Hard_Configurator - Windows Hardening Configurator

Nautilus

Level 2
Apr 27, 2020
99
Hi Andy I do have a question: I have hc currently at recommended , but everytime i want to run patchmypc it is getting blocked and I have to turn off protection manually. Same goes die updating programs menually like internet download manager and km player : exe's do get to download , but the install process gets blocked.is there a way to get these whitelisted in hc?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hi Andy I do have a question: I have hc currently at recommended , but everytime i want to run patchmypc it is getting blocked and I have to turn off protection manually. Same goes die updating programs menually like internet download manager and km player : exe's do get to download , but the install process gets blocked.is there a way to get these whitelisted in hc?
Hi,
Whitelisting is not for installers or updates. It is mainly for running already installed/updated applications when they are blocked in UserSpace by SRP. If you are using the default admin account (not SUA) then simply run the installer/updater via "Run As SmartScreen" from the right-click Explorer context menu.
You can do it also for "Patch My Pc" which is a portable application and requires Administrative rights (kind of installer and updater).

For frequently used portable applications, it is better to make a special folder and whitelist this folder by using <Whitelist By Path> <Add Folder>. Any portable application from this folder will be allowed to run normally - but first, run the new portable application once via "Run As SmartScreen" to see if it has a good reputation. You can also copy "Patch My Pc" to this whitelisted folder, if you do not like to use "Run As SmartScreen" every time.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
In the H_C beta 5.0.0.1 the "Run As SmartScreen" feature is replaced by "Install By SmartScreen". It is designed to run only the standalone installers/updaters.
Furthermore, in the Recommended Settings, the "Install By SmartScreen" does not force Administrative rights (can be used also on SUA). "Install By SmartScreen" does not run the executable from its location, but first copy it to the random temporary folder and next run the copy from there (the temporary folders are deleted). This prevents DLL hijacking, but usually, it can work only for the standalone installers/updaters.

So, @Nautilus will be able to use "Install By SmartScreen" to run "Patch My Pc", but running already installed applications (except portable ones) via "Install By SmartScreen" will usually fail.
To run the STWOR game, @Freki will have to use "Run As Administrator" from the Explorer context menu or whitelist the STWOR game folder.

Edit.
I do not think that DLL hijacking can be dangerous for home users because detecting DLL hijacking is an easy task for most AVs supported by the cloud. It can be sometimes used in the archives delivered via spam attachments or via infected flash drives.
There are many application installers that have DLL hijacking vulnerability, but normally it would be hard to infect the computer in this way, especially when using "Install By SmartScreen".
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@Andy Ful is there any chance to implement to hard configurator a way for manage outbound rules? Something like simplewall or WFC
You can use <FirewallHardening> (violet button) to block the outbound connection of any desktop application. But, this feature uses Windows Firewall policies and it is a simple block/allow tool.
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
You can use <FirewallHardening> (violet button) to block the outbound connection of any desktop application. But, this feature uses Windows Firewall policies and it is a simple block/allow tool.
Firewall Hardening is not just for block items? In this way is all allowed and u manage what u want to block, I would ask for a "notifier" so i can chosen if allow the program for connect out
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Firewall Hardening is not just for block items? In this way is all allowed and u manage what u want to block, I would ask for a "notifier" so i can chosen if allow the program for connect out
You can choose a predefined list of blocked LOLBins, or add other applications.
Use <Add Rule> button. The added entry is placed as the last entry. But, after opening the FirewallHardening the second time the paths of blocked applications are automatically sorted.
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Y ik, but consider this, i think a default deny approach, with allow option is more safe then a default allow approach with block options. I am not an expert, but consider if install today hard configurator , and i have some sort of paylord in my system with default allow can connect to outside and i am not able to block. With default deny approach if see abc.exe trying to connect outside, and i know in general programs on my pcs, i can stop it. For me could be another layer of security. Sorry for my english, hope u can understand.
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Hello, Is Hard Configurator Better than Syshardener & OSAmor together, My system is Windows 1909 Home updated with BTS as AV?
Hi there, in my opinion is better, for some reasons. Correct if i wrong.
1. Hard configurator force smartscreen on new installers.
2. hard configurator can max settings in windows defender
About other things are almost the same (SRP, firewall).
Pls note syshardener and osarmor are months that are not updates.
With BTS (bit defender total security?) i would suggest to no use nothing.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hello, Is Hard Configurator Better than Syshardener & OSAmor together, My system is Windows 1909 Home updated with BTS as AV?
The term "Better" can mean different things to different people. :)
The typical setup on Windows 10, based on SysHardener and OSArmor, has a bigger attack surface as compared to Hard_Configurator Recommended Settings. If OSArmor will not be updated for a long time, then it can induce some incompatibilities with Windows 10. Anyway, with BTS and scripting restricted properly by OSArmor, your setup will be strong enough. If you will encounter problems with OSArmor, then you can use SysHardener for basic anti-script protection or Hard_Configurator. Please remember that Hard_Configurator requires some learning.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hard_Configurator beta 5.0.1.1

