paulderdash

Level 5
Last edited:

Andy Ful

Level 57
Verified
Trusted
Content Creator
Unzipping that file raised an eyebrow from EAM:

2020/05/24 10:30:57
Malware "Zum.Androm.1 (B)" detected and blocked on behalf of explorer.exe
Yes, it probably should block it. My programs are often blocked until I send them for whitelisting. These files are whitelisted by Avast and Windows Defender. I submitted them also to Symantec and Bitdefender, but these vendors do not send back-information about whitelisting.
 

Andy Ful

Level 57
Verified
Trusted
Content Creator
The CUP project is evolving. Here are some screenshots.

CUP with H_C (beta) Recommended Settings:
CUP.png


CUP2.png

The 4 Hardening Rules can be explicitly seen (3 Disabled and 'Adobe + VBA').
When one chooses the hardening option, for example, * Admin Windows Script Host * then the alert is displayed:
CUP3.png


After choosing <Disable>, the * Admin Windows Script Host * setting changes to Disabled.
CUP4.png


The number of Hardening Rules changes from 4 to 5.
CUP5.png


The "SRP Level" depends on EXE and MSI restrictions. It cannot be changed in CUP, but can be loaded via setting profile:
  • Level 1 - EXE and MSI files not blocked (like in the H_C profile: Basic Recommended Settings).
  • Level 2 - EXE files not blocked. MSI files blocked, except when in ProgramData or user AppData hidden folders (like in the H_C profile: Avast Hardened Mode Aggressive).
  • Level 3 - EXE and MSI files blocked in UserSpace, except when in ProgramData or user AppData hidden folders (like in the H_C Recommended Settings).
  • Level 4 - EXE and MSI files blocked in UserSpace (like in the H_C Strict Recommended Settings).
 
Last edited:

cryogent

Level 4
Verified
It's just my opinion...so don't shoot🙏... but the settings seem a bit confusing, at least for a non-geek / noob, I think it will be hard for them to choose which settings. I belive some predefined settings (profiles /Level 1 to 4) and a custom settings for advanced users will be more than enough.
 
Last edited:

Andy Ful

Level 57
Verified
Trusted
Content Creator
It's just my opinion...so don't shoot🙏... but the settings seem a bit confusing, at least for a non-geeek / noob, I think it will be hard for them to choose which settings. I belive some predefined settings (profiles /Level 1 to 4) and a custom settings for advanced users will be more than enough.
CUP will install with the Basic Recommended Settings, which have SRP Level 1 (EXE and MSI files not blocked) and some important Hardening Rules (like those from the previous post). There will be also a few predefined setting profiles (SRP Levels 1-4 with Hardening Rules) so the user will not usually need to tweak anything, just load the profile. One can consider these profiles as profiles with growing number of restrictions (from Level 1 to Level 4).

Anyway, there are some users who want to use PowerShell as Admin or like to prevent the elevation of unsigned executables, etc.. These users will have the ability to change the Hardening Rules. It is easy because there are only a few rules available.
 

Andy Ful

Level 57
Verified
Trusted
Content Creator
I thought there would only be one setup - Level One - like Windows_Security option in H_C. This looks like it will be confusing for the truly casual user, who may not know anything about User Space, Program Data or AppData.
Agree with OS, if the intent of this is that casual users will be able to use and understand this then the simpler the better, Off/On, levels of protection, that's it, they don't need to have to try to figure out what should be allowed or disabled. Of course what do I know, Andy is the genius not I.
I think, that the term "Casual User Protection" may be misunderstood. The casual users should not touch anything that can be configured on Windows 10, because this would end not good for them. The casual user is a target for whom the hardened setup is made.

The CUP is not intended to be configured by casual users, but by semi-advanced users on the computers of casual users. Of course, if the semi-advanced user wants, then he/she may configure his/her own computer too.
The CUP is a simpler version of Hard_Configurator - the H_C is intended for advanced users, because it is rather complex and requires some knowledge to create a sensible custom setup.
 
Last edited:

paulderdash

Level 5
I think, that the term "Casual User Protection" may be misunderstood. The casual users should not touch anything that can be configured on Windows 10, because this would end not good for them. The casual user is a target for whom the hardened setup is made.

The CUP is not intended to be configured by casual users, but by semi-advanced users on the computers of casual users. Of course, if the semi-advanced user wants, then he/she may configure his/her own computer too.
The CUP is a simpler version of Hard_Configurator - the H_C is intended for advanced users, because it is rather complex and requires some knowledge to create a sensible custom setup.
I had indeed (also) misunderstood.

Thanks for clarifying your meaning and intention of 'Casual User Protection' (CUP).
 

Andy Ful

Level 57
Verified
Trusted
Content Creator
It is possible to make something even simpler, like CUP with only SRP Level 1 and predefined (not configurable) Hardening Rules for disabling remote access and SMB1 protocol. Anyway, there should be still some configurable Hardening Rules like disabling/enabling
* Run as administrator *, * Elevate Unsigned Executables*, and * Documents Anti-Exploit *.
 

Andy Ful

Level 57
Verified
Trusted
Content Creator
It is possible to make something even simpler, like CUP with only SRP Level 1 and predefined (not configurable) Hardening Rules for disabling remote access and SMB1 protocol. Anyway, there should be still some configurable Hardening Rules like disabling/enabling
* Run as administrator *, * Elevate Unsigned Executables*, and * Documents Anti-Exploit *.
It would have the advantage to be a portable application. I have already the name for it:
Simple Stupid Security :)
I think, that it could work with SRP set to block the programs started with high privileges. It would be slightly stronger as compared to SysHardener default settings.
 
Last edited:

Protomartyr

Level 4
Verified
I would replace the "stupid" because of language.
I have to agree with this. I know there are some that avoid software that use "unprofessional" language even if the functionality is perfect. The names "ConfigureDefender" and "Hard_Configurator" have a sense of professionalism and trust. Perhaps something like Simple Windows Security would fare better.

I'm going to be using it regardless of whatever you choose to call it since I love your work!
 

Andy Ful

Level 57
Verified
Trusted
Content Creator
The name is not so important, but I really like it. So, we will see. I can always change the name to something like "Simple Windows Hardening", "Simple Windows Security", etc. I do not think that in the case of such an application, the name should be attractive. On the contrary, it should not. The user should use it, because of its protection and good reputation. In this way, there will be fewer disappointed users, who used it because they had anything better to do.:)
 
Top