Hard_Configurator - Windows Hardening Configurator

aldist

Level 2
Jul 22, 2020
59
But, it is probably only a choice based on taste.
Yes, it is possible, but usually the color of anxiety is red, and it is associated with the fact that something needs to be done. Whichever color you set, any will do, it's better than no indication at all.
The Registry protection you think of will require a 3rd party, real-time driver.
Optionally, you can make "work as a service", GUI may be closed. I will not ask any more questions about this.
 
Last edited:

aldist

Level 2
Jul 22, 2020
59
Which only add more code / attack surface
More code - yes, моre attack surface - no. On the contrary, it will be another layer of protection. Even if the H_C service is killed, the protection that has been implemented to date will continue to work. But I don't insist :)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
More code - yes, моre attack surface - no. On the contrary, it will be another layer of protection. Even if the H_C service is killed, the protection that has been implemented to date will continue to work. But I don't insist :)
Do not insist, please. The idea of H_C is not using 3rd party drivers, not using 3rd party real-time protection, and disappear from the system after initial configuration. Introducing any 3rd party driver will make the H_C another type of application. It will become not a configurator but real-time security related application. If I have to use 3rd party driver then it should do much more than protecting SRP Registry keys, that are already protected by Windows integrity levels.

I wrote this a year or two ago. Worrying about changing SRP Registry keys by malware (with H_C settings) would be like worrying that the coffin will be too small for you, after your death. The H_C is made to keep you alive, and is useless as an after life feature.:)

Edit.
Protecting the SRP settings would be more justified in Enterprises, where SRP is often configured to block also elevated processes. Such additional protection is welcome due to much bigger attack surface area (not patched systems and applications). Microsoft solved this by introducing Applocker (and later WD Application Control) which uses kernel driver.
 
Last edited:

aldist

Level 2
Jul 22, 2020
59
The profile was exported via TOOLS ...
TOOLS -> Manage Profiles BACKUP -> Import Profiles -> Whitelist by path cannot be restored. I get a message ...
2.png

Separately saved Whitelist by path is restored normally via the Save Load button.
 
  • Like
Reactions: Protomartyr

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
The profile was exported via TOOLS ...
TOOLS -> Manage Profiles BACKUP -> Import Profiles -> Whitelist by path cannot be restored. I get a message ...
View attachment 244728
Separately saved Whitelist by path is restored normally via the Save Load button.
This message says that everything was successfully imported. So, the setting profile files were imported to the folder .\Hard_Configurator\Configuration and Whitelist Profiles (if were previously saved and exported) were imported to the Windows Registry (can be seen/load via <Save Load> button). Please look here how to save/load Whitelist Profile :



Normally, the Whitelist Profile base is empty. So one has to first save Whitelist Profile (one or more) into the base before exporting Setting & Whitelist Profiles.
 
Last edited:

aldist

Level 2
Jul 22, 2020
59
@ Andy Ful
Please explain for inexperienced users.
I'm not using Windows Defender, and the SmartScreen process is being killed by the .bat file in startup.
When using "Install by SmartScreen" the application is checked in the cloud service, and depending on the reputation, is the installation allowed or denied?
What is the difference from "Run as SmartScreen"?
 
F

ForgottenSeer 85179

Is SmartScreen disabled?
What? You said that you're disable it. Don't understand what you mean.

So it doesn't affect SRP in any way. And why should I stream telemetry via SS?
Oh yeah, I'm not entirely dumb, so I use Eset AntiVirus and Windows Firewall Control.

I will never understand that logic.
You only move the telemetry - which doesn't include personal info, from Microsoft to Eset. So you only increase the attack surface (external AV + more code) and reduce your privacy as you share your data with more companies instead of just one.
So if you doesn't trust Microsoft, why then use Windows?
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,874
@ Andy Ful
Please explain for inexperienced users.
I'm not using Windows Defender, and the SmartScreen process is being killed by the .bat file in startup.
When using "Install by SmartScreen" the application is checked in the cloud service, and depending on the reputation, is the installation allowed or denied?
What is the difference from "Run as SmartScreen"?
Why even bother about "Run as SmartScreen" if you're turning off smartscreen at startup? It's the same smartscreen. This one just let you force smartscreen on every exe files. Set "Run as SmartScreen" to off in HC if that's how you wanna use your PC.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
@aldist,
Blocking the telemetry in Windows 10 is an illusion - it can be only reduced.
SmartScreen Application Reputation is the best-known file reputation service for application installers. It is also the best protection against the 0-day malware (EXE, MSI, ...) executed by the user after downloading the file from the Internet (via web browser and some online services like OneDrive). The SmartScreen telemetry includes the information from MOTW (Mark Of The Web) and information about the file.

How do you recognize that the application installer downloaded from the Internet is safe? VirusTotal will give you too many false positives. The installed AV or on-demand AV scanners are not especially useful for 0-day malware. Online sandbox analyses will give you many false positives and can take much time. Furthermore, they require some special knowledge.

SmartScreen Application Reputation will solve the problem in one second for about 75% of installers. So, you have a big advantage, because your problem is four times smaller. Do you believe that adding default-deny firewall rules can save you?
 
Last edited:

aldist

Level 2
Jul 22, 2020
59
Guys, with all due respect to you, except for the stream of smart thoughts, nevertheless, someone will answer my question
When using "Install by SmartScreen" the application is checked in the cloud service, and depending on the reputation, is the installation allowed or denied?
What is the difference from "Run as SmartScreen"?
:cry: Or don't you know either? :)
 

aldist

Level 2
Jul 22, 2020
59
Andy Full
Thanks, that's something. I am guided by the presence of a digital signature, a legal source, my antivirus, virustotal. But what's the difference between "Install by SmartScreen" and "Run as SmartScreen"?
 
  • Like
Reactions: plat

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,222
Andy Full
Thanks, that's something. I am guided by the presence of a digital signature, a legal source, my antivirus, virustotal. But what's the difference between "Install by SmartScreen" and "Run as SmartScreen"?

From the manual

" Recommended Settings on Windows 8+ How do they work? 1. Users can run the already installed applications in SystemSpace. 2. Any new file directly run by the user (executable, script, shortcut, file with unsafe extension) is blocked in UserSpace. This also works when the file is run from the archiver application or email client. 3. As an exception to point 2, the shortcuts (LNK files) can be run by users from Desktop, Start Menu, Power Menu, Task Bar, and Quick Launch. 4. As an exception to point 2, the standalone application installers (EXE or MSI files) can be run by users on-demand - Hard_Configurator adds the right-click Explorer context menu entry "Install by SmartScreen". It allows the user to safely install applications with forced SmartScreen check. This works well both on Administrator account and SUA. 5. Already running processes can run EXE (TMP) and MSI files in ProgramData or user AppData folders. An inexperienced user cannot run files directly from there, because these folders are hidden by default in Explorer. 6. The applications/processes running with standard rights cannot run other unsafe files (executables, scripts, files with unsafe extensions) in UserSpace, except some events when the command line can be accessed (some command lines with Sponsors). "

" The "Run By SmartScreen" entry in the Explorer context menu can be used to check the standalone application installers (EXE and MSI) by SmartScreen Application Reputation service. This entry should be also used for unsafe executables listed below: 1. Files downloaded from the Internet, especially email attachments and executables from the archives (7-zip, Zip, Arj, Rar, etc.). 2. Executables shared with other people via USB drives, Memory cards, etc. "
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top