Hard_Configurator - Windows Hardening Configurator

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
@ErzCrz



Any browser may be configured in Windows 10 anti-exploit protection.



Correct.

Thanks. I only have Windows 10 Home so I don't have the advanced anti-exploit but yeah, I'm protected by H_C. I just had some uBO issues with Chromium Edge bt using the Microsoft Store version of it although outdated fixed it so far. I just thought I'd check while testing it and for when I se other browsers occasionally. (1.23.0 Win store version and Chrome store version 1.24.4). Anyway, that's off topic but good to know I'm protected whatever I use :)
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,256
Thanks. I only have Windows 10 Home so I don't have the advanced anti-exploit but yeah, I'm protected by H_C. I just had some uBO issues with Chromium Edge bt using the Microsoft Store version of it although outdated fixed it so far. I just thought I'd check while testing it and for when I se other browsers occasionally. (1.23.0 Win store version and Chrome store version 1.24.4). Anyway, that's off topic but good to know I'm protected whatever I use :)
Exploit Protection is also available in Windows10 Home:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Edge (native or Chromium) has the strongest Exploit Protection settings. Most of these settings (but not all) can be applied to any web browser. As for privacy, it is not the best solution (like Google Chrome too). Anyway, it is probably the best web browser (except web browsers with dedicated Banking Protection) for banking. So, you can use Edge as a separate web browser only for Banking.
If you have Windows 10 Pro, then you can also enable WD Application Guard. This would make Edge the best Banking web browser, but I am not sure how is its impact on system performance.
 
Last edited:

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Edge (native or Chromium) has the strongest Exploit Protection settings. Most of these settings (but not all) can be applied to any web browser. As for privacy, it is not the best solution (like Google Chrome too). Anyway, it is probably the best web browser (except web browsers with dedicated Banking Protection) for banking. So, you can use Edge as a separate web browser only for Banking.
If you have Windows 10 Pro, then you can also enable WD Application Guard. This would be the best Banking web browser, but I am not sure how is its impact on system performance.

Thanks. @oldschool was a bit help in setting the anti-exploit settings for Chromium Edge and other browers. I'd not delved into that side of things previously. Might be a cool idea to one day have browser lockdown in H_C but just a thought.

Anyway, looking forward to the next stable release :)

Erz
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
  • Like
Reactions: [correlate]

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Microsoft provide workaround for both client and server.
The workaround is disabling SMB (recommended by Microsoft). You probably thought about the vulnerability patch via Windows Updates?
Anyway, the SMB protocols are vulnerable by design. In the home environment, It is better to disable them if not needed.
 

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Gentlemen sorry but nothing is understood.
The Powershell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

disables SMBv3 compression. (server side).

________________________________________________________________________________

@security123

Do you suggest disabling SMBv3 compression + other client-side remedies?

@Andy Ful

You instead,suggest to completely disable the SMB3 protocol (and therefore also SMB2) with your tool?
 
F

ForgottenSeer 85179

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
...
@Andy Ful

You instead,suggest to completely disable the SMB3 protocol (and therefore also SMB2) with your tool?
Disable SMB via any method, if you do not use devices that rely on SMB protocols. That is a Microsoft recommendation.
If you are using H_C then the setting <Disable SMB> = ON123, can be applied.
 

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
@Andy Ful Im still on Hard Configurator 5.0.0.0 on Win 10 pro. When I checked the firewall log I see multiple blocks for MS AV.

Local Time: 2020/03/17 17:15:26
ProcessId: 3612
Application: C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
Direction: Outbound
SourceAddress: 192.168.X.XX
SourcePort: 50439
DestAddress: 40.115.3.210
DestPort: 443
Protocol: 6
FilterRTID: 74420
LayerName: %%14611
LayerRTID: 48

The file is clean on Virus Total and im pretty sure the pc also. I always used HC with nearly everything possible checked, even the firewall rules and never saw these blocks afaik.(Haven't changed my H_C config the last weeks)
So whats with the blocks now?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@Andy Ful Im still on Hard Configurator 5.0.0.0 on Windows 10 pro. When I checked the firewall log I see multiple blocks for MS AV.

Local Time: 2020/03/17 17:15:26
ProcessId: 3612
Application: C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
Direction: Outbound
SourceAddress: 192.168.X.XX
SourcePort: 50439
DestAddress: 40.115.3.210
DestPort: 443
Protocol: 6
FilterRTID: 74420
LayerName: %%14611
LayerRTID: 48

The file is clean on Virus Total and im pretty sure the pc also. I always used HC with nearly everything possible checked, even the firewall rules and never saw these blocks afaik.(Haven't changed my H_C config the last weeks)
So whats with the blocks now?
It is not blocked by H_C (FirewallHardening), except If you manually added the file path for msmpeng.exe - simply check the entries visible in the FirewallHardening window. The firewall log shows all outbound connections blocked by Windows Firewall. You probably use something else to restrict the Windows Firewall connections.
The file mspeng.exe is a part of WD AV. This outbound connection is related to Microsoft:
 
Last edited:

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
753
Thanks Andy, I didn't add anything manually in H_C Firewall besides the options you gave me (recommended + lol bins) but Im using Glaswire as a firewall (ms av not blocked). Since it seems to be my specific software config I will have to tinker around a bit.
Thanks a lot for the fast answer :)

Edit:
I still seem to have the message in the firewall log every now and then, but I can still let windows defender scan files or search and find protection updates. So any chance to test if ms av is working as intended (without trying an actual malware pack)? I don't care about a log as long as it works :D
 
Last edited:

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
Thanks Andy, I didn't add anything manually in H_C Firewall besides the options you gave me (recommended + lol bins) but Im using Glaswire as a firewall (ms av not blocked). Since it seems to be my specific software config I will have to tinker around a bit.
Thanks a lot for the fast answer :)

Edit:
I still seem to have the message in the firewall log every now and then, but I can still let windows defender scan files or search and find protection updates. So any chance to test if ms av is working as intended (without trying an actual malware pack)? I don't care about a log as long as it works :D

This page might be of help: Cloud-delivered protection - Windows Defender Testground
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
The web page:
delivered protection - Windows Defender Testground
is a part of the well known WD testground website. This website can be helpful to test some of ConfigureDefender settings (also cloud-delivered protection). (y)

Freki123,
Testing WD does not solve your issue because is not related to the Windows Firewall blocking. You should examine Glasswire settings and allow the path:
C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
I do not use Glasswire, so I do not know if this can be done effectively. The effective way would be allowing EXE files from the parent folder:
C:\programdata\microsoft\windows defender\platform
Simply, after updating the WD Antimalware engine, the file msmpeng.exe will be in another subfolder of the above folder.
Something wrong can be with your WD updates - on my computer the msmpeng.exe is in
C:\programdata\microsoft\windows defender\platform\4.18.2003.6-0
folder (4.18.2003.6-0 is a version of the file and WD Anti Malware service).
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top