What is new? (as compared to stable version 5.0.0.0)


Version 5.0.1.1
  1. Added the integrity module which can check and solve problems when SRP is tampered by another application.
  2. Added a quick method to refresh SRP rules.
  3. Added the new setting profile Windows_*_Basic_Recommended_Settings.hdc and included it in Hard_Configurator manual.
  4. Removed the "All files" SRP Enforcement setting due to possible incompatibilities with 3rd party security solutions. Furthermore, this setting is not used in Hard_Configurator predefined profiles and it is not well integrated with Recommended Settings on Windows 8+.
  5. Improved the SRP rules related to <Update Mode> and <Harden Archivers> (added support for Explzh archiver).
  6. Corrected some minor bugs.
  7. The installation files for Windows 64-bit and 32-bit were wrapped into one installation file by NSIS.:(

Version 5.0.0.1
  1. The new version of ConfigureDefender 2.1.1.1
  2. The new version of FirewallHardening 1.0.1.1 Added curl.exe to FirewallHardening LolBins, and curl.exe, certutil.exe to FirewallHardening 'Recommended H_C' rules. Removed the bug related to displaying the last blocked event.
  3. The new version of DocumentsAntiExploit tool - improved/corrected the Outlook macro protection.
  4. The new version of SwitchDefaultDeny 2.0.0.1 - adjusted to work with <Update Mode>.
  5. Changed the name of the H_C option <Run As SmartScreen> to <Forced SmartScreen>.
  6. Changed the name "Run As SmartScreen" (of the entry in the Explorer context menu) to "Install By SmartScreen".
  7. Added prevention against SmartScreen DLL hijacking (included in "Install By SmartScreen" and "Run By SmartScreen").
  8. Added 3 new options <Update Mode>, <Harden Archivers>, and <Harden Email Clients>. The <Update Mode> allows the execution of EXE (TMP) and MSI files in ProgramData and AppData folders, which allows the applications to auto-update without losing much of the H_C protection. These folders are hidden for the users in the Explorer default settings. The <Harden Archivers> and <Harden Email Clients> support the <Update Mode> to prevent bypassing the Hard_Configurator Recommended Settings. The settings <Update Mode> = ON, <Harden Archivers> = ON, and <Harden Email Clients> = ON are added to the H_C Recommended Settings on Windows 8+.
    The <Update Mode> = ON setting still blocks the EXE (TMP) and MSI files in other folders from UserSpace, like: Desktop, Documents, Downloads, Music, Movies, Pictures, non-system partitions, and USB drives. The user has to use "Install By SmartScreen" entry to run standalone application installers.
  9. Added some new H_C setting profiles.
    For example, the Windows_8_Strict_Recommended_Settings and Windows_10_Strict_Recommended_Settings apply for Recommended Settings used in H_C 5.0.0.0 and prior versions, which did not use the <Update Mode> feature.
  10. Whitelisted the folder ImplicitAppShortcuts (only for shortcuts).
  11. Whitelisted the shortcuts in the user Desktop, when the Desktop location is redirected. This can happen when the user chooses the Desktop backup in OneDrive or manually changes the path to the Desktop. After changing the path to the user Desktop, it is required to sign off from the account or refresh the Explorer. After that, the shortcuts on the Desktop in the new location will be automatically whitelisted.
  12. Added to the H_C manual many details related to Recommended Settings and Avast profiles, which can use now the <Update Mode> feature.
  13. Added the option to whitelisting globally the MSI files (<Whitelist By Path> "Allow MSI"). In the version 5.0.0.1, this setting is used when the user applies the profile "Windows_10_MT_Windows_Security_hardening.hdc" - both EXE (TMP) and MSI files are allowed. In the old setting profile "Windows_10_MT_Windows_Security_hardening.hdc", only EXE (TMP) files are globally allowed.
 
