Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,592
In HardeningKitty i found the following Firewall rules, which aren't in your FirewallHardening tool:
ID Name Type Rule applies to Protocol Local ports IP addresses Profile Action 2307 HardeningKitty-Block-calc-x64 Custom Rule %SystemRoot%\System32\calc.exe Any Any
Any
Block All2308 HardeningKitty-Block-calc-x86 Custom Rule %SystemRoot%\Syswow64\calc.exe Any Any Any Block All 2311 HardeningKitty-Block-conhost-x64 Custom Rule %SystemRoot%\System32\conhost.exe Any Any Any Block All 2312 HardeningKitty-Block-conhost-x86 Custom Rule %SystemRoot%\Syswow64\conhost.exe Any Any Any Block All 2317 HardeningKitty--Block-notepad-x64 Custom Rule %SystemRoot%\System32\notepad.exe Any Any Any Block All 2318 HardeningKitty--Block-notepad-x86 Custom Rule %SystemRoot%\Syswow64\notepad.exe Any Any Any Block All 2319 HardeningKitty--Block-RunScriptHelper-x64 Custom Rule %SystemRoot%\System32\RunScriptHelper.exe Any Any Any Block All 2320 HardeningKitty--Block-RunScriptHelper-x86 Custom Rule %SystemRoot%\Syswow64\RunScriptHelper.exe Any Any Any Block All
What did you think @Andy Ful ?
I think that the above executables also can be added to FirewallHardening. Anyway, the attackers can use any Windows executable to inject the malicious DLL and use it for calling home.
FInger.exe is included in the upcoming beta (and some more) and added to H_C recommended items - it can be used directly to download something malicious.Also, i still wonder why "finger.exe" isn't included
C:\Windows\System32\finger.exe C:\Windows\SysWOW64\finger.exe