Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
...
When using "Install by SmartScreen" the application is checked in the cloud service, and depending on the reputation, is the installation allowed or denied?
Yes, If the SmartScreen is not disabled.

What is the difference from "Run as SmartScreen"?
  1. InstallBySmartscreen forces SmartScreen check (for files without MOTW - like files from a flash drive).
  2. InstallBySmartscreen (in the H_C Recommended Settings) does not use Admin privileges if the application installer does not need them.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
Guys, with all due respect to you, except for the stream of smart thoughts, nevertheless, someone will answer my question :cry: Or don't you know either? :)
They tried to explain that your question does not make sense with disabled SmartScreen.:)(y)
Please note, that most answers to your questions are already included in the help files.
Is there anything wrong with the information included there? Even more information is included in the H_C manual available via <General Help> button.

Bez tytułu.png
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
@aldist,

  1. InstallBySmartscreen forces SmartScreen check (for files without MOTW - like files from a flash drive).
  2. InstallBySmartscreen (in the H_C Recommended Settings) does not use Admin privileges if the application installer does not need them.
My answer was about the difference between "Install By Smartscreen" (H_C related feature) and "Run As Administrator" (standard Windows feature) entries in the right-click Explorer context menu. The "Run As SmartScreen" feature is not included in the latest H_C version. If you would be interested then "Run As SmartScreen" worked similar to "Install By SmartScreen" but always forced Admin privileges.
 
Last edited:

aldist

Level 2
Jul 22, 2020
59
@Andy Ful
Thank! Then the quintessence turns out like this.
"Install By Smartscreen" enables SmartScreen checking and uses administrator rights only if the app installer needs them.
"Run As SmartScreen" works similarly to "Install By Smartscreen", but always requires administrator rights (like "Run As Admin").
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
@Andy Ful
...
"Install By Smartscreen" enables SmartScreen checking ...
Not exactly. It forces SmartScreen check, under the assumption that SmartScreen is enabled in Windows. Forcing the SmartScreen check means that SmartScreen will check the files also if these files have no MOTW. You can read the PROGRAM DESCRIPTION info about when files are not checked by Windows SmartScreen, but they are checked by Forced SmartScreen:
https://github.com/AndyFul/Hard_Configurator

You can look at the @askalan tests to see how this work in practice, for example:
The tests were continued for a few months (until May 2019) without any AV protection (only H_C + SmartScreen).
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
@aldist,
Blocking the telemetry in Windows 10 is an illusion - it can be only reduced.
SmartScreen Application Reputation is the best-known file reputation service for application installers. It is also the best protection against the 0-day malware (EXE, MSI, ...) executed by the user after downloading the file from the Internet (via web browser and some online services like OneDrive). The SmartScreen telemetry includes the information from MOTW (Mark Of The Web) and information about the file.

How do you recognize that the application installer downloaded from the Internet is safe? VirusTotal will give you too many false positives. The installed AV or on-demand AV scanners are not especially useful for 0-day malware. Online sandbox analyses will give you many false positives and can take much time. Furthermore, they require some special knowledge.

SmartScreen Application Reputation will solve the problem in one second for about 75% of installers. So, you have a big advantage, because your problem is four times smaller. Do you believe that adding default-deny firewall rules can save you?
I may be wrong on the below. Correct me if I'm wrong

Windows Enterprise version can disable all telemetry. In fact, the latest news seems that it allows the IT to specify the telemtery requirements.

The chinese version of Windows sure to have no telemtery to MS
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
441
I may be wrong on the below. Correct me if I'm wrong

Windows Enterprise version can disable all telemetry. In fact, the latest news seems that it allows the IT to specify the telemtery requirements.

The chinese version of Windows sure to have no telemtery to MS
IIRC, the Enterprise version allows telemetry to be limited to "Security," which collects even less information than "Basic." "Security" obtains just enough information to run Windows Update, while "Basic" includes some data about app crashes and the like.
 
