Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Hi Andy,

for Documents Anti-Exploit I have I changed the initial setting of "Partial" to "ON1", and then attempted to switch back to "Partial", but I get the pop-up as attached:

View attachment 259972

There seems no way to revert to the initial setting "Partial".
Yes. Your previous settings were replaced (and not remembered). If you want to change current settings, then you can do it from MS Office applications. Look into the H_C manual to see what settings are hardened.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
I think that you could simply apply the profile Windows_10_Basic_Recommended_Settings and additionally:
  • Enhanced Sponsors + CMD
  • Validate Admin C.S. = ON
  • Block Windows Script Host = ON
  • Disable SMB = ON123
Besides your current protection, this would protect also shortcuts and prevent the user from opening files with non-safe extensions.

Edit.
If you remove the file extensions from the Designated File Types, then you will get the equivalent of the settings from your previous post (*.bat and *.cmd scripts will be protected).
Not when the default policy is allow
 
  • Like
Reactions: Nevi

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
In your H_C setup, the scripting is restricted except *.bat and *.cmd scripts that can still be run. These scripts are blocked in H_C only in the default-deny setup. Blocking the Sponsor cmd.exe blocks only the command lines that use cmd.exe (that is how Microsoft created CMD). Anyway, you have written "I disabled command and scripts with registry editor", so I assume that you have applied the right reg tweak:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
DisableCMD REG_DWORD 1
This has to be repeated on each user account where CMD is going to be blocked.
Yes I have done that true regedit. THX
 
  • Like
Reactions: Nevi

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Not when the default policy is allow
Because default SRP is allow. I think we crossed talked on this which fueled the misunderstanding. I used H_C as replacement for SysHardener
You can get an exact equivalent of your default-allow settings by using modified default-deny setup:

1627915957105.png


The *.bat and *.cmd files will be blocked. The PowerShell & Windows Script Host scripts will be blocked, and chosen sponsors will be blocked, too. Anything else will be allowed.
 
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
You can get an exact equivalent of your default-allow settings by using modified default-deny setup:

View attachment 259975

The *.bat and *.cmd files will be blocked. The PowerShell & Windows Script Host scripts will be blocked, and chosen sponsors will be blocked, too. Anything else will be allowed.
Thanks, what does setting designated file types to zero do? Could you please explain, should not file types be listed to be blocked? I already found out that removing EXE from the designated file type, still blocks exe files in user space when applying a default deny. Does Microsoft uses some other internal list when there are no designated filetypes on which SRP should apply?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Thanks, what does setting designated file types to zero do? Could you please explain, should not file types be listed to be blocked? I already found out that removing EXE from the designated file type, still blocks exe files in user space when applying a default deny. Does Microsoft uses some other internal list when there are no designated filetypes on which SRP should apply?
The details are explained in the H_C manual: How SRP can control file execution/opening (page 24)
From table 3 it follows that after removing all entries from Designated File Types, some files are still blocked by default (EXE, MSI, COM, SCR, scripts) in the default-deny setup. In my proposition, EXE and MSI are globally whitelisted, so only COM, SCR, and scripts are blocked.

1627919899549.png
 
Last edited:

VecchioScarpone

Level 6
Verified
Well-known
Aug 19, 2017
278
Installed Configured Defender on HIGH setting today. I noticed that two of Windows Defender Microsoft SpyNet settings in O&O Shut Up 10, where enabled . Would disable those setting again interfere with CD?:unsure:

EDIT. :oops: I Misread the Title Thread. Maybe a mod could please redirect it to a Configure Defender Thread?
 

Attachments

  • CD & O&O.png
    CD & O&O.png
    12.3 KB · Views: 241
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,698
So CD is a little compromise of Privacy for Security. I may be able to live with it, maybe.
I know it is a cliché' but I have nothing to worry about my online activities. Just that, my Italian blood mix with the Australian larrikin way of life, I can't help but stick it to the man...
I'm not familiar with O&O Shutup but someone else will know for sure.
 
  • Like
Reactions: Nevi

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@oldschool. Thanks.
It must be related to CD Cloud-delivered Protection = ON and Automatic Sample Submission = Send requirements.
Yes. Did you read ConfigureDefender help? Disabling Cloud-delivered protection is not a little compromise of Privacy for Security. I would rather say that disabling it is a serious security compromise for nothing. The metadata sent to Microsoft is interesting only to the Machine Learning engine.:)(y)
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top