Hard_Configurator - Windows Hardening Configurator

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,707
@Andy Ful I have a question regarding this snippet:

"... Summing up. SRP (block as standard user) + some Windows hardening can be more preventive (larger blocking area) but other programs (block also as admin) can have larger mitigation area.
The first is (in my opinion) better suited for home users, and the second is better in Enterprises (or maybe for advanced users). Here is a simple example:
When the user is going to open the downloaded CHM file it will be immediately blocked by SRP (the first scenario). In the second scenario, Windows will try to execute the sponsor hh.exe and this can be allowed/mitigated/blocked by the security program (Excubits drivers, AppGuard). ..."

What does "some Windows hardening" refer to specifically? I haven't found a clear list in any of the relevant threads. Thanks in advance, as always. :)(y)
 
F

ForgottenSeer 85179

What does "some Windows hardening" refer to specifically?
Blocking sponsors & scripts, Defender ASR, SmartScreen, ...
All that hardening stuff is good for normal/ admin account while in a restricted (with SRP) it's not so important as the execution is always blocked.
In normal account the restrictions aren't so high and windows try to open more files like in the chm example you quoted. Hope that helps and I hope I wrote that fine @andy :D
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,601
@Andy Ful I have a question regarding this snippet:
"...
When the user is going to open the downloaded CHM file it will be immediately blocked by SRP (the first scenario). In the second scenario, Windows will try to execute the sponsor hh.exe and this can be allowed/mitigated/blocked by the security program (Excubits drivers, AppGuard). ..."
Not exactly. The H_C can block in the home environment also the second scenario via blocking the .chm Sponsor hh.exe. The difference between SRP settings in H_C and for example Excubits driver (Bouncer) is that the second can block also processes started with Admin rights. In the enterprise environment, malware can exploit unpatched vulnerabilities (privilege escalation) or attack the computer from the local network with high privileges.
I could implement SRP also for Admin processes, but this would be probably risky in the home environment with default-deny settings and much less useful than in the enterprise environment. For this reason, Bouncer driver has also the option to block only standard processes.
In enterprises, Administrators can delay updates for a long time so they can use the security which can block Admin processes. If they plan to update something, then they simply can turn off the security. That is not possible in the home environment on Windows 10 (especially on the computers of inexperienced users, when these computers are maintained occasionally by an advanced user).

I have a question regarding this snippet:
What does "some Windows hardening" refer to specifically? I haven't found a clear list in any of the relevant threads. Thanks in advance, as always. :)(y)
Look at the H_C right panel options + FirewallHardening (also WD advanced options if WD real-time protections is ON + DocumentsAntiExploit tool if required).:)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,601
Any ETA for v6.x?
Today, I am going to push the stable version 5.1.1.1. It is functionally the same as beta 5.1.1.1 but with updated ConfigureDefender, FirewallHardening, and DocumentAntiExploit (these updated versions have only minor GUI changes). Furthermore, all executables are signed with the new certificate valid until June 2021.(y)
The beta version 6.0.0.0 will be pushed soon, but for now, it contains only some GUI improvements.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,601
Hard_Configurator ver. 5.1.1.1 (stable version)

The update can be done without uninstalling the older version. After the update, it is required to press <Recommended Settings> or load any predefined setting profile - this will update the Registry entries (not required if the update is from beta 5.1.1.1).

On H_C ver. 5.0.0.0 (and prior) the new version can be updated via the <Update> button.
For other versions (beta versions 5.0.0.1, 5.0.1.1, and 5.1.1.1) the new installer has to be downloaded and executed.
 

Tiny

Level 3
Verified
Well-known
Dec 29, 2016
131
Hard_Configurator ver. 5.1.1.1 (stable version)

The update can be done without uninstalling the older version. After the update, it is required to press <Recommended Settings> or load any predefined setting profile - this will update the Registry entries (not required if the update is from beta 5.1.1.1).

On H_C ver. 5.0.0.0 (and prior) the new version can be updated via the <Update> button.
For other versions (beta versions 5.0.0.1, 5.0.1.1, and 5.1.1.1) the new installer has to be downloaded and executed.
Thanks! Really appreciate the hard work, Andy.
 

Protomartyr

Level 7
Sep 23, 2019
314
@Andy Ful
Just updated to 5.1.1.1 from 5.0.0.0 using the <Update> button. After installation, I loaded <Recommended Settings>, restarted the system, then loaded my custom profile.

When loading my custom profile I did get a few messages that read:
Wrong parameter. The <Update Mode> option will be set to 'OFF'.
Wrong parameter. The <Harden Archivers> option will be set to 'OFF'.
Wrong parameter. The <Harden Email Clients> option will be set to 'OFF'.
Wrong parameter. 'Allow MSI' will be set to 'OFF'.

I found where the first 3 mentioned options are in H_C but I can't find where 'Allow MSI' is.

My questions:
  • Where is the 'Allow MSI' setting located in H_C?
  • How can I tell what values I had regarding the mentioned options above in my previous setup? I have uploaded my profile (which was saved before updating to 5.1.1.1) to this post as a .txt since .hdc isn't an allowed extension to be uploaded to the forum.
Thank you for your hardwork! I absolutely enjoy using H_C.
 

Attachments

  • Protomartyr.txt
    391 bytes · Views: 232

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,223
Hard_Configurator ver. 5.1.1.1 (stable version)

The update can be done without uninstalling the older version. After the update, it is required to press <Recommended Settings> or load any predefined setting profile - this will update the Registry entries (not required if the update is from beta 5.1.1.1).

On H_C ver. 5.0.0.0 (and prior) the new version can be updated via the <Update> button.
For other versions (beta versions 5.0.0.1, 5.0.1.1, and 5.1.1.1) the new installer has to be downloaded and executed.

Thanks, doing a fresh install of it after I finish doing the Windows 10 vs 2004 update :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,601
...
When loading my custom profile I did get a few messages that read:
Wrong parameter. The <Update Mode> option will be set to 'OFF'.
Wrong parameter. The <Harden Archivers> option will be set to 'OFF'.
Wrong parameter. The <Harden Email Clients> option will be set to 'OFF'.
Wrong parameter. 'Allow MSI' will be set to 'OFF'.

I found where the first 3 mentioned options are in H_C but I can't find where 'Allow MSI' is.
These options are new (absent in ver. 5.0.0.0). When you have tried to download the old custom setting profile, the H_C could not find the right settings for these options. So, the OFF settings were applied and H_C does not use these new settings just like in ver. 5.0.0.0.
If you want to use your custom setup in ver. 5.1.1.1 without activating these settings, then simply save the profile (the OFF settings for the new options will be added to the profile).
[/QUOTE]

My questions:
  • Where is the 'Allow MSI' setting located in H_C?
[/QUOTE]
Use <Whitelist By Path>

EXEMSI.png
 

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,603
You also can download it from majorgeeks
Prefer directly from GitHub .
But nice to see it included there!
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Ok, just downloaded the v5.1.1.1. Didn't touch any settings except enabling 'HIGH' in WD

I noticed there are 2 icons on my tablet. One is the H_C and the other is the Switch Default Deny.

What is the latter button for? If I press it what will happen? Press once means switch to Default Deny? Press again will revert its action?

Thanks
 
Last edited:

Gangelo

Level 6
Verified
Well-known
Jul 29, 2017
296
Just installed on a fresh installation of Win10 2004 and everything is working like a charm.
I was waiting for the Basic Recommended settings profile ;).
Kudos for the excellent work Andy.

p.s. I still insist on the 'donate' option, good work has to be rewarded in ways other than a simple thank you too.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top