Update Hard_Configurator - Windows Hardening Configurator

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
I updated to the new version, updated settings and firewall rules, and restarted. Similarly to when I installed the beta, the system crashed within one minute, with this error message:

View attachment 261519

I clean reinstalled 5.1.1.2, which I will probably use indefinitely, since my laptop seems to not get along with a setting in the newer versions.
I am sorry, it seems that there is some hidden incompatibility. How did you recover the system functionality after the crash? Could you boot into Safe Mode?
 
Last edited:

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
Can v.6 be installed over top of 5 ?

Or can v.5 profile be imported into 6 and work properly ?

Please, use the Update button from the H_C GUI. After updating the previous settings will not be changed.
The new settings can be added manually or by applying: H_C Recommended Settings + FirewallHardening H_C Recommended + ConfigureDefender HIGH (INTERACTIVE or MAX settings). The finger.exe is automatically added to Blocked Sponsors when loading the Recommended_Enhanced setting profile.
 

South Park

Level 8
Verified
Jun 23, 2018
357
1,921
I am sorry, it seems that there is some hidden incompatibility. How did you recover the system functionality after the crash? Could you boot into Safe Mode?
The display crashed (went to black) and restarted itself, so I uninstalled H_C 6 at that time. When I installed it, I didn't update it with the "update" button, but instead ran the .exe and installed over 5.1.1.2. Do you think I would get better results if I updated it with the "update" button?
 

paulderdash

Level 6
Verified
Apr 28, 2015
275
951
SUMo indicates there is an updated Documents Anti-Exploit tool v2.0.0.0 but I still have v1.0.1.1 after unzipping latest H_C Hardening Tools - unless I missed a later version?
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
SUMo indicates there is an updated Documents Anti-Exploit tool v2.0.0.0 but I still have v1.0.1.1 after unzipping latest H_C Hardening Tools - unless I missed a later version?
I updated the H_C Hardening Tools a few days ago to include Documents Anti-Exploit tool v2.0.0.0.
But, the ver. 2.0.0.0 is required only to work flawlessly with installed H_C. Without H_C the functionality is the same.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
The display crashed (went to black) and restarted itself, so I uninstalled H_C 6 at that time. When I installed it, I didn't update it with the "update" button, but instead ran the .exe and installed over 5.1.1.2. Do you think I would get better results if I updated it with the "update" button?
There would be no difference. There is no need to use ver. 6.0.0.0 except if you want to use the new ConfigureDefender (Warn settings for ASR rules). Bearing in mind your problems with the new version, you can simply use the standalone ConfigureDefender and rename/copy/replace the ConfigureDefender binary in the H_C (ConfigureDefender_x64.exe or ConfigureDefender_x86.exe).
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758

South Park

Level 8
Verified
Jun 23, 2018
357
1,921
There would be no difference. There is no need to use ver. 6.0.0.0 except if you want to use the new ConfigureDefender (Warn settings for ASR rules). Bearing in mind your problems with the new version, you can simply use the standalone ConfigureDefender and rename/copy/replace the ConfigureDefender binary in the H_C (ConfigureDefender_x64.exe or ConfigureDefender_x86.exe).
Thanks. That's what I'll do.
 

Sadekatwan

New Member
Oct 31, 2021
1
1
Hard_Configurator ver. 6.0.0.0 (stable):

Changelog (changes from ver. 5.1.1.2):
  1. Introduced two color-changing buttons. When the restrictions are OFF, the buttons <Switch OFF/ON SRP> and <Switch OFF/ON Restrictions> change the background color from green to blue.
  2. Fixed some minor bugs.
  3. Added finger.exe to blocked sponsors and also to the H_C Enhanced profiles.
  4. Added some EXE files to FirewallHardening LOLBin Blocklist: csc, cvtres, CasPol, finger, ilasm, jsc, Microsoft.Workflow.Compiler, mscorsvw, ngen, ngentask, vbc.
  5. Added SLK and ELF file extensions to the default protected extensions in SRP and RunBySmartscreen.
  6. Added a switch -p to run H_C and SwitchDefaultDeny with SRP enforcement to block all users (including Administrators) - it can be used especially on the older Windows versions to improve post-exploitation protection on default Admin account. This switch should be used only by very experienced users.
  7. New version of ConfigureDefender:
    - Added some useful information to the Help and manual.
    - Added "Send All" setting to Automatic Sample Submission.
    - Updated ASR rules (1 new rule added).
    - Added the Warn mode to ASR rules.
    - Added INTERACTIVE Protection Level which uses ASR rules set to Warn.
    - Added the <Info> button next to the Protection Levels buttons. It displays information about which
    settings are enabled in DEFAULT, HIGH, INTERACTIVE, and MAX Protection Levels.
    - Redesigned slightly the layout of the Exploit Guard section.
    - Added support for event Id=1120.
    - Added CFA setting BDMO = Block Disk Modifications Only - folders will not be protected, but some
    important disk sectors will be still protected (Id = 1127).
  8. Added support for Windows 11.
I am seeing repeated warnings from the H_C and I don't use any other SRP applications
 

Attachments

  • Imagepipe_0.jpg
    Imagepipe_0.jpg
    35.4 KB · Views: 48

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
I am seeing repeated warnings from the H_C and I don't use any other SRP applications

This option is shown when H_C is run normally (without "-p" switch). It detects SRP enforcement which restricts all users including administrators. It can block processes with high privileges. Such enforcement can be leftover of the application that silently used SRP or can be caused by using GPO. This enforcement can be also applied by running H_C with "-p" switch.
What option do you choose when seeing this alert?
 
Last edited:

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
Are command lines for running H_C in the help files? I looked. Maybe I missed them.
The possibility of using "-p" switch is explained in the H_C manual (Enforcement for 'All users' ...) and in the changelog.(y)
 
Last edited:

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,273
42,758
I am working on some improvements in FirewallHardening.

1636370782364.png


  1. Added bitsadmin.exe to the BlockList. Its standard job cannot be blocked by Windows Firewall (uses BITS service). Windows Firewall can block Bitsadmin connections if it is abused by code injection and malicious code calls home by using other methods (non-BITS). But, I have never seen/heard about such malware - all use the standard Bitsadmin job to download malware.
    FirewallHardening will prevent the execution of bitsadmin.exe by using Exploit Protection, so both standard and abused Bitsadmin will not work.
  2. Added <Load> and <Save> buttons. They can be used to save, load, update the BlockList.

The events related to bitsadmin.exe can be visible in FirewallHardening Log:

1636371300732.png
 
Last edited:
Top