F

ForgottenSeer 85179

IIRC, the Enterprise version allows telemetry to be limited to "Security," which collects even less information than "Basic." "Security" obtains just enough information to run Windows Update, while "Basic" includes some data about app crashes and the like.
Correct and not even basic include any private data so it's ridiculous that user's or paranoid groups try to fix problems which aren't exist.

Of course such statements aren't welcomed in such groups as "anti-telemetry" is the new "tuning"-tool category.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
...
The chinese version of Windows sure to have no telemtery to MS
I do not know it, but I am not sure if it would be possible without breaking some Windows features. Anyway, it is not so important because any application which can connect to the Internet sends some telemetry. Usually, this is not related to personal information.
When one uses Forced SmartScreen in H_C, the telemetry is smaller because the real MOTW (which has information about the download) is replaced by a fake MOTW.
 
Last edited:
F

ForgottenSeer 85179

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,874
This project fall into the category about i wrote.


It still break other Windows features and users then blame Microsoft for broken Windows.
Right. Telemetry is very useful for fixing various bugs. Quite a few times I've read that Microsoft was able to troubleshoot issues thanks to their telemetry. This is true for all software. As long as personal information isn't collected for tracking and other similar purposes, everything is good.
 

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
Right. Telemetry is very useful for fixing various bugs. Quite a few times I've read that Microsoft was able to troubleshoot issues thanks to their telemetry. This is true for all software. As long as personal information isn't collected for tracking and other similar purposes, everything is good.
I agree, but the question is how can we be sure that no personal information is collected? By the way, are we going to far of topic?
 

Marana

Level 1
Verified
Jan 21, 2018
48
Tried LTSC ver. 1809.
SRP did not work, both via GPO or H_C. The LTSC is not a complete Windows Enterprise edition.
SRP works well on Windows Home, Pro, Enterprise.
Well, this is interesting...

Namely, I have used 1607 LTSB since 2017 along with SPR (using SSRP at that time) without any problems whatsoever.

In late 2019 I migrated over to LTSC 1809 and continued with SPR (now using H_C) and again without any problems whatsoever. At the moment my strategy is to continue using LTSC 1809 in the foreseeable future. Everything just works, no forced feature updates etc... :)(y)

I have been using Windows since 3.1 and I have to say that using Windows is nowadays a pretty smooth and enjoyable experience.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
...
Namely, I have used 1607 LTSB since 2017 along with SPR (using SSRP at that time) without any problems whatsoever.
...
LTSC v1809 SRP work well, both via GPO or H_C, or another instruments. :)
Thanks, guys. This probably means that normally SRP indeed works on Windows LTSC, except some specific custom configurations.(y)

LTSC (LTSB) is not a complete (including new features/updates) enterprise edition (like E3 or E5).
" We designed the LTSC with these types of use cases in mind, offering the promise that we will support each LTSC release for 10 years--and that features, and functionality will not change over the course of that 10-year lifecycle. "
"We create a new LTSC release approximately every three years, and each release contains all the new capabilities and support included in the Windows 10 features updates that have been released since the previous LTSC release. "

Furthermore, some features are not installed at all in LTSC (can be probably installed manually). Anyway, this should not prevent SRP from working, because SRP did not change much over several years. But as we can see, on some LTSC versions / configs the SRP does not work for some reason.

Edit.
In my case, this could follow from many experiments that I made on Windows LTSC. The problem is that I do not remember in detail what I did over the last year. One thing that I noticed on all tested Windows versions is SRP incompatibility with Microsoft Child account. It turns off many SRP features permanently, even after removing that account.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,600
Just a note. SRPPrevent is the simplest SRP management tool I know of, including for LTSC.
It is not the simplest. You can make many similar simple configurators by exporting the registry key of any H_C SRP setup:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers
You can make a simple BAT command and run it with Admin rights to delete this key and remove the restrictions.

The particular setup used in SRPPrevent is default allow, so it can only block specific files in specific locations and globally some files with double extensions (like *.mp4.exe). It is a kind of minimal hardening. Generally, such a setup does not prevent most malware from infecting the computer. The author did not probably make it stronger because the program does not allow whitelisting.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top