Hard_Configurator - Windows Hardening Configurator

aldist

Level 2
Jul 22, 2020
47
Thank you for your unselfishly great program!
I disable SmartScreen in the Windows 8.1 Security Center settings or in the Local Group Policy Editor, but SmartDefaultDeny turns it back on. How do I make SDD not enable it?

Is there an option to not install the "Install by SmartScreen" context menu item at all, or just manually remove it from the registry?
 

aldist

Level 2
Jul 22, 2020
47
38.png
 

silversurfer

Level 85
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,655
Thank you for your unselfishly great program!
I disable SmartScreen in the Windows 8.1 Security Center settings or in the Local Group Policy Editor, but SmartDefaultDeny turns it back on. How do I make SDD not enable it?

Is there an option to not install the "Install by SmartScreen" context menu item at all, or just manually remove it from the registry?

It's possible to disable fully SmartScreen as entry on context menu, just click on the button "Forced SmartScreen" => OFF

hc.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,063
Thank you for your unselfishly great program!
I disable SmartScreen in the Windows 8.1 Security Center settings or in the Local Group Policy Editor, but SmartDefaultDeny turns it back on. How do I make SDD not enable it?
If you run H_C then it will always enable SmartScreen.
Why do you want to disable SmartScreen?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,063
Yes, but more specifically I referred to the ASR rules MD has specially for Office Programs, scripts and browser. On top of that when people are using MD as AV, they can add Code Integrity Guard to the mix*. Defender free AV with Configure Defender, Documents Anti-exploit, Simple Windows Hardening and Firewall Hardening should be top-notch.

* Ever considered adding Code Integrity Guard for Office and Edge to Configure Defender?

I have in mind the possibility of using Exploit Protection (EP) for several years. The problem is with testing because many users would have to use it and report the issues. This would require a special thread on MT.
I would add some solutions based on EP only on the base of such a thread. The EP is not an urgent solution when using H_C in the Recommended Settings (ConfigureDefender + FirewallHardening+ DocumentsAntiExploit tool):
  1. Edge has already got CIG enabled for rendering. Enabling CIG for msedge.exe via Exploit Protection makes sense in Businesses to protect Edge against malware already running in the local network.
  2. The same is true mostly for MS Office versions supported by Microsoft (patched exploits).
  3. EP looks very interesting to harden MS Store applications (also non-Microsoft), due to the additional CIG setting for MS Store. But, these apps are not abused so far and not especially popular.
 
F

ForgottenSeer 92963

I have in mind the possibility of using Exploit Protection (EP) for several years. The problem is with testing because many users would have to use it and report the issues. This would require a special thread on MT.
I would add some solutions based on EP only on the base of such a thread. The EP is not an urgent solution when using H_C in the Recommended Settings (ConfigureDefender + FirewallHardening+ DocumentsAntiExploit tool):
  1. Edge has already got CIG enabled for rendering. Enabling CIG for msedge.exe via Exploit Protection makes sense in Businesses to protect Edge against malware already running in the local network.
  2. The same is true mostly for MS Office versions supported by Microsoft (patched exploits).
  3. EP looks very interesting to harden MS Store applications (also non-Microsoft), due to the additional CIG setting for MS Store. But, these apps are not abused so far and not especially popular.
To prevent issues with Anti_virus solutions injecting DLL's into these processes, I think would be a better as an option in Configure Defender(because you are sure Defender is used).

Ad 1. But not the broker process. The broker proces is often targeted by key-loggers in home user environment

Ad 2. ASR has a reversed rule, which prevents Office processes to inject code into other processes (and another rule which prevents Office programs launching other programs). I googled and only found one recent case of code injection into Office this year. Do you mean it is hardly a problem for home users with ASR rules enabled and anti-documents exploit?

Ad 3. Some apps available in Windows store like VLC Media players are often targeted (although I don't know whether these are true store-apps).
 
Last edited by a moderator:
  • Like
Reactions: ErzCrz and Nevi

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,063
...
Ad 1. But not the broker process. The broker proces is often targeted by key-loggers in home user environment

Key-logger has to be active in the system (so the system is already infected). The same is true for other malware samples that can use Edge to masquerade malicious actions (like BazarBacdoor, Androzek, etc.).

Ad 2. ASR has a reversed rule, which prevents Office processes to inject code into other processes (and another rule which prevents Office programs launching other programs). I googled and only found one recent case of code injection into Office this year. Do you mean it is hardly a problem for home users with ASR rules enabled and anti-documents exploit?

Yes.

Ad 3. Some apps available in Windows store like VLC Media players are often targeted (although I don't know whether these are true store-apps).

If I correctly recall the attacks were performed against desktop versions (not on UWP apps).
 
