Hard_Configurator - Windows Hardening Configurator

Marana

Marana

Level 1
Verified
Jan 21, 2018
48
Andy Ful said:
What is new? (as compared to stable version 5.0.0.0)

Version 5.0.1.1
  • - -
  • Removed the "All files" SRP Enforcement setting due to possible incompatibilities with 3rd party security solutions. Furthermore, this setting is not used in Hard_Configurator predefined profiles and it is not well integrated with Recommended Settings on Windows 8+.
  • - -
Click to expand...
@Andy Ful I wonder if you could consider keeping this feature available in H_C?

Especially now, when considering the coming CUP and SSS for more casual users, I think that H_C will be profiled towards more advanced users that can be considered responsible for what they do with H_C.

I have been blocking User Space DLLs for years, already in times I was still using SSRP, and have never had any problems with that. And should one ever meet any problems, it would always be easy to switch off that extra layer of protection...
 
  • Like
Reactions: Protomartyr, simmerskool, Andy Ful and 1 other person
sepik

sepik

Level 11
Verified
Well-known
Aug 21, 2018
505
Hello,
Does H_C disable wscript by using registry key? How about, if malware reverts it back by using reg add command line(cmd)? How i can protect wscript registry key? I've already disabled powershell, powershell_ISE via local group policy editor.
 
  • Like
Reactions: Protomartyr, oldschool and Gandalf_The_Grey
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
Marana said:
@Andy Ful I wonder if you could consider keeping this feature available in H_C?
...
I have been blocking User Space DLLs for years, already in times I was still using SSRP, and have never had any problems with that. And should one ever meet any problems, it would always be easy to switch off that extra layer of protection...
Click to expand...
The 'All files' enforcement can be still used, by an advanced user (after making the setup via the H_C and closing H_C) by a simple reg tweak:
[HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"TransparentEnabled"= dword:00000002

I am sorry, but I cannot keep it in H_C, because it can be a source of the hidden incompatibilities that are hard to find out. For example, I noticed that blocking DLLs feature is incompatible with some AVs (like Avast) and some Microsoft applications (like OneDrive Personal Vault). This does not follow from blocking any particular DLL, so it cannot be solved by whitelisting DLLs. Furthermore, the .NET DLLs and DLLs loaded by some other popular methods (like reflective DLL injection) cannot be blocked by SRP, so this feature is not as useful as in times of Windows Vista and can give the user a false sense of security. The user has to use something else (AppLocker, WD Application Control, etc.) to block DLLs or apply SRP setup which makes using malicious DLLs improbable.(y)
 
Last edited:
  • Like
  • +Reputation
Reactions: South Park, Protomartyr, plat and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
sepik said:
Hello,
Does H_C disable wscript by using registry key? How about, if malware reverts it back by using reg add command line(cmd)? How i can protect wscript registry key? I've already disabled powershell, powershell_ISE via local group policy editor.
Click to expand...
Yes, by <Block Windows Script Host>. As any Windows Policy, it can be reverted by malware running with high privileges. Of course, the H_C setup is for preventing such events like running the malware in the first place, and allowing it to elevate in the second place.
If you are using GPO to block something, then please do not use H_C to block the same thing (GPO can revert the H_C settings due to Refresh Feature).
 
  • Like
Reactions: South Park, Protomartyr, ForgottenSeer 85179 and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
Chri.Mi said:
@Andy Ful Can u do something about it?
Click to expand...
I have got an answer from McAfee:
mcafee.png

They say:
"Dear Sir/madam,

When we checked the certificate status of the below reported file , its having valid digitalcertificate
File’s certificate is valid.
...
Based on below mail , your customers are getting error as “invalid signer” , because of the root certificate is installed in their system.

Please contact the certificate authority in order to sort out this issue.

Thanks"

Being honest, the information is not clear to me, except that the certificate of the installer (Hard_Configurator_beta_setup_5.1.1.1.exe) is OK.
 
  • Like
  • Wow
Reactions: South Park, simmerskool, Protomartyr and 6 others
Chri.Mi

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Andy Ful said:
I have got an answer from McAfee:
View attachment 241975
They say:
"Dear Sir/madam,

When we checked the certificate status of the below reported file , its having valid digitalcertificate
File’s certificate is valid.
...
Based on below mail , your customers are getting error as “invalid signer” , because of the root certificate is installed in their system.

Please contact the certificate authority in order to sort out this issue.

