Hard_Configurator - Windows Hardening Configurator

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,650
Trying Hard_Configurator again with a new setup.
Use it like SysHardener to harden Windows.
With WIndows_10_MT_Windows_Security_hardening profile and Validate Admin C.S. off.
Using this profile my HP Office Jet Pro 9015 works without any problems (y)
And would prefer it because it seems that SysHardner has no support and development at this moment.
The support and dedication of @Andy Ful is above anything seen before 👏
Beta 5.0.0.1 is a bit jumpy on my system and asks me to save my configuration every time I open the GUI.
So I'm using the stable 5.0.0.0 now.
At the moment I'm seeing 1 warning in the log:
Event Time Record ID Event ID Level Channel Provider Description Opcode Task Keywords Process ID Thread ID Computer User
28-3-2020 10:22:55.106 1564 4 Warning Microsoft-Windows-Security-Mitigations/KernelMode Microsoft-Windows-Security-Mitigations Proces '\Device\HarddiskVolume4\Windows\System32\svchost.exe' (PID 904) is geblokkeerd voor het maken van een onderliggend proces 'C:\WINDOWS\system32\DllHost.exe' met opdrachtregel 'C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}'. 2 0x8000000000000000 904 10676 Nitro NT AUTHORITY\SYSTEM
Click to expand...
Do you know what this warning means and how I can solve this?
 
Last edited:
  • Like
Reactions: Terry Ganzi, Venustus, Protomartyr and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,177
Gandalf_The_Grey said:
Trying Hard_Configurator again with a new setup.
Use it like SysHardener to harden Windows.
With WIndows_10_MT_Windows_Security_hardening profile and Validate Admin C.S. off.
Using this profile my HP Office Jet Pro 9015 works without any problems (y)
Click to expand...
That is OK. :)(y)

Gandalf_The_Grey said:
Beta 5.0.0.1 is a bit jumpy on my system and asks me to save my configuration every time I open the GUI.
So iIm using the stable 5.0.0.0 now.
Click to expand...
Do you remember the text in the alert from beta 5.0.0.1? I am not sure what was the problem.

Gandalf_The_Grey said:
At the moment I'm seeing 1 warning in the log:

Do you know what this warning means and how I can solve this?
Click to expand...
The warnings with the channel Microsoft-Windows-Security-Mitigations/KernelMode and Event Id 4, are related to Exploit protection "Do not allow child processes" (not H_C related).
docs.microsoft.com

Apply mitigations to help prevent attacks through vulnerabilities

Protect devices against exploits with Windows 10 or Windows 11. Windows has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET).
docs.microsoft.com
You probably configured Exploit protection mitigations for some applications (maybe Chrome web browser) or this mitigation is predefined (like in the case of Edge Chromium, Outlook etc.).
 
Last edited:
  • Like
  • +Reputation
Reactions: Venustus, Protomartyr, oldschool and 4 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,650
Andy Ful said:
That is OK. :)(y)


Do you remember the text in the alert from beta 5.0.0.1? I am not sure what was the problem.


The warnings with the channel Microsoft-Windows-Security-Mitigations/KernelMode and Event Id 4, are related to Exploit protection "Do not allow child processes" (not H_C related).
docs.microsoft.com

Apply mitigations to help prevent attacks through vulnerabilities

Protect devices against exploits with Windows 10 or Windows 11. Windows has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET).
docs.microsoft.com
You probably configured Exploit protection mitigations for some applications (maybe Chrome web browser) or this mitigation is predefined (like in the case of Edge Chromium, Outlook etc.).
Click to expand...
Thanks @Andy Ful (y)
Like @SeriousHoax said:
Every time 5.0.0.1 beta is opened whether you change any settings or not it asks to Log off or Refresh explorer when closing.
Click to expand...
I will look into the exploit protection.
Could be VoodooShield related.
Will look if the error also occurs without VoodooShield.
If not I will report it to @danb
 
  • Like
Reactions: Terry Ganzi, Venustus, Protomartyr and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,177
@Gandalf_The_Grey,
The GUID from your post ("{3EB3C877-1F16-487C-9050-104DBCD66683}") is related to the WinInetCacheServer. Some people disable Wininet task for privacy reasons, so it can be also related to privacy applications. See for example:
superuser.com

