Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

I updated to the new version, updated settings and firewall rules, and restarted. Similarly to when I installed the beta, the system crashed within one minute, with this error message:

View attachment 261519

I clean reinstalled 5.1.1.2, which I will probably use indefinitely, since my laptop seems to not get along with a setting in the newer versions.

I am sorry, it seems that there is some hidden incompatibility. How did you recover the system functionality after the crash? Could you boot into Safe Mode?

 

[Andy Ful]

Can v.6 be installed over top of 5 ?

Or can v.5 profile be imported into 6 and work properly ?

Please, use the Update button from the H_C GUI. After updating the previous settings will not be changed.
The new settings can be added manually or by applying: H_C Recommended Settings + FirewallHardening H_C Recommended + ConfigureDefender HIGH (INTERACTIVE or MAX settings). The finger.exe is automatically added to Blocked Sponsors when loading the Recommended_Enhanced setting profile.

 

[South Park]

I am sorry, it seems that there is some hidden incompatibility. How did you recover the system functionality after the crash? Could you boot into Safe Mode?

The display crashed (went to black) and restarted itself, so I uninstalled H_C 6 at that time. When I installed it, I didn't update it with the "update" button, but instead ran the .exe and installed over 5.1.1.2. Do you think I would get better results if I updated it with the "update" button?

 

[aldist]

Do you think I would get better results if I updated it with the "update" button?

The result would have been the same. The option of upgrading offline from a downloaded distribution has the advantage of not depending on the vagaries of the internet during the upgrade. I always update offline.
Andy Ful
Thanks for the release version

 

[ErzCrz]

Fresh installed and working fine. Seems to run a little quicker as well.

Your epic as always @Andy Ful

 

[paulderdash]

SUMo indicates there is an updated Documents Anti-Exploit tool v2.0.0.0 but I still have v1.0.1.1 after unzipping latest H_C Hardening Tools - unless I missed a later version?

 

[Andy Ful]

SUMo indicates there is an updated Documents Anti-Exploit tool v2.0.0.0 but I still have v1.0.1.1 after unzipping latest H_C Hardening Tools - unless I missed a later version?

I updated the H_C Hardening Tools a few days ago to include Documents Anti-Exploit tool v2.0.0.0.
But, the ver. 2.0.0.0 is required only to work flawlessly with installed H_C. Without H_C the functionality is the same.

 

[Andy Ful]

The display crashed (went to black) and restarted itself, so I uninstalled H_C 6 at that time. When I installed it, I didn't update it with the "update" button, but instead ran the .exe and installed over 5.1.1.2. Do you think I would get better results if I updated it with the "update" button?

There would be no difference. There is no need to use ver. 6.0.0.0 except if you want to use the new ConfigureDefender (Warn settings for ASR rules). Bearing in mind your problems with the new version, you can simply use the standalone ConfigureDefender and rename/copy/replace the ConfigureDefender binary in the H_C (ConfigureDefender_x64.exe or ConfigureDefender_x86.exe).

 

[Andy Ful]

This is probably a foolish question, but because Firewall Hardening was updated in this version, I installed it. Is it necessary to re-do the Rules manually now? I did it just to be safe, but does merely installing the latest H C accomplish this?

This is a critical component of my security system, and I don't want to overlook anything.

https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-962577

 

[South Park]

There would be no difference. There is no need to use ver. 6.0.0.0 except if you want to use the new ConfigureDefender (Warn settings for ASR rules). Bearing in mind your problems with the new version, you can simply use the standalone ConfigureDefender and rename/copy/replace the ConfigureDefender binary in the H_C (ConfigureDefender_x64.exe or ConfigureDefender_x86.exe).

Thanks. That's what I'll do.

 

[Sadekatwan]

Hard_Configurator ver. 6.0.0.0 (stable):

https://github.com/AndyFul/Hard_Configurator/raw/master/Hard_Configurator_setup_6.0.0.0.exe

Changelog (changes from ver. 5.1.1.2):

1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
2. Fixed some minor bugs.
3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
5. Added SLK and ELF file extensions to the default protected extensions in SRP and RunBySmartscreen.
6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
7. New version of ConfigureDefender:
   - Added some useful information to the Help and manual.
   - Added "Send All" setting to Automatic Sample Submission.
   - Updated ASR rules (1 new rule added).
   - Added the Warn mode to ASR rules.
   - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
   - Added the <Info> button next to the Protection Levels buttons. It displays information about which
   settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
   - Redesigned slightly the layout of the Exploit Guard section.
   - Added support for event Id=1120.
   - Added CFA setting BDMO = Block Disk Modifications Only - folders will not be protected, but some
   important disk sectors will be still protected (Id = 1127).
8. Added support for Windows 11.

I am seeing repeated warnings from the H_C and I don't use any other SRP applications

 

[Andy Ful]

I am seeing repeated warnings from the H_C and I don't use any other SRP applications

This option is shown when H_C is run normally (without "-p" switch). It detects SRP enforcement which restricts all users including administrators. It can block processes with high privileges. Such enforcement can be leftover of the application that silently used SRP or can be caused by using GPO. This enforcement can be also applied by running H_C with "-p" switch.
What option do you choose when seeing this alert?

 

[Andy Ful]

Are command lines for running H_C in the help files? I looked. Maybe I missed them.

The possibility of using "-p" switch is explained in the H_C manual (Enforcement for 'All users' ...) and in the changelog.

 

[marcopaone]

Hi guys.
During normal computer use can I have problems if I block LOLBins with the recommended rules?

 

[Andy Ful]

I am working on some improvements in FirewallHardening.

1. Added bitsadmin.exe to the BlockList. Its standard job cannot be blocked by Windows Firewall (uses BITS service). Windows Firewall can block Bitsadmin connections if it is abused by code injection and malicious code calls home by using other methods (non-BITS). But, I have never seen/heard about such malware - all use the standard Bitsadmin job to download malware.
   FirewallHardening will prevent the execution of bitsadmin.exe by using Exploit Protection, so both standard and abused Bitsadmin will not work.
2. Added <Load> and <Save> buttons. They can be used to save, load, update the BlockList.

The events related to bitsadmin.exe can be visible in FirewallHardening Log:

 

[Andy Ful]

Hi guys.
During normal computer use can I have problems if I block LOLBins with the recommended rules?



View attachment 261816

There should not be any problems. Some Windows telemetry will be blocked by the RunDll32 rule.

 

[plat]

I am working on some improvements in FirewallHardening.

When can we expect this updated module, Andy Ful?

 

[Andy Ful]

When can we expect this updated module, Andy Ful?

Probably in January 2022. I plan to add several LOLBins, so the new version has to be tested for a few months.

 

[Andrew3000]

How much does it affect computer performance if I apply the recommended settings for Hard Configurator and High for ConfigureDefender?

 

[Andy Ful]

How much does it affect computer performance if I apply the recommended settings for Hard Configurator and High for ConfigureDefender?

I doubt if you can see any.