Last edited:

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Hard_Configurator beta 5.0.1.1

What is new? (as compared to stable version 5.0.0.0)


Version 5.0.1.1
  1. Added the integrity module which can check and solve problems when SRP is tampered by another application.
  2. Added a quick method to refresh SRP rules.
  3. Added the new setting profile Windows_*_Basic_Recommended_Settings.hdc and included it in Hard_Configurator manual.
  4. Removed the "All files" SRP Enforcement setting due to possible incompatibilities with 3rd party security solutions. Furthermore, this setting is not used in Hard_Configurator predefined profiles and it is not well integrated with Recommended Settings on Windows 8+.
  5. Improved the SRP rules related to <Update Mode> and <Harden Archivers> (added support for Explzh archiver).
  6. Corrected some minor bugs.
  7. The installation files for Windows 64-bit and 32-bit were wrapped into one installation file by NSIS. Unfortunately, this change is not included in the installation instructions.:(

Version 5.0.0.1
  1. The new version of ConfigureDefender 2.1.1.1
  2. The new version of FirewallHardening 1.0.1.1 Added curl.exe to FirewallHardening LolBins, and curl.exe, certutil.exe to FirewallHardening 'Recommended H_C' rules. Removed the bug related to displaying the last blocked event.
  3. The new version of DocumentsAntiExploit tool - improved/corrected the Outlook macro protection.
  4. The new version of SwitchDefaultDeny 2.0.0.1 - adjusted to work with <Update Mode>.
  5. Changed the name of the H_C option <Run As SmartScreen> to <Forced SmartScreen>.
  6. Changed the name "Run As SmartScreen" (of the entry in the Explorer context menu) to "Install By SmartScreen".
  7. Added prevention against SmartScreen DLL hijacking (included in "Install By SmartScreen" and "Run By SmartScreen").
  8. Added 3 new options <Update Mode>, <Harden Archivers>, and <Harden Email Clients>. The <Update Mode> allows the execution of EXE (TMP) and MSI files in ProgramData and AppData folders, which allows the applications to auto-update without losing much of the H_C protection. These folders are hidden for the users in the Explorer default settings. The <Harden Archivers> and <Harden Email Clients> support the <Update Mode> to prevent bypassing the Hard_Configurator Recommended Settings. The settings <Update Mode> = ON, <Harden Archivers> = ON, and <Harden Email Clients> = ON are added to the H_C Recommended Settings on Windows 8+.
    The <Update Mode> = ON setting still blocks the EXE (TMP) and MSI files in other folders from UserSpace, like: Desktop, Documents, Downloads, Music, Movies, Pictures, non-system partitions, and USB drives. The user has to use "Install By SmartScreen" entry to run standalone application installers.
  9. Added some new H_C setting profiles.
    For example, the Windows_8_Strict_Recommended_Settings and Windows_10_Strict_Recommended_Settings apply for Recommended Settings used in H_C 5.0.0.0 and prior versions, which did not use the <Update Mode> feature.
  10. Whitelisted the folder ImplicitAppShortcuts (only for shortcuts).
  11. Whitelisted the shortcuts in the user Desktop, when the Desktop location is redirected. This can happen when the user chooses the Desktop backup in OneDrive or manually changes the path to the Desktop. After changing the path to the user Desktop, it is required to sign off from the account or refresh the Explorer. After that, the shortcuts on the Desktop in the new location will be automatically whitelisted.
  12. Added to the H_C manual many details related to Recommended Settings and Avast profiles, which can use now the <Update Mode> feature.
  13. Added the option to whitelisting globally the MSI files (<Whitelist By Path> "Allow MSI"). In the version 5.0.0.1, this setting is used when the user applies the profile "Windows_10_MT_Windows_Security_hardening.hdc" - both EXE (TMP) and MSI files are allowed. In the old setting profile "Windows_10_MT_Windows_Security_hardening.hdc", only EXE (TMP) files are globally allowed.
Hi...
Do u suggest this or stable?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hi...
Do u suggest this or stable?
On Windows 10 64-bit, it can be treated as a stable version. Please read carefully the update info displayed at the end of installation.
If one wants to use the Recommended Settings from the H_C ver. 5.0.0.0 then these settings are included in Windows_10_Strict_Recommended profile.

The new Recommended Settings use <Update Mode> (not available in stable version), which allows EXE and MSI files in ProgramData and user AppData folders - other files are still blocked there.
The Strict_Recommended profiles for Windows 8+ do not allow EXE and MSI files in ProgramData and user AppData folders.
The Basic_Recommended profiles allow EXE and MSI files everywhere.

Good night.:)
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top