Hard_Configurator - Windows Hardening Configurator

[509322]

Thanks for the confirmation. I was afraid specially of breaking Windows updates. They can break easily, and sometimes, it is hard to find the fix.

Don't restrict msiexec.exe (it is on Florian's old lists).

You can restrict wusa.exe for home Windows versions (the command line Windows Update utility - it is on Florian's oldest list).

The last time that I saw Windows Update use an interpreter was the GWX Win 10 Upgrade utility; it used powershell.

powershell is used when installing (but not updating) a small number of softs like Microsoft Office and DropBox.

The rationale for items that Florian removes from his list:

1. disabling them caused too many issues (very rare, and even then not always the case); and\or
2. rarely abused
3. with everything else on the list disabled, there is very little to almost no probability of persistent infection

SRP that disables the bulk of vulnerable processes on home versions of Windows, very little to no problem. On a test system I have 99% of them disabled and only run into to one being blocked once in a great while. Most of the stuff just is not used on a routine basis.

The incidence of blockages increases with the number of software installed on a system. However, something being blocked is not critical as it can be allowed temporarily or permanently as needed. Disabling the stuff that we are talking about does not kill Windows.

 

[509322]

Thanks for the confirmation. I was afraid specially of breaking Windows updates. They can break easily, and sometimes, it is hard to find the fix.

Just by looking at it I know Florian's list breaks Windows Updates on Windows Server versions, but you need not worry about it.

 

[Andy Ful]

I use the blacklist from May 2017 (there are not wusa.exe and msiexec.exe on it).
I think that updates should bypass SRP in Hard_Configurator settings, so even blocking msiexec.exe, should not break Windows updates. I will test this today on Vista 32-bit.

 

[Windows_Security]

@Andy Ful

Create a campaign GoFundMe: #1 for Crowdfunding & Fundraising Websites to raise money for signing.

Regards Kees

 

[Andy Ful]

Thanks for an idea, I missed this possibility.
I would like to keep Hard_Configurator as a freeware.

 

[Andy Ful]

I made the test with blocked executables from the Bouncer Blacklist (including msiexec.exe and wusa.exe) on Windows Vista 32-bit (installed on VirtualBox):

Vista installed > Hard_Configurator installed (Block Sponsors) > Updated > SP1> Updated > SP2 > Updated

With the above (maximum) Hard_Configurator settings the Windows was updated (171 updates). All updates were installed successfully. SRP blocked only one executable from the Bouncer blacklist (four times, without any visible issues): regsvr32.exe.

As I mentioned in my previous post, msiexec.exe and many more system executables can safely bypass Hard_Configurator SRP settings, because they are running elevated. Only processes starting with medium (or lower) integrity level are stopped by such configured SRP.

 

[Daniel Keller]

Hi Andy,
since the tests seem to run fine...do you already know when the update of HC will arrive?

 

[Windows_Security]

Thanks for an idea, I missed this possibility.
I would like to keep Hard_Configurator as a freeware.

Don't forget to you use your network (MalwareTips and other security forums included) to the max when launching such a campaign (contact me via PM for tips)

 

[Andy Ful]

Don't forget to you use your network (MalwareTips and other security forums included) to the max when launching such a campaign (contact me via PM for tips)

Thanks.

 

[Andy Ful]

Hi Andy,
since the tests seem to run fine...do you already know when the update of HC will arrive?

I am working on a video clip about changes between versions 3.0.1.0 and 3.0.0.1.
There are some important changes (blocked Sponsors, configuration profiles). I would publish a beta version in July, but it seems to me that it would be better to publish a complete version (in September maybe). I must rethink a backup of Hard_Configurator settings, when someone wants to make a fresh Windows installation.

 

[Daniel Keller]

@Andy Ful: Thank you very much for the update!

If you need betatester just let me / us know

 

[Andy Ful]

@Andy Ful: Thank you very much for the update!

If you need betatester just let me / us know

Thanks. Independent tests are very important.
I will prepare the beta version. It has to be sent first to Microsoft, because Windows Defender behavior monitoring and other heuristics, will soon think that it is a malware program. I think that I could finally upload the Hard_Configurator v.3.0.1.0 beta to GitHub in the next week.
The video about the new version will be finished tomorrow.

 

[Andy Ful]

Part 1.


Part 2.


I am not a good video maker - no sound.

 

[Daniel Keller]

@Andy Ful: This looks absolutly amazing. Love the changes and the new buttons.

Can't wait to test this
Thank you so much for your hard work and time!!!

 

[Andy Ful]

@Andy Ful: This looks absolutly amazing. Love the changes and the new buttons.

Can't wait to test this
Thank you so much for your hard work and time!!!

You are a very patient person. Those video clips are veeery lengthy.

 

[Daniel Keller]

You had the patience to create them and you take the time to improve this great tool for us...
I just invested some time in something really worth it .

 

[Andy Ful]

Hard_Configurator_beta_3.0.1.0 is ready to download from GitHub:
For 64-bit Windows: https://github.com/AndyFul/Hard_Con...Hard_Configurator_setup(x64)_beta_3.0.1.0.exe

Something wrong is with 32-bit version, I will send it later.
I have the problem with installer submission. I must wait for the Microsoft answer.

 

[Andy Ful]

I found a detection error on Emsisoft related webpage:
log.exe Details. Is this file safe? Check the directory
The detection is for Nirsoft nircmdc.exe v.2.81, and it is recognized as a malware.
On VirusTotal the same file is detected by Emsisoft as clean:
Antivirus scan for 12459a5e9afdb2dbff685c8c4e916bb15b34745d56ef5f778df99416d2749261 at 2017-08-03 16:20:51 UTC - VirusTotal
I downloaded the original file from NirSoft webpage, and uploaded to VirusTotal. The SHA-1 and MD5 hashes were identical with those from log.exe Details. Is this file safe? Check the directory. So, I submited this file to Emsisoft as a false positive.
Unfortunately, Hard_Configurator installers contain this (most actual) version of nircmdc.exe, so also Hard_Configurator installers are recognized on "http://www.isthisfilesafe.com" as Not Trusted.
Of course, on VirusTotal, the Emsisoft detection of Hard_Configurator beta 3.0.1.0 installers is clean.

 

[Deleted member 178]

Nirsoft apps are always considered as threats because of their inherent nature.

 

[Andy Ful]

Nirsoft apps are always considered as threats because of their inherent nature.

Not in this case. The 64-bit version is detected as clean:
malware.exe Details. Is this file safe? Check the directory
Antivirus scan for fb5443d482c98f02a343fb0c50bf86aed5ac7a4aaea00e818ff1ef96771602d3 at 2017-08-03 09:32:06 UTC - VirusTotal

Edit.
The SHA-1 and MD5 hashes are identical for VirusTotal and "isthisfilesafe.com" .