Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
HarborFront said:
Ok, just downloaded the v5.1.1.1. Didn't touch any settings except enabling 'HIGH' in WD

I noticed there are 2 icons on my tablet. One is the H_C and the other is the Switch Default Deny.

What is the latter button for? If I press it what will happen? Press once means switch to Default Deny? Press again will revert its action?

Thanks
Click to expand...
If you run it, then you have the ability to switch OFF/ON default deny SRP restrictions (without opening H_C).

Please read the info about SwitchDefaultDeny from the H_C manual (run H_C and use <General Help><Documentation>, choose the PDF document "Hard_Configurator - Manual") .
You can also run SwitchDefaultDeny and read the help (<Menu><Help>).(y)

You can probably get some other useful information by looking at the help files about the options that are mysterious to you.:)(y)
Please let me know when something in the help is hard to understand.
 
Last edited:
  • Like
Reactions: simmerskool, Protomartyr, Gandalf_The_Grey and 3 others
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
I updated from 5.1.1.1 beta to 5.1.1.1 stable by doing a clean install of H-C, (within H_C GUI reset everything to default>restart>uninstalled H_C from within GUI>restart). Before installing 5.1.1.1 I noted that the Documents Anti-Exploit Icon remained on my desktop. I was curious, I thought it had previously installed during H_C installations but obviously my memory was wrong because it remained without H_C installed. After checking Windows 10 (2004) All Settings>APPs uninstall and Control Panel uninstall I found neither lists Documents Anti-Exploit and thus it cannot be uninstalled by normal means. Furthermore, while the Documents Anti-Exploit Icon shows on my desktop it does not show in the start menu.

So, what is the method to use to uninstall Documents Anti-Exploit if I want to do so?

Install of 5.1.1.1 stable went as expected, all good.
 
  • Like
Reactions: simmerskool, Protomartyr, harlan4096 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Reldel1 said:
...
So, what is the method to use to uninstall Documents Anti-Exploit if I want to do so?
...
Click to expand...
Thanks. You can delete it from the desktop.(y)

This tool cannot be well integrated with H_C because it is not system-wide. When one uninstalls H_C, the settings made by DocumentsAntiExploit tool are not removed, so this tool is copied to the Desktop to be available for the user. But, in the ver. 5.1.1.1, I added the execution limitations for H_C executables that prevent to run them in UserSpace, so this tool cannot be run from the Desktop anymore (one have to use the standalone version). :(
I will correct this in the next version.

Post edited.
 
Last edited:
  • Like
Reactions: simmerskool, Protomartyr, harlan4096 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Reldel1 said:
Andy,

This link shows a 404 error.
Click to expand...
Yes, I edited my post. The event you have reported is normal, but the DocumentsAntiExploit tool will not run from the Desktop (thing to correct in the next version). The reason for copying to the desktop is noted in the manual and in the help:

DocumentsAntiExploit.png


You can run the DocumentsAntiExploit tool via SwitchDefaultDeny.
 
  • Like
Reactions: Protomartyr, harlan4096, silversurfer and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Actually, there is available a standalone DocumentsAntiExploit tool (independent of the H_C). So, I think that I can remove the imperfect integration of DocumentsAntiExploit tool from the H_C's SwitchDefaultDeny. In such a case the H_C installer + standalone DocumentsAntiExploit tool can be put into one ZIP archive and the user can use them separately.
The DocumentsAntiExploit tool may be skipped when the user:
  • does not use MS Office and Adobe Acrobat Reader XI/DC,
  • uses H_C and WD with ASR rules for Office Applications and Adobe Reader (like in ConfigureDefender HIGH protection Level).
It is worth remembering that applying the restrictions via DocumentsAntiExploit tool on several user accounts, require launching/configuring it on all these accounts. The same is necessary when removing the restrictions from several user accounts.
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool, Protomartyr, Gandalf_The_Grey and 3 others
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
Actually, there is available a standalone DocumentsAntiExploit tool (independent of the H_C). So, I think that I can remove the imperfect integration of DocumentsAntiExploit tool from the H_C's SwitchDefaultDeny. In such a case the H_C installer + standalone DocumentsAntiExploit tool can be put into one ZIP archive and the user can use them separately.
The DocumentsAntiExploit tool may be skipped when the user:
  • does not use MS Office and Adobe Acrobat Reader XI/DC,
  • uses H_C and WD with ASR rules for Office Applications and Adobe Reader (like in ConfigureDefender HIGH protection Level).
It is worth remembering that applying the restrictions via DocumentsAntiExploit tool on several user accounts, require launching/configuring it on all these accounts. The same is necessary when removing the restrictions from several user accounts.
Click to expand...
Got it. You are always thinking, that's what makes your product great.
 
  • Like
Reactions: simmerskool, Protomartyr, Gandalf_The_Grey and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Hard_Configurator ver. 5.1.1.2 (stable version)
github.com

Hard_Configurator/Hard_Configurator_setup_5.1.1.2.exe at master · AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - Hard_Configurator/Hard_Configurator_setup_5.1.1.2.exe at master · AndyFul/Hard_Configurator
github.com github.com

The update can be done via <Update> option from the H_C. The displayed version in the H_C window is still 5.1.1.1 because this executable did not change.
Only the DocumentsAntiExploit tool was replaced by the standalone version, the rest of the executables are identical as in the version 5.1.1.1.

