Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

@Andy Ful Can u do something about it?

I have sent the email to Symantec

SecurityResponse.Symantec@broadcom.com

Could you please, send-back the final information about this submission? Usually, I had such information in two days (I submitted the files over two weeks ago).
There is also another problem. The customers report that the digital certificate of Hard_Configurator executables is wrongly recognized as invalid (see the attachment).
Thank you.

 

[sepik]

Yes, its kind of a ask all firewall, i does not care if its signed etc and theres no learning mode, because of its unmaged client firewall.
Tried to assoc .hta -> to open notepad. It works, but if you do command prompt mshta c:\temp\malware.hta it runs and makes an outbound connection and SEP firewall alerted it.
NVT Registry Guard seems to be pretty good infact, i've protected wscript registry key and some autorun entries that Spyshelter Free HIPS does not.

Regards,
-sepi

 

[Chri.Mi]

I have sent the email to Symantec

SecurityResponse.Symantec@broadcom.com

Could you please, send-back the final information about this submission? Usually, I had such information in two days (I submitted the files over two weeks ago).
There is also another problem. The customers report that the digital certificate of Hard_Configurator executables is wrongly recognized as invalid (see the attachment).
Thank you.
View attachment 241405

Is not Symantec, is Mcafee

 

[Chri.Mi]

Mcafee Endpoint dont like the beta version, still continue to isolate it. This not happen to stable version. Another thing is dont like the sign of hard configurator and sumatrapdf

I had post about Mcafee, i think i have confused u a bit, i'm sorry for that.

 

[Andy Ful]

Is not Symantec, is Mcafee

Ha, ha. I have been lost because of the many posts related to Symantec.

 

[Andy Ful]

...
Tried to assoc .hta -> to open notepad. It works, but if you do command prompt mshta c:\temp\malware.hta it runs and makes an outbound connection and SEP firewall alerted it.
NVT Registry Guard seems to be pretty good infact, i've protected wscript registry key and some autorun entries that Spyshelter Free HIPS does not.

Regards,
-sepi

You can simply block mshta via the H_C <Block Sponsors> option. Please note, that this will prevent whitelisting HTA files.
Anyway, it is not necessary when you use the H_C Recommended Settings, because these settings will prevent the command-lines like "mshta c:\temp\malware.hta".

 

[sepik]

@Andy Ful
Thanks for the tip!

Regards,
-sepik

 

[Andy Ful]

@Andy Ful Can u do something about it?

I have sent the long questionnaire to:

Trellix | Revolutionary Threat Detection and Response

Enhance your cybersecurity resilience with XDR. Detect and respond to threats quickly, modernize SecOps, and defend against ransomware.

www.mcafee.com

 

[Chri.Mi]

@Andy Ful
Andy i have a suggestion about hard configurator. I see almost all zones are covered. Do u think is possible after hard configurator, firewall hardening, configure defender and exploit protection, make a new step: hardening browsers (edge:flags)?

 

[Andy Ful]

@Andy Ful
Andy i have a suggestion about hard configurator. I see almost all zones are covered. Do u think is possible after hard configurator, firewall hardening, configure defender and exploit protection, make a new step: hardening browsers (edge:flags)?

I could do it If there was good documentation of these flags. Edge Chromium probably uses many of these flags (see the Default setting) and there is no information about how most flags can impact the browsing performance.

 

[Chri.Mi]

I think in MalwareTips should be some1 that "play" with this settings xD

 

[Digmor Crusher]

But do you think that it would be something that you would want to spend your time on Andy? Would it be worthwhile?

 

[Andy Ful]

But do you think that it would be something that you would want to spend your time on Andy? Would it be worthwhile?

Yes, I think so. But, it is possible that Microsoft already uses those flags that increase security without much performance impact.

 

[Andy Ful]

browser flags are a moving target ... is ridiculous you will have to keep track of all the flags across multiple browsers in preview builds all that work for virtual zero security gain

Yes, that is the danger of using flags without knowing how they exactly work and how they can impact the performance. Anyway, some of them can be probably useful.

 

[oldschool]

your little fans

????????????????/ New member?????????? Doubtful.

Andy, browser flags should have no place in H_C.

 

[Gandalf_The_Grey]

????????????????/ New member?????????? Doubtful.

Outrageous, I consider myself a big fan of @Andy Ful

 

[Tiny]

????????????????/ New member?????????? Doubtful.

Andy, browser flags should have no place in H_C.

Yeah, after a looong peaceful stretch on this forum, when we could engage in a civil and respectful manner, we get passive aggressive comments again. Sounds quite familiar.

Outrageous, I consider myself a big fan of @Andy Ful

Same here! Brilliant response, @Gandalf_The_Grey

 

[Andy Ful]

Outrageous, I consider myself a big fan of @Andy Ful

Ha, ha. I have interpreted "little fans" as the cooling fans in the computer. I always interpret the words in a positive meaning (if it is possible).

 

[PotentialUser]

The questions I was talking about in my other thread here: Q&A - Windows Defender w/ Hitman Pro Alert?

1. Does H_C have an in-built updater or do we need to manually install new versions by downloading the new EXEs? If manual, do you need to uninstall the old H_C program before installing the new version or just run the new EXE and it will update the old H_C program?

2. The Windows_10_Basic_Recommended_Settings is one of the pre-built modes or a button you need to click in the GUI? I’m not necessarily an advanced user but I’m not new either. I love going into my AV settings and configuring all the details. I spent quite some time training my old AV’s (ESET) HIPs, opening firewall ports I needed open, etc. Basically, I’m not afraid to get my hands dirty; I just like having a guide to get me started.

3. Is H_C and all components (Configure Defender, Firewall Hardening, etc) completely open-source or partially?

Thank you in advance!

@Andy Ful

 

[Andy Ful]

1. Does H_C have an in-built updater or do we need to manually install new versions by downloading the new EXEs?

Yes, for stable versions. No, for beta versions.

If manual, do you need to uninstall the old H_C program before installing the new version or just run the new EXE and it will update the old H_C program?

Install over the old version. Read the update info, follow update instructions.

2. The Windows_10_Basic_Recommended_Settings is one of the pre-built modes ...

Use <Load Profile> button to load the prebuild setting profile.

3. Is H_C and all components (Configure Defender, Firewall Hardening, etc) completely open-source or partially?

It is opensource.