Firefox spawns a DllHost.exe process when downloading ZIP files

I'm running Windows 7 Professional 32-bit. When downloading a ZIP file in Firefox, a DllHost.exe process appears. The command line is this: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F1...
superuser.com superuser.com
 
Last edited:
  • Like
  • +Reputation
Reactions: Venustus, Protomartyr, oldschool and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,177
SeriousHoax said:
Yes the beta version. Btw, I installed this over the 5.0 version.
Click to expand...
I tried to reproduce the issue in my VMs, by installing ver. 5.0.0.1 over ver. 5.0.0.0 on Recommended Settings. But, everything works well.
It seems that another security application prevents H_C ver. 5.0.0.1 from making some automatic changes required for the new version.
So, even if you start H_C ver. 5.0.0.1 and close it soon after showing the main window, the alert will be displayed to Log OFF or refresh Explorer. I will try to run update H_C to ver. 5.0.0.1 with installed VoodooShield.
Could you post here the screenshot of the main H_C window on your machine?
 
  • Like
Reactions: Venustus, Protomartyr, silversurfer and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,177
@SeriousHoax
Are you sure that the issue can be seen with the Recommended Settings? I tried other H_C setting profiles, too. Finally, I could reproduce the issue, but only when using the profile: Windows_10_MT_Windows_Security_hardening. This issue is a simple bug that causes unnecessary alerts.
If your issue is as above, then it is not related to incompatibilities with another security.
 
  • Like
Reactions: Venustus, Protomartyr, Gandalf_The_Grey and 4 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,648
Andy Ful said:
@SeriousHoax
Are you sure that the issue can be seen with the Recommended Settings? I tried other H_C setting profiles, too. Finally, I could reproduce the issue, but only when using the profile: Windows_10_MT_Windows_Security_hardening. This issue is a simple bug that causes unnecessary alerts.
If your issue is as above, then it is not related to incompatibilities with another security.
Click to expand...
Yes, I'm using this profile Windows_10_MT_Windows_Security_hardening. So the warring only pops up for this profile? 5.0 didn't have this issue.
 
  • Like
Reactions: Venustus, Protomartyr, harlan4096 and 4 others
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Andy Ful said:
@SeriousHoax
Are you sure that the issue can be seen with the Recommended Settings? I tried other H_C setting profiles, too. Finally, I could reproduce the issue, but only when using the profile: Windows_10_MT_Windows_Security_hardening. This issue is a simple bug that causes unnecessary alerts.
If your issue is as above, then it is not related to incompatibilities with another security.
Click to expand...
Andy thanks for checking and @SeriousHoax for reporting

Andy, I used this profile as a baseline for my girlfriend's setup (running H_C with Kaspersky Free) . What is different in that setup that it runs into a bug and the other profiles not?
 
  • Like
Reactions: Venustus, Protomartyr, silversurfer and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,650
Andy Ful said:
@Gandalf_The_Grey,
The GUID from your post ("{3EB3C877-1F16-487C-9050-104DBCD66683}") is related to the WinInetCacheServer. Some people disable Wininet task for privacy reasons, so it can be also related to privacy applications. See for example:
superuser.com

Firefox spawns a DllHost.exe process when downloading ZIP files

I'm running Windows 7 Professional 32-bit. When downloading a ZIP file in Firefox, a DllHost.exe process appears. The command line is this: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F1...
superuser.com superuser.com
Click to expand...
Not related to Hard_Configurator, but I think I solved my "WinInetCacheServer" issue.
With your explanation Andy it could only be O&O ShutUp10 or VoodooShield.
Too much protection added by myself in VoodooShield for the new MS Edge.
With VoodooShield at default values, we have a clean log sofar (y)
One of the reasons to love HC, the logs let you see issues you wouldn't have found and solved otherwise. :love:
 
  • Like
Reactions: Terry Ganzi, Venustus, Protomartyr and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,177
SeriousHoax said:
Yes, I'm using this profile Windows_10_MT_Windows_Security_hardening. So the warring only pops up for this profile? 5.0 didn't have this issue.
Click to expand...
Lenny_Linux said:
Andy thanks for checking and @SeriousHoax for reporting

