- Apr 30, 2020
- 337
Mcafee Endpoint dont like the beta version, still continue to isolate it. This not happen to stable version. Another thing is dont like the sign of hard configurator and sumatrapdf
Last edited:
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,497
COVID issues.?
I wonder if Bitdefender and Symantec finally whitelisted H_C beta after my submissions many days ago?
- Aug 21, 2018
- 505
Hello,
I'm using SEP firewall, so H_C firewall rules does not work. I also disabled wscript via registry and powershell via group policy.
I also unassociated some file extensions, like .hta by using command prompt assoc command.
Is there any softwares that can protect some registry keys being modified? For example, wscript registry entry?
Regards,
-sepik
I'm using SEP firewall, so H_C firewall rules does not work. I also disabled wscript via registry and powershell via group policy.
I also unassociated some file extensions, like .hta by using command prompt assoc command.
Is there any softwares that can protect some registry keys being modified? For example, wscript registry entry?
Regards,
-sepik
- Apr 30, 2020
- 337
@Andy Ful Can u do something about it?
Attachments
Last edited:
- Apr 30, 2020
- 337
U wanna that alert u for every creation/execution/modification regardless if is safe or unsafe program? The custom rules of huorong can help u with that.
- Apr 30, 2020
- 337
Never tryed it. Give a look. Protect Registry Keys & Values with Registry Guard | NoVirusThanks
- Aug 21, 2018
- 505
- Dec 12, 2016
- 1,324
Since this is a Symantec /MacAfee related issue this is not the thread .
Please don't blot this thread thanks .
About Symantec unfortunately you can't write rules in the Unmanaged GUI .
You can try to run both windows and Symantec firewall combined
(not advised but should work perfectly fine).
Or modify the rules via SPEM.
I might port an Unmanaged policy with H_C firewall hardening rules applied in the future to mitigate this type of issue.
About MacAfee exclude H_C for now.
The fox
New Member
- May 19, 2020
- 6
Hi everyone
I need your help, I've got symantec endpoint protection self managed giveaway and f secure safe ligit account for a year.
I have an old laptop that I use to check bank and emails
I was told to use symantec firewall + windows defender with configure defender
So please what will be your choice for protection after a clean installation
I need your help, I've got symantec endpoint protection self managed giveaway and f secure safe ligit account for a year.
I have an old laptop that I use to check bank and emails
I was told to use symantec firewall + windows defender with configure defender
So please what will be your choice for protection after a clean installation
- Dec 12, 2016
- 1,324
Use only H_C configure defender on
Usually I recommend Symantec for those who don't have a UTM or connect on the go (laptop)
But since it's an old machine try just Andy tool +WFC/ simple Wall on a default deny Configuration.
- Apr 30, 2020
- 337
Not sure if the problem is mcafee or hard configurator. For what i understand the problem is how is signed hard configurator, and dunno if @Andy Ful have a solution for it.
About rules i am not understanding what rules are we talking about. Application control rules cannot be made in unmanaged client. Firewall rules can be managed instead.
- Dec 12, 2016
- 1,324
And I don't want anyone else to bloat Andy's thread with unrelated issues thanks.
- Dec 12, 2016
- 1,324
I think this will work for Symantec How to create a firewall rule on unmanaged Endpoint Protection client
But haven't tested or confirmed Symantec hasn't removed it from the GUI since then .
- Apr 30, 2020
- 337
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,497
Do you use H_C?
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,497
Thanks for reporting. It seems that your AV does not like the opensource code signing. I can ask Certum and Symantec why it is, so.
- Aug 21, 2018
- 505
@Andy Ful
Yes i'm using H_C, but for sure H_C Firewall rules does not work, because of SEP Firewall. I'm trying to add those H_C firewall block rules to SEP firewall.
Regards,
-sepik
- Dec 12, 2016
- 1,324
Did the link I share worked ?
If not use windows firewall for now I will update you when a port is ready.
- Apr 30, 2020
- 337
I am not sure this can be done. I was able to get prompt on SEP for every application try to connect to internet and chosen if allow or deny it.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,497
Why did you do it via registry tweak and GPO? You could do it via H_C. It is not good to mix the H_C rules with the same GPO rules.
The <Block PowerShell Scripts> option is set to ON in the Recommended Settings. The <Block Windows Script Host> option blocks wscript and cscript also for administrators.
The H_C Recommended Settings already block wscript and cscript by SRP restrictions for processes running with standard privileges and this allows whitelisting. You can additionally block wscript and cscript by the policy <Block Windows Script Host>, but then you cannot whitelist any script.
All these extensions (and many more) are already blocked by H_C. Did you use the option <Designated File Types> ?
The advantage of using H_C (SRP) for that is that you can whitelist a particular script or file with a blocked extension, if something requires it to work (some devices use scripts, .hta, etc.). When you unassociate the file extension, the whitelisting is not possible.
Similar threads
-
- Sticky
