Hard_Configurator - Windows Hardening Configurator

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Lovely. I can delete the previous H_C Master from downloads folder now? I just use the Firewall Hardening Tool and was pleased to find it quickly and easily. Had it re-write the rules and everything, and it's set, I checked it.

The only issue and it's a minor one for me: I'm having a little problem dragging the interface around. It will drag but as soon as you release the mouse and then try to grab it again, it doesn't grab. It seems you only get one chance to drag it, two if you're lucky. My mouse is a very basic, cheap one, but I have no issues dragging other windows around. Anyone else?

Edit: There is actually a spot where you can drag the UI consistently but it's just within the frame in the upper left-hand side of the UI. lol! Here, I marked it. Hold the mouse pointer right on the orange border within the area of the two black arrows. Maybe it works this way for everyone? :D

hac2.png

Edit #2: HitmanPro has also cleared Hard_Configurator and Switch DefaultDeny .exes via its cloud. (y) Is it possible, then, that Sophos would also have no problems with these?
 
Last edited:

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,872
computer restart is required to apply the new rules
Oh that's the reason I guess. I didn't restart the computer.
But, I noticed for the first time that some blocked connections are not logged, if they do not try to send packets.
Interesting. Is it something that can be fixed?
Thanks. The code was copied from H_C and adjusted to FirewallHardening. I did not notice it.:(
Haha, it's nice that I noticed and hopefully it's going to be fixed in the next beta :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,596
...
Interesting. Is it something that can be fixed?
... :)
FirewallNoname.png

There are some events logged in the Security Log without the information about the file. They are pretty much useless to FireWall Hardening Log, which is focused on blocking applications. These events can happen if the application does not connect directly but uses other system resources. A similar thing happens when bitsadmin triggers file downloading. In fact, svchost is seen by the firewall and not bitsadmin.
 

Attachments

  • 1583660075421.png
    1583660075421.png
    123.1 KB · Views: 189

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,596
The added rules work for me (computer restart is required to apply the new rules). The rules are added first at the end of the list, but after restarting the computer and running FirewallHardening, the rules are visible in alphabetical order:
View attachment 234544
But, I noticed for the first time that some blocked connections are not logged, if they do not try to send packets.
For example, I added the rules for three email clients (Claws-mail, eM Client, and Postbox). The blocked events for two email clients were added to the Log. But, not for eM Client which was blocked too (I tried to download an attachment without success).
These blocked connections were not related to FirewallHardening. I repeated the test today and when eM Client tried to connect directly it was blocked by FireWallHardening rule.
emclientlog.png
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
@Andy Ful Many thanks for your hard work on beta version 5.0.0.1 and it's manual. (y)
I have installed it with the recommended settings.
ConfigureDefender on High + Controlled Folder Access on.
FirewallHardening at Recomended H_C.
DocumentsAntiExploit MS Office at ON2.
Anything I missed or configured wrong?
Because Bandizip now has advertisements in the free version I switched to Explzh (also keeps MOTW).
Can you add that program to Harden Archivers?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,596
@Andy Ful Many thanks for your hard work on beta version 5.0.0.1 and it's manual. (y)
I have installed it with the recommended settings.
ConfigureDefender on High + Controlled Folder Access on.
FirewallHardening at Recomended H_C.
DocumentsAntiExploit MS Office at ON2.
Anything I missed or configured wrong?
Because Bandizip now has advertisements in the free version I switched to Explzh (also keeps MOTW).
Can you add that program to Harden Archivers?
I will look at this app.:)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,596
There are some good PDF Readers in Microsoft Store:
PDF viewers (all use Appcontainer):
Adobe Reader Touch
Foxit MobilePDF
PDF Viewer Plus, from GSnathan
PDF Reader from Kdan Mobile
Perfect PDF Reader, from soft Xpansion
Xodo PDF Reader & Editor (very fast with big documents)

PDF Reader plugins in web browsers are far more vulnerable to attacks and can help to exploit the web browser.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,872
There are some good PDF Readers in Microsoft Store:
PDF viewers (all use Appcontainer):
Adobe Reader Touch
Foxit MobilePDF
PDF Viewer Plus, from GSnathan
PDF Reader from Kdan Mobile
Perfect PDF Reader, from soft Xpansion
Xodo PDF Reader & Editor (very fast with big documents)

PDF Reader plugins in web browsers are far more vulnerable to attacks and can help to exploit the web browser.
Which one do you personally use?
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
If your priority is security, also check the history of security vulnerabilities before choosing:


 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,596
Which one do you personally use?
I used them all and finally chose the simplest one, which is Adobe Reader Touch. It is not actively developed. It is fast, but not fast as Xodo PDF Reader. I also block the Internet connection to PDF Readers via FirewallHardening tool (desktop applications) or Windows Firewall (UWP apps).

Edit.
Blocking the Internet Access to PRD Reader does not prevent it to open the web browser. This can be prevented by using Exploit Protection to block child processes.
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top