F

ForgottenSeer 92963

Key-logger has to be active in the system (so the system is already infected). The same is true for other malware samples that can use Edge to masquerade malicious actions (like BazarBacdoor, Androzek, etc.).
So why do you add sponsors to firewall hardening? W'hen they call out the system is also infected. I don't understand why you are so opposed to the no frills security improvements of the Code Integrity Guard (for Microsoft programs when using Microsoft Defender as AV). I added a bunch. of vulnerable windows processes and it never gave any problems.

But lets agree to disagree. Thanks for your answers. I am happy with your hardening tools. I prefer them above the group policy editor (also with your tools and O&O shutup, the setup time for a PC has been reduced from two hours to less than 20 minutes).
 
Last edited by a moderator:

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
277
Andy, just seeking confirmation ... I have MS 365 (with Office 365) and don't use Adobe, there would be no benefit in running Document Anti-Exploit tool in one of the 'ON' configurations?
Recommended to leave MS Office and Adobe settings OFF?
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,063
Andy, just seeking confirmation ... I have MS 365 (with Office 365) and don't use Adobe, there would be no benefit in running Document Anti-Exploit tool in one of the 'ON' configurations?
Recommended to leave MS Office and Adobe settings OFF?
Do you have Exchange Online Protection (EOP) or Microsoft 365 Defender for Office subscription (P1 or P2)?

EOPMicrosoft Defender for Office 365 P1Microsoft Defender for Office 365 P2
Prevents broad, volume-based, known attacks.Protects email and collaboration from zero-day malware, phish, and business email compromise.Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).

With EOP only you can consider using DocumentsAntiExploit tool. But, even without it, you can get strong protection of MS Office when using H_C on Recommended Settings + Defender (ConfigureDefender High settings) + FirewallHardening.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,063
So why do you add sponsors to firewall hardening? W'hen they call out the system is also infected.

Not necessarily. For example, some people cannot use the Adobe +VBA AntiExploit setting or DocumentsAntiExploit tool. This allows macros that can download payloads via several LOLBins. FirewallHardening settings can block this action and the system is not infected.

I don't understand why you are so opposed to the no frills security improvements of the Code Integrity Guard (for Microsoft programs when using Microsoft Defender as AV). I added a bunch. of vulnerable windows processes and it never gave any problems.

I am not opposed and I do not disagree with you. I would like to use CIG but simply, I do not know the consequences. The non-Chromium Edge (legacy now) had such anty-injection protection and this blocked many web browser extensions.
When we will know the impact of using CIG on edge.exe then I can consider CIG in ConfigureDefender.(y)
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
277
Do you have Exchange Online Protection (EOP) or Microsoft 365 Defender for Office subscription (P1 or P2)?

EOPMicrosoft Defender for Office 365 P1Microsoft Defender for Office 365 P2
Prevents broad, volume-based, known attacks.Protects email and collaboration from zero-day malware, phish, and business email compromise.Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).

With EOP only you can consider using DocumentsAntiExploit tool. But, even without it, you can get strong protection of MS Office when using H_C on Recommended Settings + Defender (ConfigureDefender High settings) + FirewallHardening.
I just have Microsoft 365 Family, so none of those business protection options.
But as you indicated, protection would probably suffice with config you describe (which are my current settings). (y)
 

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
277
@paulderdash - In the past you used three anti-exec's. What security do you use at the moment?
Hi Kees, I don't think I ever used 3 simultaneously! :) But I do like to play around ...
I have 6 Win OS's spread across 2 laptops (5 x Win10, 1 x Win11), with various combinations of security in each (Win11 just Defender).
Where I use H_C, it is standalone, except for Windows Firewall Control the only other security soft, which I am just checking out - hadn't used it before.
(Where I use OSA, I have Emsisoft, AdGuard - and HMPA also because I have licenses).
 
F

ForgottenSeer 92963

@paulderdash I did not realize you were using it in VM on different OS images :)

OSA + Emsisoft + HMPA = sufficient protection

Maybe try H_C on strict_recommended settings (but keep Run as Admin enabled) and Configure Defender on Max (using Microsofts whitelist) with WFC when you have so many OS in VM to play with
 
  • Like
Reactions: sypqys and Nevi

paulderdash

Level 6
Verified
Well-known
Apr 28, 2015
277
@paulderdash I did not realize you were using it in VM on different OS images :)

OSA + Emsisoft + HMPA = sufficient protection

Maybe try H_C on strict_recommended settings (but keep Run as Admin enabled) and Configure Defender on Max (using Microsofts whitelist) with WFC when you have so many OS in VM to play with
Thanks Kees, may give that a try ...
(OT, but my OS's are not in VM, but separate physical OS's using Terabyte BootIt-UEFI, with shared data partition. As I said, I like to play ... :)).
 
  • Like
Reactions: ForgottenSeer 92963

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,683
Any idea why i am facing this error when i try to open Configur Defender?Thank you.
Because you're blocking PS in H_C. You may change the setting, but first have you read all the help files?

I haven't used it in a while so not sure how to adjust your settings. IIRC the PS setting is related to your choice of available built-in configurations.