Updates Hard_Configurator - Windows Hardening Configurator

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
In HardeningKitty i found the following Firewall rules, which aren't in your FirewallHardening tool:

IDNameTypeRule applies to ProtocolLocal portsIP addressesProfileAction
2307HardeningKitty-Block-calc-x64Custom Rule%SystemRoot%\System32\calc.exeAnyAny
Any

Block All
2308HardeningKitty-Block-calc-x86Custom Rule%SystemRoot%\Syswow64\calc.exeAnyAnyAnyBlock All
2311HardeningKitty-Block-conhost-x64Custom Rule%SystemRoot%\System32\conhost.exeAnyAnyAnyBlock All
2312HardeningKitty-Block-conhost-x86Custom Rule%SystemRoot%\Syswow64\conhost.exeAnyAnyAnyBlock All
2317HardeningKitty--Block-notepad-x64Custom Rule%SystemRoot%\System32\notepad.exeAnyAnyAnyBlock All
2318HardeningKitty--Block-notepad-x86Custom Rule%SystemRoot%\Syswow64\notepad.exeAnyAnyAnyBlock All
2319HardeningKitty--Block-RunScriptHelper-x64Custom Rule%SystemRoot%\System32\RunScriptHelper.exeAnyAnyAnyBlock All
2320HardeningKitty--Block-RunScriptHelper-x86Custom Rule%SystemRoot%\Syswow64\RunScriptHelper.exeAnyAnyAnyBlock All

What did you think @Andy Ful ?

I think that the above executables also can be added to FirewallHardening. Anyway, the attackers can use any Windows executable to inject the malicious DLL and use it for calling home.
Also, i still wonder why "finger.exe" isn't included
C:\Windows\System32\finger.exe C:\Windows\SysWOW64\finger.exe
FInger.exe is included in the upcoming beta (and some more) and added to H_C recommended items - it can be used directly to download something malicious.
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
@Andy Ful

Question would it be possible for people using Microsoft Defender to add System Integrity Guard for often abused non critical windows programs like calc.exe, notepad.exe, to prevent these easy to find programs from being injected with a non-M$ DLL?

I manually added them to WDEP (and a lot of other sponsors listed in H_C) without any issues.

/L

EDIT: I meant would you consider this as an extra option for ConfigureDefender and or WD BabySitter?
 
Last edited:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
@Andy Ful

Question would it be possible for people using Microsoft Defender to add System Integrity Guard for often abused non critical windows programs like calc.exe, notepad.exe, to prevent these easy to find programs from being injected with a non-M$ DLL?

I manually added them to WDEP (and a lot of other sponsors listed in H_C) without any issues.

/L

EDIT: I meant would you consider this as an extra option for ConfigureDefender and or WD BabySitter?
Some security applications can inject DLLs into monitored processes and then the execution will be broken. I thought about adding some anti-exploit hardening profiles via Windows Exploit Protection for several years, but I am still not convinced if such a feature will fit well with other H_C features. :unsure:
Furthermore, such anti-exploit protection can be easily managed from the Security Center. If one has a problem with doing it, then he/she probably should not do it.
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
Some security applications can inject DLLs into monitored processes and then the execution will be broken. I thought about adding some anti-exploit hardening profiles via Windows Exploit Protection for several years, but I am still not convinced if such a feature will fit well with other H_C features. :unsure:
Furthermore, such anti-exploit protection can be easily managed from the Security Center. If one has a problem with doing it, then he/she probably should not do it.
That is why I suggested to add it to Configure Defender or WD Babysitter, because people using Microsoft Defender are not likely to use any other security program.

I just posted in H_C thread because you mentioned DLL-injection to circumvent firewall block rules
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
That is why I suggested to add it to Configure Defender or WD Babysitter, because people using Microsoft Defender are not likely to use any other security program.

I just posted in H_C thread because you mentioned DLL-injection to circumvent firewall block rules
It will be hard to add the EP to ConfigureDefender or Babysitter because the configuration of EP restrictions can depend on other applications. This will require much testing by many users.
 
F

ForgottenSeer 85179

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
I managed to do some testing today. I can confirm that Windows 11 uses an unusual path to run Security Center:
\\?\C:\Windows\System32\SecurityHealthHost.exe
instead of:
C:\Windows\System32\SecurityHealthHost.exe

I will add this path to the H_C default whitelist in the upcoming version.

Such paths (with \\?\ in the beginning) are not whitelisted by default in H_C so the executable is blocked and Security Center is not displayed correctly. The solution is the usual one. The path should be whitelisted. But it includes wildcards, so <Add Path*Wildcards> has to be used.(y)

Edit
The paths that start with \\? are called "device paths".
 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,077
I managed to do some testing today. I can confirm that Windows 11 uses an unusual path to run Security Center:
\\?\C:\Windows\System32\SecurityHealthHost.exe
instead of:
C:\Windows\System32\SecurityHealthHost.exe

I will add this path to the H_C default whitelist in the upcoming version.

