Any.run.
The most dangerous action was recognized when after applying Recommended Settings, H_C stopped the Remote Registry service (part of <Block Remote Access> restrictions).
All important H_C alerts, displayed during the whole process (installation and configuration), are visible, so I could use it as a guide for the H_C users.
To see the clips, one has to point the mouse cursor just under the taskbar of the displayed Windows screen and move it horizontally:

Analysis https://github.com/AndyFul/Hard_Configurator/raw/master/Hard_Configurator_setup(x86)_5.0.0.0.exe Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

app.any.run

 

[SeriousHoax]

Ha, ha.
Someone used Chrome to manually download Hard_Configurator, installed it and configured - all was done in my favorite online Interactive malware hunting service Any.run.
The most dangerous action was recognized when after applying Recommended Settings, H_C stopped the Remote Registry service (part of <Block Remote Access> restrictions).
All important H_C alerts, displayed during the whole process (installation and configuration), are visible, so I could use it as a guide for the H_C users.
To see the clips, one has to point the mouse cursor just under the taskbar of the displayed Windows screen and move it horizontally:
View attachment 230283

Link link, where are you?
You forgot to attach the link

 

[ForgottenSeer 55474]

Hello, I was wondering if Syshardener is any good?

 

[Andy Ful]

Link link, where are you?
You forgot to attach the link

Yes.

 

[Andy Ful]

Hello, I was wondering if Syshardener is any good?

It is. But, SH is not a part of Hard_Configurator, so this thread is not appropriate to discuss about SH. See, for example:
https://malwaretips.com/threads/nvt-syshardener-harden-windows-settings.80227/
https://malwaretips.com/threads/syshardener-tweak-suggestions.90645/
https://malwaretips.com/threads/osa...or-what-are-the-differences.92845/post-817505
https://malwaretips.com/threads/do-we-actually-need-so-many-security-programs.87717/post-781054

 

[shmu26]

@Andy Ful it was requested on the other forum if you could add in Configure Defender the setting "Run WD in sandbox mode"

Hard_Configurator - GUI to Manage Software Restriction Policies and harden Windows Home OS

Hard_Configurator GUI to manage Software Restriction Policies (SRP) and harden Windows Home editions (Windows Vista at least). This program can...

www.wilderssecurity.com

 

[Andy Ful]

@Andy Ful it was requested on the other forum if you could add in Configure Defender the setting "Run WD in sandbox mode"

Hard_Configurator - GUI to Manage Software Restriction Policies and harden Windows Home OS

Hard_Configurator GUI to manage Software Restriction Policies (SRP) and harden Windows Home editions (Windows Vista at least). This program can...

www.wilderssecurity.com

Yes, I could do it. But, I am still waiting until it will be fully developed to avoid compatibility problems.

 

[oldschool]

Yes, I could do it. But, I am still waiting until it will be fully developed to avoid compatibility problems.

Good thing. It's kind of funny that there has been no mention of this feature since the initial announcement. I don't bother using it due to resource consumption and this silence from M$.

 

[plat]

Hello. I've whizzed thru three Insider builds in rapid succession, landing at 19037.1. Should one be concerned about anything new outside of H_C's pre-defined rules enforcement? I've called up the user interface and re-enabled LOLBins and recommended rules but a message box stated "some of the rules are already in effect" or something like that. Why only some, should that be "all"?

What prompted my question was: on a freshly installed Insider build, HitmanPro had to upload nearly 600 new Windows processes to its cloud. That implies some significant changes in Windows from, say, v. 1909. Thanks for any help!

 

[oldschool]

What prompted my question was: on a freshly installed Insider build, HitmanPro had to upload nearly 600 new Windows processes to its cloud. That implies some significant changes in Windows from, say, v. 1909.

HMPA's response would seem to indicate that you are on an experimental Windows build, with which it isn't familiar.

 

[plat]

you are on an experimental Windows build,

Right. And it's not the end product by a long shot. Nevertheless, I wanted to know if Andy Ful is testing H_C running the later Insiders versions. And if not, would there be concern that Firewall Hardener may not cover the ground it does in release Windows versions.