Andy, I used this profile as a baseline for my girlfriend's setup (running H_C with Kaspersky Free) . What is different in that setup that it runs into a bug and the other profiles not?
Click to expand...
It is related to the new feature <Update Mode>.
In the profile Windows_10_MT_Windows_Security_hardening, both EXE and MSI files are allowed globally and the <Update Mode> set to ON or MSI would be redundant. So H_C checks it and makes the correction if required. I did not notice, that due to a bug the correction is performed even if it is not required. Of course, the final settings are OK - simply, unnecessary correction produces unnecessary alerts.
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: oldschool, Lenny_Fox, Venustus and 7 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,650
Gandalf_The_Grey said:
Not related to Hard_Configurator, but I think I solved my "WinInetCacheServer" issue.
With your explanation Andy it could only be O&O ShutUp10 or VoodooShield.
Too much protection added by myself in VoodooShield for the new MS Edge.
With VoodooShield at default values, we have a clean log sofar (y)
One of the reasons to love HC, the logs let you see issues you wouldn't have found and solved otherwise. :love:
Click to expand...
Damn, the error is back, investigation continues....
Uninstalled VoodooShield for the moment as part of that investigation.
 
  • Like
  • Wow
Reactions: Protomartyr, stefanos, harlan4096 and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,650
Okay, it seems that CCleaner was the source of the error:
Event Time Record ID Event ID Level Channel Provider Description Opcode Task Keywords Process ID Thread ID Computer User
28-3-2020 10:22:55.106 1564 4 Warning Microsoft-Windows-Security-Mitigations/KernelMode Microsoft-Windows-Security-Mitigations Proces '\Device\HarddiskVolume4\Windows\System32\svchost.exe' (PID 904) is geblokkeerd voor het maken van een onderliggend proces 'C:\WINDOWS\system32\DllHost.exe' met opdrachtregel 'C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}'. 2 0x8000000000000000 904 10676 Nitro NT AUTHORITY\SYSTEM
Click to expand...
Found by the log of Hard_Configurator and the investigation begins from here:
malwaretips.com

Hard_Configurator - Windows Hardening Configurator

Trying Hard_Configurator again with a new setup. Use it like SysHardener to harden Windows. With WIndows_10_MT_Windows_Security_hardening profile and Validate Admin C.S. off. Using this profile my HP Office Jet Pro 9015 works without any problems (y) And would prefer it because it seems that...
malwaretips.com malwaretips.com
Had a hard time letting my old friend CCleaner go 😥
But now it's off my system and replaced by Autoruns and PrivaZer
docs.microsoft.com

Autoruns for Windows - Sysinternals

See what programs are configured to startup automatically when your system boots and you login.
docs.microsoft.com

Free PC cleaner & Privacy tool

Free PC cleaner & Privacy tool
privazer.com privazer.com
I will keep checking the logs but hope it stays a clean log. 🤔
 
  • Like
  • Applause
Reactions: Protomartyr, toto_10, plat and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,177
In the new H_C ver. 5.0.1.0, I added additional setting profile named Windows_10_Basic_hardening
It is equal to the Recommended Settings, except that in Recommended Settings the EXE and MSI files are allowed only in user AppData and ProgramData folders. In the Windows_10_Basic_hardening settings, the EXE and MSI files are allowed globally.
I added the profile description:

"Harden Windows 10 while maintaining maximum functionality and compatibility.

Please note: this profile allows the user to install/execute/update applications via EXE and MSI files. The only exceptions are EXE and MSI files executed directly from an archive or email client.
The scripts, shortcuts and other files with unsafe extensions are blocked by default in UserSpace.
The "Run By SmartScreen" entry in the Explorer context menu can be used to check the standalone application installers by SmartScreen Application Reputation service.

It is recommended to use this profile with ConfigureDefender HIGH Protection Level (if WD is the main antivirus) and "Recommended H_C" firewall outbound block rules (see <FirewallHardening> option). The profile can be used also with another antivirus with strong proactive detection."
 
  • Like
  • +Reputation
  • Wow
Reactions: South Park, Protomartyr, toto_10 and 7 others

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
265
Views
19,932
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
22,760
Hard_Configurator Tools
South Park
South Park
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
589
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top