Such paths (with \\?\ in the beginning) are not whitelisted by default in H_C so the executable is blocked and Security Center is not displayed correctly. The solution is the usual one. The path should be whitelisted. But it includes wildcards, so <Add Path*Wildcards> has to be used.(y)

Edit
The paths that start with \\? are called "device paths".
When you get around to testing ASR rules in Windows 11, I would be interested to hear. In the meantime I am using default Defender settings on Win11, out of fear of the unknown.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,077
So why not testing it by yourself then? ;)
To tell ya the truth, I found this puzzling gibberish in the Defender.log, and I don't know how or when it got in there. Maybe it's from win10, maybe after upgrading to win11. It's the only entry in the log.
Code:
0x4576656E745B305D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465722F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465720D0A2020446174653A20323032312D30372D30385431373A30383A31372E313835303030305A0D0A20204576656E742049443A20353030340D0A20205461736B3A204E2F410D0A20204C6576656C3A20496E666F726D6174696F6E003F20204F70636F64653A20496E666F00003F20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2057696E31302D5669727475616C0D0A20204465736372697074696F6E3A200D0A4D6963726F736F667420446566656E64657220416E74697669727573205265616C2D74696D652050726F74656374696F6E206665617475726520636F6E66696775726174696F6E20686173206368616E6765642E0D0A2009466561747572653A204E6574776F726B20496E7370656374696F6E2053797374656D0D0A2009436F6E66696775726174696F6E3A2030003F0D0A4576656E745B315D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465722F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465720D0A2020446174653A20323032312D30372D30385431373A30383A31302E333736303030305A0D0A20204576656E742049443A20353030340D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2057696E31302D5669727475616C0D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B325D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465722F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465720D0A2020446174653A20323032312D30372D30315431323A34343A32382E303231303030305A0D0A20204576656E742049443A20353030340D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2057696E31302D5669727475616C0D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A
 

ESecurity

Level 16
Nov 15, 2017
767
Hi Andy, will it be possible to add support for Thunderbird? Thank you very much.

HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
 
Last edited by a moderator:
  • Like
Reactions: Nevi and Andy Ful

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
Hi Andy, will it be possible to add support for Thunderbird? Thank you very much.
As you can see in the Help for <Harden Email Clients>, the Thunderbird client can be used safely with H_C.
Thunderbird does not allow to execute files from its console and adds MOTW to executables. So, it does not need SRP restrictions. If you will try to execute the file after saving it via Thunderbird, then the file will be checked by SmartScreen.
Some other email clients do execute files from AppData subfolders and do not add MOTW, so they have to be restricted by SRP.
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
@plat1098 have posted on Wilderssecurity forum about formal tests of Defender plus H_C.
https://www.wilderssecurity.com/thr...windows-10-needs.383448/page-140#post-3019351

Although the tests with Defender were not performed, there are still available tests of H_C without Defender (and without any AV). These tests were done by @askalan on Malware Hub:
https://malwaretips.com/threads/hard_configurator-january-2019-report.89172/
https://malwaretips.com/threads/hard_configurator-february-2019-report.90240/
https://malwaretips.com/threads/hard-configurator-march-2019-report.91024/
https://malwaretips.com/threads/hard-configurator-april-2019-report.92071/
https://malwaretips.com/threads/hard-configurator-may-2019-report.92283/

Due to the testing procedure, these results (one sample compromised the protection) would be the same also with the current Recommended Settings.(y)
 

askalan

Level 16
Verified
Malware Hunter
Jul 27, 2017
775
@plat1098 have posted on Wilderssecurity forum about formal tests of Defender plus H_C.
https://www.wilderssecurity.com/thr...windows-10-needs.383448/page-140#post-3019351

Although the tests with Defender were not performed, there are still available tests of H_C without Defender (and without any AV). These tests were done by @askalan on Malware Hub:
https://malwaretips.com/threads/hard_configurator-january-2019-report.89172/
https://malwaretips.com/threads/hard_configurator-february-2019-report.90240/
https://malwaretips.com/threads/hard-configurator-march-2019-report.91024/
https://malwaretips.com/threads/hard-configurator-april-2019-report.92071/
https://malwaretips.com/threads/hard-configurator-may-2019-report.92283/

Due to the testing procedure, these results (one sample compromised the protection) would be the same also with the current Recommended Settings.(y)

I looked at some old tests and got some great memories of the old days haha :D

I have finished the tests with the new H_C 6.0 beta. The installer has been submitted to Microsoft, Avast, Norton, and Bitdefender. If everything will be OK, then I push the new beta to GitHub, soon.:)

I'm happy to update the links on the website when the new version comes out. I use H_C (Defender off) on my own laptop and couldn't be happier. Thanks Andy!
 

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,106
New H_C ver. 6.0.0.0 beta 1:
This beta version can be installed over the previous version (5.1.1.2). It has been whitelisted by Microsoft, Avast, Norton, and Bitdefender.

Changelog:
  1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
  2. Fixed some minor bugs.
  3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
  4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
  5. Added SLK file extension to the default protected extensions.
  6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
  7. New version of ConfigureDefender:
    - Added some useful information to the Help and manual.
    - Added "Send All" setting to Automatic Sample Submission.
    - Updated ASR rules (1 new rule added).
    - Added the Warn mode to ASR rules.
    - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
    - Added the <Info> button next to the Protection Levels buttons. It displays information about which settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
    - Redesigned slightly the layout of the Exploit Guard section.
  8. Added support for Windows 11.

Be safe.(y)
 
Top