Hard_Configurator - Windows Hardening Configurator

ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,027
oldschool said:
@ErzCrz



Any browser may be configured in Windows 10 anti-exploit protection.



Correct.
Click to expand...

Thanks. I only have Windows 10 Home so I don't have the advanced anti-exploit but yeah, I'm protected by H_C. I just had some uBO issues with Chromium Edge bt using the Microsoft Store version of it although outdated fixed it so far. I just thought I'd check while testing it and for when I se other browsers occasionally. (1.23.0 Win store version and Chrome store version 1.24.4). Anyway, that's off topic but good to know I'm protected whatever I use :)
 
  • Like
Reactions: oldschool, [correlate], Protomartyr and 3 others
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,272
ErzCrz said:
Thanks. I only have Windows 10 Home so I don't have the advanced anti-exploit but yeah, I'm protected by H_C. I just had some uBO issues with Chromium Edge bt using the Microsoft Store version of it although outdated fixed it so far. I just thought I'd check while testing it and for when I se other browsers occasionally. (1.23.0 Win store version and Chrome store version 1.24.4). Anyway, that's off topic but good to know I'm protected whatever I use :)
Click to expand...
Exploit Protection is also available in Windows10 Home:
docs.microsoft.com

Turn on exploit protection to help mitigate against attacks - Microsoft Defender for Endpoint

Learn how to enable exploit protection in Windows. Exploit protection helps protect your device against malware.
docs.microsoft.com
 
  • Like
  • Thanks
Reactions: oldschool, [correlate], plat and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,191
Edge (native or Chromium) has the strongest Exploit Protection settings. Most of these settings (but not all) can be applied to any web browser. As for privacy, it is not the best solution (like Google Chrome too). Anyway, it is probably the best web browser (except web browsers with dedicated Banking Protection) for banking. So, you can use Edge as a separate web browser only for Banking.
If you have Windows 10 Pro, then you can also enable WD Application Guard. This would make Edge the best Banking web browser, but I am not sure how is its impact on system performance.
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: [correlate], shmu26, ForgottenSeer 85179 and 5 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,027
Andy Ful said:
Edge (native or Chromium) has the strongest Exploit Protection settings. Most of these settings (but not all) can be applied to any web browser. As for privacy, it is not the best solution (like Google Chrome too). Anyway, it is probably the best web browser (except web browsers with dedicated Banking Protection) for banking. So, you can use Edge as a separate web browser only for Banking.
If you have Windows 10 Pro, then you can also enable WD Application Guard. This would be the best Banking web browser, but I am not sure how is its impact on system performance.
Click to expand...

Thanks. @oldschool was a bit help in setting the anti-exploit settings for Chromium Edge and other browers. I'd not delved into that side of things previously. Might be a cool idea to one day have browser lockdown in H_C but just a thought.

Anyway, looking forward to the next stable release :)

Erz
 
  • Like
Reactions: plat, [correlate], Andy Ful and 2 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
  • Like
Reactions: [correlate]
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,191
security123 said:
Microsoft provide workaround for both client and server.
Click to expand...
The workaround is disabling SMB (recommended by Microsoft). You probably thought about the vulnerability patch via Windows Updates?
Anyway, the SMB protocols are vulnerable by design. In the home environment, It is better to disable them if not needed.
 
  • Like
Reactions: oldschool, plat, Protomartyr and 3 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Gentlemen sorry but nothing is understood.
The Powershell command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force
Click to expand...

disables SMBv3 compression. (server side).

________________________________________________________________________________

@security123

Do you suggest disabling SMBv3 compression + other client-side remedies?

@Andy Ful

You instead,suggest to completely disable the SMB3 protocol (and therefore also SMB2) with your tool?
 
  • Like
Reactions: plat, Protomartyr, oldschool and 3 others
F

ForgottenSeer 85179

  • Like
Reactions: Sampei Nihira, Protomartyr, oldschool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,191
Sampei Nihira said:
...
@Andy Ful

You instead,suggest to completely disable the SMB3 protocol (and therefore also SMB2) with your tool?
Click to expand...
Disable SMB via any method, if you do not use devices that rely on SMB protocols. That is a Microsoft recommendation.
If you are using H_C then the setting <Disable SMB> = ON123, can be applied.
 
  • Like
  • +Reputation
Reactions: bribon77, Sampei Nihira, Protomartyr and 5 others
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
759
@Andy Ful Im still on Hard Configurator 5.0.0.0 on Win 10 pro. When I checked the firewall log I see multiple blocks for MS AV.

