Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
SecurityNightmares said:
In HardeningKitty i found the following Firewall rules, which aren't in your FirewallHardening tool:

IDNameTypeRule applies to ProtocolLocal portsIP addressesProfileAction
2307HardeningKitty-Block-calc-x64Custom Rule%SystemRoot%\System32\calc.exeAnyAny
Any
Block All
2308HardeningKitty-Block-calc-x86Custom Rule%SystemRoot%\Syswow64\calc.exeAnyAnyAnyBlock All
2311HardeningKitty-Block-conhost-x64Custom Rule%SystemRoot%\System32\conhost.exeAnyAnyAnyBlock All
2312HardeningKitty-Block-conhost-x86Custom Rule%SystemRoot%\Syswow64\conhost.exeAnyAnyAnyBlock All
2317HardeningKitty--Block-notepad-x64Custom Rule%SystemRoot%\System32\notepad.exeAnyAnyAnyBlock All
2318HardeningKitty--Block-notepad-x86Custom Rule%SystemRoot%\Syswow64\notepad.exeAnyAnyAnyBlock All
2319HardeningKitty--Block-RunScriptHelper-x64Custom Rule%SystemRoot%\System32\RunScriptHelper.exeAnyAnyAnyBlock All
2320HardeningKitty--Block-RunScriptHelper-x86Custom Rule%SystemRoot%\Syswow64\RunScriptHelper.exeAnyAnyAnyBlock All

What did you think @Andy Ful ?
Click to expand...

I think that the above executables also can be added to FirewallHardening. Anyway, the attackers can use any Windows executable to inject the malicious DLL and use it for calling home.
SecurityNightmares said:
Also, i still wonder why "finger.exe" isn't included
C:\Windows\System32\finger.exe C:\Windows\SysWOW64\finger.exe
Click to expand...
FInger.exe is included in the upcoming beta (and some more) and added to H_C recommended items - it can be used directly to download something malicious.
 
  • Like
  • +Reputation
  • Thanks
Reactions: Deletedmessiah, Mercenary, Gandalf_The_Grey and 2 others
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@Andy Ful

Question would it be possible for people using Microsoft Defender to add System Integrity Guard for often abused non critical windows programs like calc.exe, notepad.exe, to prevent these easy to find programs from being injected with a non-M$ DLL?

I manually added them to WDEP (and a lot of other sponsors listed in H_C) without any issues.

/L

EDIT: I meant would you consider this as an extra option for ConfigureDefender and or WD BabySitter?
 
Last edited:
  • Like
Reactions: Mercenary, Gandalf_The_Grey, Nevi and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
Lenny_Fox said:
@Andy Ful

Question would it be possible for people using Microsoft Defender to add System Integrity Guard for often abused non critical windows programs like calc.exe, notepad.exe, to prevent these easy to find programs from being injected with a non-M$ DLL?

I manually added them to WDEP (and a lot of other sponsors listed in H_C) without any issues.

/L

EDIT: I meant would you consider this as an extra option for ConfigureDefender and or WD BabySitter?
Click to expand...
Some security applications can inject DLLs into monitored processes and then the execution will be broken. I thought about adding some anti-exploit hardening profiles via Windows Exploit Protection for several years, but I am still not convinced if such a feature will fit well with other H_C features. :unsure:
Furthermore, such anti-exploit protection can be easily managed from the Security Center. If one has a problem with doing it, then he/she probably should not do it.
 
  • Like
  • Sad
Reactions: Nevi, Mercenary, Gandalf_The_Grey and 2 others
Lenny_Fox

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Andy Ful said:
Some security applications can inject DLLs into monitored processes and then the execution will be broken. I thought about adding some anti-exploit hardening profiles via Windows Exploit Protection for several years, but I am still not convinced if such a feature will fit well with other H_C features. :unsure:
Furthermore, such anti-exploit protection can be easily managed from the Security Center. If one has a problem with doing it, then he/she probably should not do it.
Click to expand...
That is why I suggested to add it to Configure Defender or WD Babysitter, because people using Microsoft Defender are not likely to use any other security program.

I just posted in H_C thread because you mentioned DLL-injection to circumvent firewall block rules
 
  • Like
Reactions: Nevi, Mercenary, Gandalf_The_Grey and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
Lenny_Fox said:
That is why I suggested to add it to Configure Defender or WD Babysitter, because people using Microsoft Defender are not likely to use any other security program.