The separation of DocumentsAntiExploit from H_C will be done in ver. beta 6.0.0.0.
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: silversurfer, jerzy601, simmerskool and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
plat1098 said:
Installed first 5.1.1.1, then 5.1.1.2 over the top via the user interface. No problems to report so far. Many thanks for this software, it's a part of my core security. :cool:

PS: there is no mention of H_C's installation in Event Viewer, this is OK, Andy Ful?
Click to expand...
Yes. The H_C is semi-portable. You can copy/paste the H_C folder to the other computer with the same Windows bitness (64-bit or 32-bit). The only requirement is that the path has to be "%WinDir%\Hard_Configurator". Furthermore, the H_C is intentionally hidden to avoid the uninstallation by casual users, children, etc. (when their computers are configured by advanced users).
 
  • Like
Reactions: Protomartyr, silversurfer, Gandalf_The_Grey and 5 others
simmerskool

simmerskool

Level 36
Verified
Top Poster
Well-known
Apr 16, 2017
2,576
Andy Ful said:
Hard_Configurator ver. 5.1.1.1 (stable version)
github.com

AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - AndyFul/Hard_Configurator
github.com github.com
Click to expand...

I just tried the link 21jun 0601 UTC and it was 404?

EDIT update, the link to 5.1.1.2 works, and downloaded ok, but not installed yet. THANKS!!
 
Last edited:
  • Like
Reactions: Protomartyr and Andy Ful
R

Reldel1

Level 2
Verified
Jun 12, 2017
50
Andy Ful said:
Hard_Configurator ver. 5.1.1.2 (stable version)
github.com

Hard_Configurator/Hard_Configurator_setup_5.1.1.2.exe at master · AndyFul/Hard_Configurator

GUI to Manage Software Restriction Policies and harden Windows Home OS - Hard_Configurator/Hard_Configurator_setup_5.1.1.2.exe at master · AndyFul/Hard_Configurator
github.com github.com

The update can be done via <Update> option from the H_C. The displayed version in the H_C window is still 5.1.1.1 because this executable did not change.
Only the DocumentsAntiExploit tool was replaced by the standalone version, the rest of the executables are identical as in the version 5.1.1.1.

The separation of DocumentsAntiExploit from H_C will be done in ver. beta 6.0.0.0.
Click to expand...

Andy

After using the prescribed update button within the GUI and updating from 5.1.1.1 to 5.1.1.2, if I return to the GUI and use the update button again, H_C will again appear to download the 5.1.1.2 version. This pattern can be repeatedly be reproduced.
 
Last edited:
  • Like
Reactions: Protomartyr, Andy Ful and Gandalf_The_Grey
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
paulderdash said:
ver. 5.1.1.2 installed, thanks Andy. You are a ⭐.

Edit: Question - just out of interest, how would MBAM Premium run alongside H_C (with WD). Would it add value?
Anyone using this combo?
Just looking at this old post, which piqued my interest: Is Malwarebytes 3 Considered An AV? - Anti-Virus, Anti-Malware, and Privacy Software
Click to expand...
I do not think that MBAM Premium protection for MZ files (like EXE, CPL, SYS, DLL, SCR, OCX, etc.) adds something important to the WD protection with ConfigureDefender HIGH preset.
Anyway, the MBAM anti-exploit protection can be useful if one uses a vulnerable (not patched) system/software. In such a case, MBAM Premium is probably easier for many people than applying Windows 10 Exploit Protection for the concrete applications.
 
  • Like
Reactions: Protomartyr, simmerskool and harlan4096
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Reldel1 said:
Andy

After using the prescribed update button within the GUI and updating from 5.1.1.1 to 5.1.1.2, if I return to the GUI and use the update button again, H_C will again appear to download the 5.1.1.2 version. This pattern can be repeatedly be reproduced.
Click to expand...
Yes, this is normal behavior because the main H_C executable is the same as in the ver. 5.1.1.1 (only DocumentsAntiExploit tool was replaced with a standalone version). This will be stopped tomorrow when I replace the main H_C executable in the installer with a new one (ver. 5.1.1.2 will be displayed in the H_C window). It takes some time because any new executable has to be whitelisted by AV vendors.

For the H_C users, there is no need to update until July because nothing new will be added to H_C. The small corrections are not related to H_C protection and features when H_C is installed.

The correction from 5.1.1.1 to 5.1.1.2 can be important when someone uninstalled the H_C improperly (and did not install a new version) and forgot to remove the settings related to DocumentAntiExploit tool (made via SwitchDefaultDeny). (y)
 
Last edited:
  • Like
Reactions: Protomartyr, South Park, simmerskool and 7 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,491
Interesting ransomware was tested on MH:
This example shows two things:
  1. Even the AV with ATP cannot detect all scripting attacks.
  2. There is a big difference between malware tests and real-world tests.
The first point is evident from the Malware Hub results. So, the best method is still blocking scripts in UserSpace.

The second point follows from the fact that in the real world attack, the attacker will not use a PowerShell script as the initial infection vector due to the PowerShell Execution Policy. So, the MS Office document, shortcut, or another infection vector will be used to run the PowerShell script and bypass the PowerShell Execution Policy. In most cases, also the phishing link will be used. This will change the detection significantly for all AVs with ATP. For example, the WD ASR rules will block such attacks performed via exploiting MS Office or Adobe Reader applications.(y)
 
  • Like
Reactions: Protomartyr, simmerskool, oldschool and 6 others

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,433
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,126
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top