Update Hard_Configurator - Windows Hardening Configurator

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,100
31,056
New H_C ver. 6.0.0.0 beta 1:
This beta version can be installed over the previous version (5.1.1.2). It has been whitelisted by Microsoft, Avast, Norton, and Bitdefender.

Changelog:
  1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
  2. Fixed some minor bugs.
  3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
  4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
  5. Added SLK file extension to the default protected extensions.
  6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
  7. New version of ConfigureDefender:
    - Added some useful information to the Help and manual.
    - Added "Send All" setting to Automatic Sample Submission.
    - Updated ASR rules (1 new rule added).
    - Added the Warn mode to ASR rules.
    - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
    - Added the <Info> button next to the Protection Levels buttons. It displays information about which settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
    - Redesigned slightly the layout of the Exploit Guard section.
  8. Added support for Windows 11.

Be safe.(y)
Thanks Andy!
What's the new ASR rule?
What added support was needed for Win11?
 
F

ForgottenSeer 85179

What's the new ASR rule?

What added support was needed for Win11?
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,100
31,056


Thanks.
I didn't know about that new ASR rule. Good info.
I did know about that particular Win11 issue, as I reported it. Just wondering whether Andy found others.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,284
42,884
@shmu26,
ConfigureDefender and FirewallHardening Logs have not been displayed correctly on Windows 11. One of the issues was a bug in Windows 11 while using the wevtutil.exe system tool with /f:text switch to retrieve the text output of the Windows Events Log. I had to change the code and use another way to filter events.

Post edited.
 
Last edited:

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,100
31,056
@shmu26,
ConfigureDefender and FirewallHardening Logs have not been displayed correctly on Windows 11. One of the issues was a bug in Windows 11 while using the wevtutil.exe system tool with /text switch to retrieve the text output of the Windows Events Log. I had to change the code and use another way to filter events.
Thanks. I think I experienced that logging bug, but I wasn't sure what happened.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,284
42,884
Some screenshots:

ConfigureDefender:

1626687975943.png

1626688002094.png



Hard_Configurator:

1626688083462.png



1626688115465.png
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,348
New H_C ver. 6.0.0.0 beta 1:
This beta version can be installed over the previous version (5.1.1.2). It has been whitelisted by Microsoft, Avast, Norton, and Bitdefender.

Changelog:
  1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
  2. Fixed some minor bugs.
  3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
  4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
  5. Added SLK file extension to the default protected extensions.
  6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
  7. New version of ConfigureDefender:
    - Added some useful information to the Help and manual.
    - Added "Send All" setting to Automatic Sample Submission.
    - Updated ASR rules (1 new rule added).
    - Added the Warn mode to ASR rules.
    - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
    - Added the <Info> button next to the Protection Levels buttons. It displays information about which settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
    - Redesigned slightly the layout of the Exploit Guard section.
  8. Added support for Windows 11.

Be safe.(y)
Great work and thanks for keeping those tools up to date (y)
Will there be a standalone (beta) version of the new ConfigureDefender?
 

Gandalf_The_Grey

Level 53
Verified
Trusted
Content Creator
Apr 24, 2016
4,241
41,348
Posted the news on the other site and got a special thanks for @Andy Ful
Thanks @Gandalf_The_Grey - And special Thanks to AndyFul.
 
Top