Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Last edited:
  • Like
Reactions: Nevi, wat0114, oldschool and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kees1958 said:
Andy, only change the default action from Hide to Keep unhidden

View attachment 262013

View attachment 262015

So when a user just enters, the keep unhidden is selected. When a user wants to hide they have to click on the HIDE button

(that is why I thought you maybe did this on purpose, because a casual user would just click without reading and select the option which is best for them :) )
Click to expand...

I agree with you that the real problem is not the text in the alert but the default button.

Your proposition is natural if one understands MAX settings to include <KEEP UNHIDDEN> as a default action. This would be natural for most MT members who want to configure their own computers and do not want to be home administrators (who configure computers of casual family members).

I intended MAX settings for home administrators to configure computers of children or casual family members. So the natural choice is using <HIDE> as the default action. For the users who want to configure their own computers, I do not want to recommend MAX settings but HIGH or INTERACTIVE settings.
 
  • Like
Reactions: Nevi, jerzy601, wat0114 and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
I have just read something surprising on the Wilderssecurity forum:
www.wilderssecurity.com

Maximising Windows 10 x64 security with SRP under LUA - request for setup

Hi everyone, I've been away for a very long time,(and running mainly on Linux). Now, I got a computer running on Windows 10, standard version, and I...
www.wilderssecurity.com www.wilderssecurity.com

It seems that @Lucy is the same person who inspired me to create H_C several years ago by creating the thread about SRP (in the year 2006):
www.wilderssecurity.com

Maximising Windows VISTA security with LUA and SRP (even without ultimate)

Hi fellows, I've been struggling the last days, trying to figure out how come I would be able to implement SRP on a VISTA PREMIUM (as explained here)....
www.wilderssecurity.com www.wilderssecurity.com
I do not know if she is going to like the H_C, but thanks again for the inspiration.:)(y)
 
  • Like
Reactions: [correlate], wat0114, Nevi and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kees1958 said:
@Andy Ful Don't forget Sully he made Pretty Good Security (link) which automated TLU's and Lucy's reg hacks (y) and could be seen as the ancestor of H_C
Click to expand...
Yes, this is the ancestor of H_C together with Simple Software Restriction Policies.
Before creating H_C, I was aware of Lucy's idea and SSRP. I also use similar SRP GUIDs as in SSRP, but I was not aware that SSRP is written in AutoIt.
When creating H_C, I tried to find Pretty Good Security but I could not. I found it on some Polish forum about two years later. Unfortunately, it was not fully compatible with Windows 7+.:unsure:
 
  • Like
Reactions: [correlate], ForgottenSeer 92963, Nevi and 3 others
F

ForgottenSeer 92963

The basic user SRP changed from Vista to Windows7. On Windows7 running as basic user also was a deny in user folders. On Vista it was allowed to run in user space, but it blocked elevation (so every program which had a separate updater could run in a basic user container). That is did not run on Windows7 well anymore.

Many SRP users (like me) liked Vista because it had Integrity Levels (like Windows 7) and basic user container (like XP). When Joanna Rutkowska (leading force behind Qubes OS) posted a blog about isolating with Integrity Levels and different user roles, many of us copied her idea to use separaten users for mail and internet programs.

By using different users it was possible to run programs in a user rights - integrity level - data access control sandbox (e.g. the user which was used for the browser only had read access to all folders except download folder temporary folders used by the browser, it was even possible to block read access to System32 folder to prevent ring3 living of the land intrusion).

I am using your software in stead of Group Policy (because it is much easier to use) so the detailed knowledge has eroded also in regard to Integrity Levels-SRP-AppLocker-Protected Processes stuf.
 
  • Like
Reactions: Nevi, [correlate], Andy Ful and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Kees1958 said:
...many of us copied her idea to use separaten users for mail and internet programs.
Click to expand...
I used this idea here:
malwaretips.com

Advice Request - Safe email on SUA.

Safe email on SUA. Although there are known tools that can restrict Windows system/software to support AV protection, they are usually system-wide. So, they are not good solutions for average people without the occasional support of advanced users. But, there exists a partial solution that I...
malwaretips.com malwaretips.com

Such Standard User account is protected by very restrictive SRP (similar to max H_C settings) and other accounts can still be unrestricted.
But, it is not compatible with default-deny H_C settings. One has to apply a systemwide default-allow SRP (via HKLM registry hive) and next apply a local default-deny SRP via HKCU registry hive (for the selected account(s) ).

Technically this can be done by using H_C and some quick registry editing. One has to transfer the system-wide SRP settings made by H_C from the HKLM registry hive to the registry hive related to SUA (HKCU hive cannot be used ---> the hive with user SID is required). Next, the system-wide SRP must be set to default-allow.
 
