Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

Just a couple of stupid questions @Andy Ful
...
With regards to 7, do I need to do anything? I'm just no fully understanding "update your archiver and email client".

Thanks,
...
7. Please update your archiver application and email client. In the Recommended
Settings the below applications are supported:
Archivers: Windows built-in Zip archiver, 7-Zip, ALZip, Bandizip, B1
Free Archiver, Explzh, ExpressZip, IZArc, PeaZip, PKZip, PowerArchiver,
WinRar, WinZip.
EmailClients: Mail for Windows 10 (Windows app), Outlook, Claws-mail,
eM Client, Foxmail, Hiri, Mailspring, PostBox, Spike, Thunderbird, and
any online email client

Simply, if you use 7-Zip (as archiver application) and Mailspring (as email client) then update these applications. The older versions may use different folders to unpack & run files. The H_C blocks properly the execution from packed files (archives) and from email attachments, for current versions of 7-Zip and Mailspring.

 

[ErzCrz]

Simply, if you use 7-Zip (as archiver application) and Mailspring (as email client) then update these applications. The older versions may use different folders to unpack & run files. The H_C blocks properly the execution from packed files (archives) and from email attachments, for current versions of 7-Zip and Mailspring.

Ah great thanks. I use Windows mail and built-in archiver so already up-to-date

 

[Reldel1]

Hello Andy, congratulations on your newest version. Using all your creations on all my computers now for 21/2 years, never an infection or any significant problems. I used SRP since about 2007 and you have made it simplified and easy to implement for all of us. Combined with Config Defender, firewall rules and default deny, home computer security has never been better or simpler to achieve.

Thank you again Andy.

 

[South Park]

I uninstalled the old version and clean installed H_C and C_D, did 2 reboots, everything working fine so far. Thanks, @Andy Ful for continuing to maintain and update this wonderful security software.

 

[Nautilus]

Hi Andy just installed the latest beta and it went smooth as butter , thanks for the improvements as for the documents anti exploit goes ; will there be more softwares added in the future besides microsoft office and adobe reader? I am using open office and foxit reader at the moment , thanks!

 

[Andy Ful]

I am using open office and foxit reader at the moment , thanks!

Both applications are very rarely exploited and most of the possible payloads will be prevented by H_C settings. So, do not worry - you are well protected. Anyway, I do not exclude the possibility of extending DAE to cover some other applications.

 

[Nautilus]

Both applications are very rarely exploited and most of the possible payloads will be prevented by H_C settings. So, do not worry - you are well protected. Anyway, I do not exclude the possibility of extending DAE to cover some other applications.

thansk for being so actively involved , develloping your own brainchild! it really is a nice tool to beef up security on the native protections ( defender ) and the rest of the operating system! very much apreciated from my side!!

 

[proxyx]

Hi Andy Ful,

First, thank you for the amazing software that is H_C. It's replaced my entire suite of anti-malware tools sans some ondemand scanning bits. Absolutely terrific.
I have one issue with the software that is most likely an I/O problem. When I enable the Start logging events option in the firewall hardening module, I get no events when I hit Blocked Events. I do see 5152 events in the event viewer, however.

Any tips to get that displaying correctly?

Thanks
proxyx

 

[Andy Ful]

Hi Andy Ful,

First, thank you for the amazing software that is H_C. It's replaced my entire suite of anti-malware tools sans some ondemand scanning bits. Absolutely terrific.
I have one issue with the software that is most likely an I/O problem. When I enable the Start logging events option in the firewall hardening module, I get no events when I hit Blocked Events. I do see 5152 events in the event viewer, however.

Any tips to get that displaying correctly?

Thanks
proxyx

Are these events related to outbound connections or inbound connections?

 

[proxyx]

These would be inbound connections.

 

[Andy Ful]

These would be inbound connections.

So it is OK. FirewallHardening shows blocked outbound connections.

 

[Back3]

I've been using Eset Internet Security for a week. Just for fun. Hips set on Smart Mode.So far so good. Would the addition of H_C add something useful to my protection? Would it be overkill? Thanks.

 

[Chri.Mi]

I've been using Eset Internet Security for a week. Just for fun. Hips set on Smart Mode.So far so good. Would the addition of H_C add something useful to my protection? Would it be overkill? Thanks.

I would use in any setup, i consider hard configurator like an app for fix and improve settings in windows.

 

[Andy Ful]

I've been using Eset Internet Security for a week. Just for fun. Hips set on Smart Mode.So far so good. Would the addition of H_C add something useful to my protection? Would it be overkill? Thanks.

Many users can use Eset on default settings, if they are sufficiently cautious. Most MT members can use tweaked Eset without additional protection. The tweaks should restrict/block scripting malware and some popular LOLBins. If such tweaks would be problematic due to blocking some important user applications, then one can use the H_C Basic_Recommended profile and whitelist the blocked (but safe) scripts.

 

[Vitali Ortzi]

I would use in any setup, i consider hard configurator like an app for fix and improve settings in windows.

If you have an AV with application control it's almost the same thing just without such thoughtful prebuilt rules like in Andy Ful H_C.

Many users can use Eset on default settings, if they are sufficiently cautious. Most MT members can use tweaked Eset without additional protection. The tweaks should restrict/block scripting malware. If such tweaks would be problematic due to blocking some important user applications, then one can use the H_C Basic_Recommended profile and whitelist the blocked (but safe) scripts.

Even some of my SEP policies I ported from H_C XD.

 

[Back3]

I have installed H_C with Eset. Just whitelisted Eset Program Data. And a few folders.I already had whitelisted the folder where I put H_C ( Eset HIPS).No issues so far.

I have SysHardener outbound firewall rules on my PC. I don't have SH anymore on my system but I have ketpt the firewall rules. In H_C, a lot of the recoomended firewall rules are the same but some are different. I don't want to check every rule. So is it OK just to add all H_C recommended firewall rules ?

 

[SeriousHoax]

I have SysHardener outbound firewall rules on my PC.

Are you using ESET Nod32? Then it's ok since it doesn't have any firewall. If you're using ESET Internet Security then you need to create those rule in ESET Firewall.

 

[Back3]

Are you using ESET Nod32? Then it's ok since it doesn't have any firewall. If you're using ESET Internet Security then you need to create those rule in ESET Firewall.

I have Eset IS. I just checked Windows firewall and I can see a list created by SysHardener and a list created by H_C.

 

[SeriousHoax]

I have Eset IS. I just checked Windows firewall and I can see a list created by SysHardener and a list created by H_C.

It's normal but those won't work when you have ESET Firewall enabled. You have to create your own rules in ESET Firewall to block those.
Here's a guide that should help you: [KB6132] Configure Firewall rules for ESET Endpoint Security to protect against ransomware

 

[Back3]

What I did: with my Eset license, I can go back from Internet security to Nod 32 antivirus in 30 seconds. I did that. Then with Firewall App Blocker I deleted SysHardener outbound firewall rules. I then enabled H_C recommended firewall rules. Checked Windows firewall rules. Every rules are there. SeriousHoax, thank you, you gave me the hint....
I think I will keep Nod 32 with H_C.