Hard_Configurator - Windows Hardening Configurator

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
I'm using SEP firewall, so H_C firewall rules does not work. I also disabled wscript via registry and powershell via group policy.
I also unassociated some file extensions, like .hta by using command prompt assoc command.
Is there any softwares that can protect some registry keys being modified? For example, wscript registry entry?

Regards,
-sepik
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337

Attachments

  • 1.PNG
    1.PNG
    18.3 KB · Views: 204
  • 2.PNG
    2.PNG
    14.3 KB · Views: 201
Last edited:

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Hello,
I'm using SEP firewall, so H_C firewall rules does not work. I also disabled wscript via registry and powershell via group policy.
I also unassociated some file extensions, like .hta by using command prompt assoc command.
Is there any softwares that can protect some registry keys being modified? For example, wscript registry entry?

Regards,
-sepik
U wanna that alert u for every creation/execution/modification regardless if is safe or unsafe program? The custom rules of huorong can help u with that.
 
  • Like
Reactions: Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,596
Hello,
I'm using SEP firewall, so H_C firewall rules does not work. I also disabled wscript via registry and powershell via group policy.
I also unassociated some file extensions, like .hta by using command prompt assoc command.
Is there any softwares that can protect some registry keys being modified? For example, wscript registry entry?

Regards,
-sepik
Mcafee Endpoint dont like the beta version, still continue to isolate it. This not happen to stable version. Another thing is dont like the sign of hard configurator and sumatrapdf

Since this is a Symantec /MacAfee related issue this is not the thread .
Please don't blot this thread thanks .
About Symantec unfortunately you can't write rules in the Unmanaged GUI .
You can try to run both windows and Symantec firewall combined
(not advised but should work perfectly fine).
Or modify the rules via SPEM.

I might port an Unmanaged policy with H_C firewall hardening rules applied in the future to mitigate this type of issue.


About MacAfee exclude H_C for now.
 

The fox

New Member
May 19, 2020
6
Hi everyone
I need your help, I've got symantec endpoint protection self managed giveaway and f secure safe ligit account for a year.
I have an old laptop that I use to check bank and emails
I was told to use symantec firewall + windows defender with configure defender
So please what will be your choice for protection after a clean installation
 
  • +Reputation
Reactions: Vitali Ortzi

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,596
Hi everyone
I need your help, I've got symantec endpoint protection self managed giveaway and f secure safe ligit account for a year.
I have an old laptop that I use to check bank and emails
I was told to use symantec firewall + windows defender with configure defender
So please what will be your choice for protection after a clean installation
Use only H_C configure defender on
Usually I recommend Symantec for those who don't have a UTM or connect on the go (laptop)
But since it's an old machine try just Andy tool +WFC/ simple Wall on a default deny Configuration.
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Since this is a Symantec /MacAfee related issue this is not the thread .
Please don't blot this thread thanks .
About Symantec unfortunately you can't write rules in the Unmanaged GUI .
You can try to run both windows and Symantec firewall combined
(not advised but should work perfectly fine).
Or modify the rules via SPEM.

I might port an Unmanaged policy with H_C firewall hardening rules applied in the future to mitigate this type of issue.


About MacAfee exclude H_C for now.
Not sure if the problem is mcafee or hard configurator. For what i understand the problem is how is signed hard configurator, and dunno if @Andy Ful have a solution for it.
About rules i am not understanding what rules are we talking about. Application control rules cannot be made in unmanaged client. Firewall rules can be managed instead.
 
  • Like
Reactions: Protomartyr

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,596
Not sure if the problem is mcafee or hard configurator. For what i understand the problem is how is signed hard configurator, and dunno if @Andy Ful have a solution for it.
About rules i am not understanding what rules are we talking about. Application control rules cannot be made in unmanaged client. Firewall rules can be managed instead.
I think this will work for Symantec How to create a firewall rule on unmanaged Endpoint Protection client
But haven't tested or confirmed Symantec hasn't removed it from the GUI since then .
 
  • Like
Reactions: [correlate]

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,599
Hello,
I'm using SEP firewall, so H_C firewall rules does not work. I also disabled wscript via registry and powershell via group policy.
I also unassociated some file extensions, like .hta by using command prompt assoc command.
Is there any softwares that can protect some registry keys being modified? For example, wscript registry entry?

Regards,
-sepik
Do you use H_C?
 

Vitali Ortzi

Level 26
Verified
Top Poster
Well-known
Dec 12, 2016
1,596
@Andy Ful
Yes i'm using H_C, but for sure H_C Firewall rules does not work, because of SEP Firewall. I'm trying to add those H_C firewall block rules to SEP firewall.

Regards,
-sepik
Did the link I share worked ?
If not use windows firewall for now I will update you when a port is ready.
 

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
@Andy Ful
Yes i'm using H_C, but for sure H_C Firewall rules does not work, because of SEP Firewall. I'm trying to add those H_C firewall block rules to SEP firewall.

Regards,
-sepik
I am not sure this can be done. I was able to get prompt on SEP for every application try to connect to internet and chosen if allow or deny it.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,599
...
I also disabled wscript via registry and powershell via group policy.
...
Why did you do it via registry tweak and GPO? You could do it via H_C. It is not good to mix the H_C rules with the same GPO rules.
P_WSH.png

The <Block PowerShell Scripts> option is set to ON in the Recommended Settings. The <Block Windows Script Host> option blocks wscript and cscript also for administrators.
The H_C Recommended Settings already block wscript and cscript by SRP restrictions for processes running with standard privileges and this allows whitelisting. You can additionally block wscript and cscript by the policy <Block Windows Script Host>, but then you cannot whitelist any script.

...
I also unassociated some file extensions, like .hta by using command prompt assoc command.
...
All these extensions (and many more) are already blocked by H_C. Did you use the option <Designated File Types> ?

DFT.png


The advantage of using H_C (SRP) for that is that you can whitelist a particular script or file with a blocked extension, if something requires it to work (some devices use scripts, .hta, etc.). When you unassociate the file extension, the whitelisting is not possible.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top