 

[Andy Ful]

Hello. I've whizzed thru three Insider builds in rapid succession, landing at 19037.1. Should one be concerned about anything new outside of H_C's pre-defined rules enforcement? I've called up the user interface and re-enabled LOLBins and recommended rules but a message box stated "some of the rules are already in effect" or something like that. Why only some, should that be "all"?
...

"All" would be more precise for sure.
Anyway, I will simply add this information to the HELP (Recommended H_C < LOLBins) .

Right. And it's not the end product by a long shot. Nevertheless, I wanted to know if Andy Ful is testing H_C running the later Insiders versions. And if not, would there be concern that Firewall Hardener may not cover the ground it does in release Windows versions.

H_C modules were tested in the Windows 20H1 some time ago. I will repeat the test in the next year. But, there is no reason to think that Windows Firewall policies might not work well. They are used all around the world.

 

[Lenny_Fox]

Hi,

I nearly finished a Bachelor in webdesign & digital marketing (just finishing my final thesis while working). Part of this study also included User Experience and Usability. I am not commenting on the interface and color scheme you choose (@Andy Ful ), just suggesting a new program which is basically a combination of your existing programs.

I suggest a zero config version with just two settings Default and Hardened mode (like an ON=hardened and OFF=default switch). The aim is to maximize security while minimizing the functional impact. This is the reason why I suggest to allow executables to run in user space when they are whitelsted by Windows Defender, but dangerous file formats and lolbins should be restricted.

DEFAULT mode
Software Restriction Policies OFF and Windows Defender on Default and Windows FW block rules disabled

HARDENED mode
Configure defender on MAX
Firewall hardening enable LOLbins block rules.
Software Restriction policies on DISALLOWED, but allow EXE, TMP, MSI and MSU,
Enforcement Skip DLLs,, Designated File types default + Windows Script Hist + Powershell,
Block sponsors Script Interpreters + DotNet compilers, Protect Windowss Folders ON, Protect shortcuts ON,
Documents Anti-Exploit ON, Block remote access ON, Disable 16 bits ON, Disable SMB ON, Disable Cached Logons ON


Now your software is signed this would extend the usability for a larger audience.

Regards Lenny

 

[Andy Ful]

Hi,

I nearly finished a Bachelor in webdesign & digital marketing (just finishing my final thesis while working). Part of this study also included User Experience and Usability. I am not commenting on the interface and color scheme you choose (@Andy Ful ), just suggesting a new program which is basically a combination of your existing programs.

I suggest a zero config version with just two settings Default and Hardened mode (like an ON=hardened and OFF=default switch). The aim is to maximize security while minimizing the functional impact. This is the reason why I suggest to allow executables to run in user space when they are whitelsted by Windows Defender, but dangerous file formats and lolbins should be restricted.

DEFAULT mode
Software Restriction Policies OFF and Windows Defender on Default and Windows FW block rules disabled

HARDENED mode
Configure defender on MAX
Firewall hardening enable LOLbins block rules.
Software Restriction policies on DISALLOWED, but allow EXE, TMP, MSI and MSU,
Enforcement Skip DLLs,, Designated File types default + Windows Script Hist + Powershell,
Block sponsors Script Interpreters + DotNet compilers, Protect Windowss Folders ON, Protect shortcuts ON,
Documents Anti-Exploit ON, Block remote access ON, Disable 16 bits ON, Disable SMB ON, Disable Cached Logons ON


Now your software is signed this would extend the usability for a larger audience.

Regards Lenny

I already created a similar application (Casual User Protection) :

But, later I found out that smart-default-deny setup with whitelisted EXE (TMP) and MSI files in Appdata and ProgramData folders is worth investigating. So, I plan to finish Hard_Configurator first, and then I will probably finish CUP.

 

[Lenny_Fox]

@Andy Ful Thanks

Being the IT-student in the family, I have some experience in this type of setups and have had no problems by whitelisting AppData, since it is protected by UAC. When you enable Validate Admin Signatures the combination UAC protected and only allowing signed software to elevate seems to do the job (no family members have reported infections yet). So my guess is that in stead of trying to work out granular exceptions for AppData, it would be easier and simpler to whitelist AppData and offer an option to enable Validate Admin Signatures in the advanced options.

By the way that UI looks a lot better also