Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I modified the CXK-NMSL ransomware BAT and uploaded it to VirusTotal:

PrayForMercy.png


The modified BAT encrypts only files in the Favorites folder (%USERPROFILE%\Favorites).
Of course, that could be any folder, too.:)

Edit.
I had to improve it a little, because the original BAT did not work correctly when run manually from the non-system drive.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Can you briefly make a similar comparison to OSArmor in default settings? How many scenarios can be blocked by OSArmor?
This would be hard, because only the OSArmor developer knows how exactly it works (no documentation). I never tested OSArmor against script attacks.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630

South Park

Level 9
Verified
Well-known
Jun 23, 2018
431
In the new H_C ver. 5.0.1.0, I added additional setting profile named Windows_10_Basic_hardening
It is equal to the Recommended Settings, except that in Recommended Settings the EXE and MSI files are allowed only in user AppData and ProgramData folders. In the Windows_10_Basic_hardening settings, the EXE and MSI files are allowed globally.
I added the profile description:

"Harden Windows 10 while maintaining maximum functionality and compatibility.

Please note: this profile allows the user to install/execute/update applications via EXE and MSI files. The only exceptions are EXE and MSI files executed directly from an archive or email client.
The scripts, shortcuts and other files with unsafe extensions are blocked by default in UserSpace.
The "Run By SmartScreen" entry in the Explorer context menu can be used to check the standalone application installers by SmartScreen Application Reputation service.

It is recommended to use this profile with ConfigureDefender HIGH Protection Level (if WD is the main antivirus) and "Recommended H_C" firewall outbound block rules (see <FirewallHardening> option). The profile can be used also with another antivirus with strong proactive detection."
Where can I find the link to download this version?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Andy can you check this? This is the sample "RipWin.exe" from "Mixed Threats #16 (10/04/2020)". You can check this on anyrun: RipWin.exe (MD5: BED2A2EEB592522BA8EEB52CBA770392) - Interactive analysis - ANY.RUN
And also have a look here in the behavior section of VT: VirusTotal

Can Hard_Configurator block this in Windows_*_Basic_Recommended_Settings.hdc profile?
Yes. This EXE is a dropper which spawns the BAT in UserSpace with command-line:
Code:
"C:\Windows\system32\cmd" /c "C:\Users\admin\AppData\Local\Temp\E131.tmp\E132.tmp\E133.bat
The BAT will be blocked.
 
F

ForgottenSeer 85179

There are some good PDF Readers in Microsoft Store:
PDF viewers (all use Appcontainer):
Adobe Reader Touch
Foxit MobilePDF
PDF Viewer Plus, from GSnathan
PDF Reader from Kdan Mobile
Perfect PDF Reader, from soft Xpansion
Xodo PDF Reader & Editor (very fast with big documents)

PDF Reader plugins in web browsers are far more vulnerable to attacks and can help to exploit the web browser.
Sorry for answer to this "old" post, but i make some research:
Foxit MobilePDF and PDF Viewer Plus, from GSnathan are outdated:
foxit.jpg gsnathan.jpg

Apps may be still secure because of AppContainer, but i don't like such outdated tools ;)
I doesn't check other ones
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Sorry for answer to this "old" post, but i make some research:
Foxit MobilePDF and PDF Viewer Plus, from GSnathan are outdated:
View attachment 237707 View attachment 237708

Apps may be still secure because of AppContainer, but i don't like such outdated tools ;)
I doesn't check other ones
I am not sure if I understand your point. You do not want to use safe, fully functional and system compatible software because of its age? It is a kind of fashion, isn't it? ;)
Of course, there is nothing wrong with fashion-based choices, if they are better than the old one.:)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I want use safe software, but not unmaintained. Anyway i don't know how important for AppContainer that is.
I use Adobe Touch for viewing PDF files. It is still more secure than any desktop PDF viewer and faster than most of them. The AppContainer changes are very slow (if any) as compared to desktop platform, so the apps that work in AppContainer do not require changes, too. Furthermore, criminals are not interested in attacking the AppContainer.
 
F

ForgottenSeer 85179

I use Adobe Touch for viewing PDF files. It is still more secure than any desktop PDF viewer and faster than most of them. The AppContainer changes are very slow (if any) as compared to desktop platform, so the apps that work in AppContainer do not require changes, too. Furthermore, criminals are not interested in attacking the AppContainer.
Isn't Adobe highly under attack?
Sorry for OT :D
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Isn't Adobe highly under attack?
Sorry for OT :D
Yes, it is (except UWP apps in AppContainer). The UWP apps are coded differently, so it is hard to apply the same exploits as for desktop applications. Furthermore, the UWP apps are much simpler, so they have a much smaller attack surface.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top