I just posted in H_C thread because you mentioned DLL-injection to circumvent firewall block rules
Click to expand...
It will be hard to add the EP to ConfigureDefender or Babysitter because the configuration of EP restrictions can depend on other applications. This will require much testing by many users.
 
  • Like
Reactions: Nevi, Lenny_Fox, Gandalf_The_Grey and 2 others
F

ForgottenSeer 85179

  • Like
Reactions: Mercenary, Nevi, mkoundo and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
I managed to do some testing today. I can confirm that Windows 11 uses an unusual path to run Security Center:
\\?\C:\Windows\System32\SecurityHealthHost.exe
instead of:
C:\Windows\System32\SecurityHealthHost.exe

I will add this path to the H_C default whitelist in the upcoming version.

Such paths (with \\?\ in the beginning) are not whitelisted by default in H_C so the executable is blocked and Security Center is not displayed correctly. The solution is the usual one. The path should be whitelisted. But it includes wildcards, so <Add Path*Wildcards> has to be used.(y)

Edit
The paths that start with \\? are called "device paths".
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: oldschool, Mercenary, plat and 8 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Andy Ful said:
I managed to do some testing today. I can confirm that Windows 11 uses an unusual path to run Security Center:
\\?\C:\Windows\System32\SecurityHealthHost.exe
instead of:
C:\Windows\System32\SecurityHealthHost.exe

I will add this path to the H_C default whitelist in the upcoming version.

Such paths (with \\?\ in the beginning) are not whitelisted by default in H_C so the executable is blocked and Security Center is not displayed correctly. The solution is the usual one. The path should be whitelisted. But it includes wildcards, so <Add Path*Wildcards> has to be used.(y)

Edit
The paths that start with \\? are called "device paths".
Click to expand...
When you get around to testing ASR rules in Windows 11, I would be interested to hear. In the meantime I am using default Defender settings on Win11, out of fear of the unknown.
 
  • Like
Reactions: Mercenary, Andy Ful, ForgottenSeer 85179 and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
SecurityNightmares said:
So why not testing it by yourself then? ;)
Click to expand...
To tell ya the truth, I found this puzzling gibberish in the Defender.log, and I don't know how or when it got in there. Maybe it's from win10, maybe after upgrading to win11. It's the only entry in the log.
Code: 
0x4576656E745B305D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465722F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465720D0A2020446174653A20323032312D30372D30385431373A30383A31372E313835303030305A0D0A20204576656E742049443A20353030340D0A20205461736B3A204E2F410D0A20204C6576656C3A20496E666F726D6174696F6E003F20204F70636F64653A20496E666F00003F20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2057696E31302D5669727475616C0D0A20204465736372697074696F6E3A200D0A4D6963726F736F667420446566656E64657220416E74697669727573205265616C2D74696D652050726F74656374696F6E206665617475726520636F6E66696775726174696F6E20686173206368616E6765642E0D0A2009466561747572653A204E6574776F726B20496E7370656374696F6E2053797374656D0D0A2009436F6E66696775726174696F6E3A2030003F0D0A4576656E745B315D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465722F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465720D0A2020446174653A20323032312D30372D30385431373A30383A31302E333736303030305A0D0A20204576656E742049443A20353030340D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2057696E31302D5669727475616C0D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A4576656E745B325D0D0A20204C6F67204E616D653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465722F4F7065726174696F6E616C0D0A2020536F757263653A204D6963726F736F66742D57696E646F77732D57696E646F777320446566656E6465720D0A2020446174653A20323032312D30372D30315431323A34343A32382E303231303030305A0D0A20204576656E742049443A20353030340D0A20205461736B3A204E2F410D0A20204C6576656C3A204E2F410D0A20204F70636F64653A204E2F410D0A20204B6579776F72643A204E2F410D0A2020557365723A20532D312D352D31380D0A202055736572204E616D653A204E5420415554484F524954595C53595354454D0D0A2020436F6D70757465723A2057696E31302D5669727475616C0D0A20204465736372697074696F6E3A200D0A4E2F410D0A0D0A
 
  • Like
  • Wow
Reactions: Nevi, Andy Ful, ForgottenSeer 85179 and 1 other person
eonline

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
Hi Andy, will it be possible to add support for Thunderbird? Thank you very much.

HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Temp\eM Client temporary files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Foxmail*\Temp-*\Attach\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Claws-mail\mimetmp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Roaming\Mailspring\files\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\hiri\temp\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* <==== ATENCIÓN
 
Last edited by a moderator:
  • Like
Reactions: Nevi and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
ESecurity said:
Hi Andy, will it be possible to add support for Thunderbird? Thank you very much.
Click to expand...
As you can see in the Help for <Harden Email Clients>, the Thunderbird client can be used safely with H_C.
Thunderbird does not allow to execute files from its console and adds MOTW to executables. So, it does not need SRP restrictions. If you will try to execute the file after saving it via Thunderbird, then the file will be checked by SmartScreen.
Some other email clients do execute files from AppData subfolders and do not add MOTW, so they have to be restricted by SRP.
 
  • Like
  • +Reputation
  • Thanks
Reactions: Mercenary, Nevi, ErzCrz and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
@plat1098 have posted on Wilderssecurity forum about formal tests of Defender plus H_C.
https://www.wilderssecurity.com/thr...windows-10-needs.383448/page-140#post-3019351

Although the tests with Defender were not performed, there are still available tests of H_C without Defender (and without any AV). These tests were done by @askalan on Malware Hub:
https://malwaretips.com/threads/hard_configurator-january-2019-report.89172/
https://malwaretips.com/threads/hard_configurator-february-2019-report.90240/
https://malwaretips.com/threads/hard-configurator-march-2019-report.91024/
https://malwaretips.com/threads/hard-configurator-april-2019-report.92071/
https://malwaretips.com/threads/hard-configurator-may-2019-report.92283/

Due to the testing procedure, these results (one sample compromised the protection) would be the same also with the current Recommended Settings.(y)
 
  • Like
  • +Reputation
  • Thanks
Reactions: Nevi, ForgottenSeer 85179, mkoundo and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
I have finished the tests with the new H_C 6.0 beta. The installer has been submitted to Microsoft, Avast, Norton, and Bitdefender. If everything will be OK, then I push the new beta to GitHub, soon.:)
 
  • Like
  • Applause
  • +Reputation
Reactions: ErzCrz, jerzy601, Nevi and 11 others
A

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
Andy Ful said:
@plat1098 have posted on Wilderssecurity forum about formal tests of Defender plus H_C.
https://www.wilderssecurity.com/thr...windows-10-needs.383448/page-140#post-3019351

Although the tests with Defender were not performed, there are still available tests of H_C without Defender (and without any AV). These tests were done by @askalan on Malware Hub:
https://malwaretips.com/threads/hard_configurator-january-2019-report.89172/
https://malwaretips.com/threads/hard_configurator-february-2019-report.90240/
https://malwaretips.com/threads/hard-configurator-march-2019-report.91024/
https://malwaretips.com/threads/hard-configurator-april-2019-report.92071/
https://malwaretips.com/threads/hard-configurator-may-2019-report.92283/

Due to the testing procedure, these results (one sample compromised the protection) would be the same also with the current Recommended Settings.(y)
Click to expand...

I looked at some old tests and got some great memories of the old days haha :D

Andy Ful said:
I have finished the tests with the new H_C 6.0 beta. The installer has been submitted to Microsoft, Avast, Norton, and Bitdefender. If everything will be OK, then I push the new beta to GitHub, soon.:)
Click to expand...

I'm happy to update the links on the website when the new version comes out. I use H_C (Defender off) on my own laptop and couldn't be happier. Thanks Andy!
 
  • Like
  • Applause
  • Thanks
Reactions: ErzCrz, mkoundo, Nevi and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,478
New H_C ver. 6.0.0.0 beta 1:
This beta version can be installed over the previous version (5.1.1.2). It has been whitelisted by Microsoft, Avast, Norton, and Bitdefender.

Changelog:
  1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
  2. Fixed some minor bugs.
  3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
  4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
  5. Added SLK file extension to the default protected extensions.
  6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
  7. New version of ConfigureDefender:
    - Added some useful information to the Help and manual.
    - Added "Send All" setting to Automatic Sample Submission.
    - Updated ASR rules (1 new rule added).
    - Added the Warn mode to ASR rules.
    - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
    - Added the <Info> button next to the Protection Levels buttons. It displays information about which settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
    - Redesigned slightly the layout of the Exploit Guard section.
  8. Added support for Windows 11.

Be safe.(y)
 
  • Like
  • +Reputation
  • Thanks
Reactions: Mercenary, somename, cryogent and 18 others

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,412
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,073
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top