Thanks"

Being honest, the information is not clear to me, except that the certificate of the installer (Hard_Configurator_beta_setup_5.1.1.1.exe) is OK.
Click to expand...
For what i understand, reading web, a certification authority is missing (a third part society that confirm that a file signed come from a trusted proprietary, something like verisign,etc). Talking generally, have a digital signed file dont means it is safe, but some1 need to "review" that file.
Anyway thanks for the help @Andy Ful
 
  • Like
Reactions: Protomartyr, Andy Ful and Gandalf_The_Grey
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
Chri.Mi said:
For what i understand, reading web, a certification authority is missing (a third part society that confirm that a file signed come from a trusted proprietary, something like verisign,etc). Talking generally, have a digital signed file dont means it is safe, but some1 need to "review" that file.
Anyway thanks for the help @Andy Ful
Click to expand...
There are three types of certificates in Certum (which sold this certificate): open source (cheap), standard (not cheap), EV (expensive). The verification of the open-source certificate is made in the case of H_C only by Certum. It seems that McAfee AV does not accept the open-source certificates, probably due to the requirement of additional confirmation.
The EV certificate has to be additionally accepted by Microsoft and then it is automatically accepted by SmartScreen. The open-source and standard certificates have to gain a good reputation first and then they are automatically accepted by SmartScreen. I did not check the details of the standard certificate.
Anyway, in this moment the H_C certificate is automatically accepted by SmartScreen like the EV certificate.
 
  • Like
Reactions: simmerskool, Protomartyr, plat and 2 others
Chri.Mi

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
Andy Ful said:
There are three types of certificates in Certum (which sold this certificate): open source (cheap), standard (not cheap), EV (expensive). The verification of the open-source certificate is made in the case of H_C only by Certum. It seems that McAfee AV does not accept the open-source certificates, probably due to the requirement of additional confirmation.
The EV certificate has to be additionally accepted by Microsoft and then it is automatically accepted by SmartScreen. The open-source and standard certificates have to gain a good reputation first and then they are automatically accepted by SmartScreen. I did not check the details of the standard certificate.
Anyway, in this moment the H_C certificate is automatically accepted by SmartScreen like the EV certificate.
Click to expand...
So the point is or them no like certum or them no like the open source certificates, if i understand correctly
 
  • Like
Reactions: Protomartyr and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
Chri.Mi said:
So the point is or them no like certum or them no like the open source certificates, if i understand correctly
Click to expand...
If I have bought the standard or EV certificate in Certum it would be as good as from any other vendor. These certificates (especially EV) require extended verification.
Most malware uses the stolen standard certificates, but of course the same might be true for open-source certificates. The most dangerous malware can use the stolen EV certificate (automatically bypasses SmartScreen).
 
Last edited:
  • Like
Reactions: simmerskool, Tiny, Protomartyr and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
Chri.Mi said:
Mcafee Endpoint dont like the beta version, still continue to isolate it. This not happen to stable version. Another thing is dont like the sign of hard configurator and sumatrapdf
Click to expand...
It seems that there is no problem with McAfee Total Protection. I installed the trial version 16.0 R25 and can use H_C without any alerts from McAfee. Unfortunately, I cannot see any option to check the certificate (probably the file has to be first added to the quarantine).
 
  • Like
Reactions: ForgottenSeer 85179, harlan4096, simmerskool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
I can also run the new compiled H_C executables on McAfee Total Security. It is very nice to H_C, because WD usually detects H_C as a trojan, until I submit the executables to whitelisting.
So, the McAfee Endpoint version complains probably due to some ATP modules, that are absent in Total Security.
 
  • Like
Reactions: ForgottenSeer 85179, harlan4096, simmerskool and 1 other person
P

PotentialUser

Level 1
May 28, 2020
35
Andy Ful said:
Yes, for stable versions. No, for beta versions.

Install over the old version. Read the update info, follow update instructions.

Use <Load Profile> button to load the prebuild setting profile.

It is opensource.
Click to expand...

Thank you for your answers Andy! I have installed H_C on a VM and definitely am impressed by what I saw. I have some in-depth questions regarding Windows’ built in security. I have sent you a private message (PM) with those questions so I don’t de-rail the topic here. Those questions aren’t closely related to using H_C or Configure Defender; more like what exactly they automate. So I decided to PM you instead of posting them here.

If you have some free time, I would love to hear from you via PM regarding those questions. Anything you can share is always appreciated! If you don’t see them in your Inbox, it may be because I’m a new user on MT and my messages sometimes need “approval.” Please let me know either way though so I can re-send if necessary. Many thanks again :)
 
  • Like
Reactions: Andy Ful, Gandalf_The_Grey, South Park and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,497
Chri.Mi said:
Not using anymore.
Click to expand...
It seems that the endpoint version has some ATP module that can isolate "not trusted" applications:

McAfee Support – The Page You Are Looking for Has Been Moved

kc.mcafee.com kc.mcafee.com
Such solutions can block many legal applications unless the additional root certificates are installed in the system. So, I think that the problem could be solved by installing the Certum Root Certificate.
But, the H_C is not intended to work in the enterprise environment, so the solution is purely theoretical.:)(y)
 
  • Like
Reactions: SeriousHoax, Vitali Ortzi, South Park and 7 others

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,435
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,130
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top