Local Time: 2020/03/17 17:15:26
ProcessId: 3612
Application: C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
Direction: Outbound
SourceAddress: 192.168.X.XX
SourcePort: 50439
DestAddress: 40.115.3.210
DestPort: 443
Protocol: 6
FilterRTID: 74420
LayerName: %%14611
LayerRTID: 48

The file is clean on Virus Total and im pretty sure the pc also. I always used HC with nearly everything possible checked, even the firewall rules and never saw these blocks afaik.(Haven't changed my H_C config the last weeks)
So whats with the blocks now?
 
  • Like
Reactions: oldschool, harlan4096, shmu26 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,191
Freki123 said:
@Andy Ful Im still on Hard Configurator 5.0.0.0 on Windows 10 pro. When I checked the firewall log I see multiple blocks for MS AV.

Local Time: 2020/03/17 17:15:26
ProcessId: 3612
Application: C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
Direction: Outbound
SourceAddress: 192.168.X.XX
SourcePort: 50439
DestAddress: 40.115.3.210
DestPort: 443
Protocol: 6
FilterRTID: 74420
LayerName: %%14611
LayerRTID: 48

The file is clean on Virus Total and im pretty sure the pc also. I always used HC with nearly everything possible checked, even the firewall rules and never saw these blocks afaik.(Haven't changed my H_C config the last weeks)
So whats with the blocks now?
Click to expand...
It is not blocked by H_C (FirewallHardening), except If you manually added the file path for msmpeng.exe - simply check the entries visible in the FirewallHardening window. The firewall log shows all outbound connections blocked by Windows Firewall. You probably use something else to restrict the Windows Firewall connections.
The file mspeng.exe is a part of WD AV. This outbound connection is related to Microsoft:
www.ipvoid.com

IP Whois Online, Whois Lookup Online | IPVoid

Query the whois database online to find information about a domain name or an IP address. With the whois lookup you can find the owner of the specified domain name and more.
www.ipvoid.com www.ipvoid.com
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: Gandalf_The_Grey, plat, harlan4096 and 5 others
F

Freki123

Level 16
Verified
Top Poster
Aug 10, 2013
759
Thanks Andy, I didn't add anything manually in H_C Firewall besides the options you gave me (recommended + lol bins) but Im using Glaswire as a firewall (ms av not blocked). Since it seems to be my specific software config I will have to tinker around a bit.
Thanks a lot for the fast answer :)

Edit:
I still seem to have the message in the firewall log every now and then, but I can still let windows defender scan files or search and find protection updates. So any chance to test if ms av is working as intended (without trying an actual malware pack)? I don't care about a log as long as it works :D
 
Last edited:
  • Like
Reactions: Andy Ful, Protomartyr, Gandalf_The_Grey and 4 others
South Park

South Park

Level 9
Verified
Well-known
Jun 23, 2018
434
Freki123 said:
Thanks Andy, I didn't add anything manually in H_C Firewall besides the options you gave me (recommended + lol bins) but Im using Glaswire as a firewall (ms av not blocked). Since it seems to be my specific software config I will have to tinker around a bit.
Thanks a lot for the fast answer :)

Edit:
I still seem to have the message in the firewall log every now and then, but I can still let windows defender scan files or search and find protection updates. So any chance to test if ms av is working as intended (without trying an actual malware pack)? I don't care about a log as long as it works :D
Click to expand...

This page might be of help: Cloud-delivered protection - Windows Defender Testground
 
  • Like
  • Thanks
Reactions: Protomartyr, plat, Freki123 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,191
The web page:
delivered protection - Windows Defender Testground
is a part of the well known WD testground website. This website can be helpful to test some of ConfigureDefender settings (also cloud-delivered protection). (y)

Freki123,
Testing WD does not solve your issue because is not related to the Windows Firewall blocking. You should examine Glasswire settings and allow the path:
C:\programdata\microsoft\windows defender\platform\4.18.2001.10-0\msmpeng.exe
I do not use Glasswire, so I do not know if this can be done effectively. The effective way would be allowing EXE files from the parent folder:
C:\programdata\microsoft\windows defender\platform
Simply, after updating the WD Antimalware engine, the file msmpeng.exe will be in another subfolder of the above folder.
Something wrong can be with your WD updates - on my computer the msmpeng.exe is in
C:\programdata\microsoft\windows defender\platform\4.18.2003.6-0
folder (4.18.2003.6-0 is a version of the file and WD Anti Malware service).
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: Protomartyr, plat, oldschool and 5 others

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
269
Views
20,725
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
23,080
Hard_Configurator Tools
South Park
South Park
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
631
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top