Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Coincidentally I got an alert that CFA blocked cleanmgr.exe after installing Windows updates but cleanmgr still executed successfully without whitelisting. My view is that CFA alerts are not always accurate and can be sometimes be ignored.
CFA does not kill or stop the work of applications. It only prevents them to make changes in the protected folders. Usually, the cleanmgr should not do anything in data folders. So, the alert was OK. Most of these alerts are only informative. You can look at it as the reincarnation of VoodooShield (although VS is more informative).:)
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
CFA does not kill or stop the work of applications. It only prevents them to make changes in the protected folders. Usually, the cleanmgr should not do anything in data folders. So, the alert was OK. Most of these alerts are only informative. You can look at it as the reincarnation of VoodooShield (although VS is more informative).:)
Most of the time I can understand the alerts and know what to do.
Gecontroleerde mappentoegang heeft C:\Program Files\HitmanPro\HitmanPro.exe geblokkeerd voor het aanbrengen van wijzigingen in het geheugen.
Detectietijd: 2020-05-12T19:21:15.406Z
Gebruiker: NITRO\Gandalf
Pad: \Device\HarddiskVolume4
Procesnaam: C:\Program Files\HitmanPro\HitmanPro.exe
Versie van beveiligingsinformatie: 1.315.501.0
Engineversie: 1.1.17000.7
Productversie: 4.18.2004.6
HimanPro has to get access if you use it as second opinion scanner.

But this one puzzles me:
Gecontroleerde mappentoegang heeft C:\Windows\System32\taskhostw.exe geblokkeerd voor het aanbrengen van wijzigingen in het geheugen.
Detectietijd: 2020-05-13T12:34:36.452Z
Gebruiker: NT AUTHORITY\SYSTEM
Pad: \Device\CdRom0
Procesnaam: C:\Windows\System32\taskhostw.exe
Versie van beveiligingsinformatie: 1.315.565.0
Engineversie: 1.1.17000.7
Productversie: 4.18.2004.6
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
...
But this one puzzles me:
Gecontroleerde mappentoegang heeft C:\Windows\System32\taskhostw.exe geblokkeerd voor het aanbrengen van wijzigingen in het geheugen.
Detectietijd: 2020-05-13T12:34:36.452Z
Gebruiker: NT AUTHORITY\SYSTEM
Pad: \Device\CdRom0
Procesnaam: C:\Windows\System32\taskhostw.exe
Versie van beveiligingsinformatie: 1.315.565.0
Engineversie: 1.1.17000.7
Productversie: 4.18.2004.6
The executable taskhostw.exe is for starting the Windows Services based on DLLs (kinda similar to svhost.exe). Probably some application which uses a service tries to access the protected folders.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,872
@Gandalf_The_Grey Something puzzles you? You're a wizard! :LOL:
Your punishment for making this comment:
gandalf.gif
 

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
The executable taskhostw.exe is for starting the Windows Services based on DLLs (kinda similar to svhost.exe). Probably some application which uses a service tries to access the protected folders.
Okay, thanks, but now I still don't know if I should allow it.
How can I find out more?
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,792
There is no protection against ransomware In WD default settings. To get it you have to activate:
  1. ASR rules, WD Network Protection and FirewallHardening rules that can prevent many ransomware attacks,
  2. Controlled Folder Access, which is strictly anti-ransomware protection. It has to be properly configured, because only the folders added to CFA will be protected.
If you use WD + H_C Recommended Settings on Windows 10 + ConfigureDefender HIGH Protection level + FirewallHardening (Recommended H_C rules), then 0-day malware (including ransomware) and most exploits are prevented from running, so you do not need additional anti-ransomware protection (except backups).

Please note, that Hard_Configurator design is intended to protect the computers in the home environment. If the computer is connected to the enterprise network, the H_C settings for SRP can be bypassed by the high privileged worms from the local network. In such attacks, the only protection will come from WD ASR rules, WD Network Protection, and FirewallHardening rules (if Windows Firewall is not turned off by 3rd party firewall).

EXCELLENT! thanks @Andy Ful , @Gandalf_The_Grey, @security123
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
I started the new project based on H_C. It will be named CUP (Casual User Protection).
For now, it looks like:

CUP.png


From the "Settings" menu the user will be allowed to download the predefined H_C setting profile and display the current settings. There will not be possible to tweak the particular settings.
 

Attachments

  • CUP.png
    CUP.png
    8.5 KB · Views: 206

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,704
From the "Settings" menu the user will be allowed to download the predefined H_C setting profile and display the current settings. There will not be possible to tweak the particular settings.

Very nice, and user-friendly! Bravo! (y)(y) Combined with RunBySmartscreen you will have a real winner.

I always imagine when you aren't posting on MT you are hard at work in your "shop", like Santa Claus but without the elves! :D
 
Last edited:

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
271
I started the new project based on H_C. It will be named CUP (Casual User Protection).
For now, it looks like:

View attachment 240081

From the "Settings" menu the user will be allowed to download the predefined H_C setting profile and display the current settings. There will not be possible to tweak the particular settings.
Interesting, Andy.

May even just prefer this over H_C on my basic prod setup, as I am after maximum simplicity there.
Obviously Software Restriction Policies = SRP in H_C, but Windows Hardening = Restrictions in H_C? (If so, IMO that term may also be clearer to use in H_C interface button).
Excuse my ignorance but CUP would not include Firewall Hardening or ConfigureDefender - and the latter would be run seperately?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
CUP is strictly related to H_C. In fact, it is H_C with simplified GUI.

CUP1.png


I think that ConfigureDefender and FirewallHardening will not be included. One can use the standalone versions available on the H_C GitHub website.
 
F

ForgottenSeer 85179

I think that ConfigureDefender and FirewallHardening will not be included. One can use the standalone versions available on the H_C GitHub website.
So what is your plan for future?

Still building ConfigureDefender, FirewallHardening and Hard_Configurator beside CUP? Or move Hard_Configurator fully into CUP ?

I like Hard_Configurator as control center for all 3 tools so i hope that will not changed with CUP. Maybe a advanced option would fit that
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
So what is your plan for future?

Still building ConfigureDefender, FirewallHardening and Hard_Configurator beside CUP? Or move Hard_Configurator fully into CUP ?

I like Hard_Configurator as control center for all 3 tools so i hope that will not changed with CUP. Maybe a advanced option would fit that
The CUP contains all H_C code, but uses a simple GUI. The H_C is for advanced users. It is very flexible and allows adjusting many of particular options. But, for many users, it is too complex and overwhelming. Most of them want to apply a well-proven setting profile, without going into details - the CUP is just for them. Furthermore, with CUP the user cannot spoil the settings by changing some options.
 

cryogent

Level 7
Verified
Well-known
Oct 1, 2016
311
Hi Andy Ful, i have one question, I saw that the version of FirewallHardening in H_C beta 5.1.1.1 is 1.0.1.1 and the one on GitHub is 1.1.1.1, can the old executable be replaced with the new one directly in the folder where H_C is installed? is there any reason for incompatibility?
Same question for DocumentsAntiExploit.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top