Last edited:
  • Like
Reactions: Nevi, oldschool, ErzCrz and 2 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
@Andy Ful, Can you elaborate on the usefulness of the "Disable cached logon" feature of Hard Configurator? From what I see is that, when cached logon is disabled, Windows don't load anything in the background till my user password is entered. While by default, things starts loading and even background apps starts working, downloading, etc. everything even before my password is entered at system startup. So system startup is a bit faster.
How useful is disabling this security wise for home users?
 
  • Like
Reactions: Nevi, oldschool, silversurfer and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
SeriousHoax said:
@Andy Ful, Can you elaborate on the usefulness of the "Disable cached logon" feature of Hard Configurator? From what I see is that, when cached logon is disabled, Windows don't load anything in the background till my user password is entered. While by default, things starts loading and even background apps starts working, downloading, etc. everything even before my password is entered at system startup. So system startup is a bit faster.
How useful is disabling this security wise for home users?
Click to expand...
This policy should not have an impact on home users and system startups. The difference can be if one uses a domain controller.
Normally when you attempt to logon to a Windows member computer with a domain account the computer verifies your credentials with a domain controller in real time over the network. But if no domain controller is available such as the when traveling with a laptop, Windows will still allow you to logon with domain credentials provided you have recently logged on with such credentials while the computer was still able to communicate with a domain controller. This is accomplished with cached credentials. By default Windows caches a hash of the credentials of the last 10 successful domain account logons. When you attempt to logon with a domain account and the computer cannot reach a domain controller it searches these cached credentials to see if you recently logged on and if so it can verify the user name and password you just entered without communicating with the domain controller.
Click to expand...
 
  • Like
Reactions: Nevi, oldschool, wat0114 and 4 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Andy Ful said:
This policy should not have an impact on home users and system startups. The difference can be if one uses a domain controller.

Click to expand...
My bad. It was something else that caused what I described. Is there anything else on recommended HC settings that disables this feature?
1.png
 
  • Like
Reactions: Nevi, oldschool, silversurfer and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
SeriousHoax said:
My bad. It was something else that caused what I described. Is there anything else on recommended HC settings that disables this feature?
View attachment 262222
Click to expand...
Nothing in H_C can change this setting.(y)
You can test it by applying temporarily the Windows_10_All_ON profile.
 
  • Like
Reactions: Nevi, SeriousHoax, oldschool and 3 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Look at these templates, wow! Indeed, very professional-looking. No wonder people are falling for these malicious docs. So glad I have the right security tools--anyone can make a mistake.

PS--there's a cookie notice at the bottom of the web-page, I had to zap it. Hmmm, might have to explore filter options in uBO again. :unsure::whistle::coffee:

inquest.net

Graphical Lures In The Age of Cybercrime - InQuest

In this blog, we will look at some of the visual honeypots that cybercriminals use, as well as observe different varieties of decoys used for mass phishing or targeted attacks.
inquest.net inquest.net

Source
 
  • Like
Reactions: mkoundo, SeriousHoax, ErzCrz and 5 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
plat1098 said:
Look at these templates, wow! Indeed, very professional-looking. No wonder people are falling for these malicious docs. So glad I have the right security tools--anyone can make a mistake.

PS--there's a cookie notice at the bottom of the web-page, I had to zap it. Hmmm, might have to explore filter options in uBO again. :unsure::whistle::coffee:

inquest.net

Graphical Lures In The Age of Cybercrime - InQuest

In this blog, we will look at some of the visual honeypots that cybercriminals use, as well as observe different varieties of decoys used for mass phishing or targeted attacks.
inquest.net inquest.net

Source
Click to expand...
The art of seduction! 💘
Hard_Configurator is there for us if we get seduced by things like this. Even the name Hard_Configurator seems funny in this context, lol.
 
  • Like
Reactions: plat, Nevi, ErzCrz and 4 others
Marana

Marana

Level 1
Verified
Jan 21, 2018
48
Andy Ful said:
Probably in January 2022. I plan to add several LOLBins, so the new version has to be tested for a few months.
Click to expand...
Do you have plans to publish a new standalone version of FirewallHardening, too?

I have used the standalone version 2.0.0.0. Recently I checked H_C version 6 and noticed that it already contained FirewallHardening V2.0.0.1. So I did an experiment and extracted FH out of H_C and tried running it as a portable app, but obviously it was not meant to be used this way since it seemed to exit immediately...
 
  • Like
Reactions: plat and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Marana said:
Do you have plans to publish a new standalone version of FirewallHardening, too?
Click to expand...

Yes.

Marana said:
I have used the standalone version 2.0.0.0. Recently I checked H_C version 6 and noticed that it already contained FirewallHardening V2.0.0.1.
Click to expand...

The new FirewallHardening (ver.2.0.1.0) is here:

Marana said:
So I did an experiment and extracted FH out of H_C and tried running it as a portable app, but obviously it was not meant to be used this way since it seemed to exit immediately...
Click to expand...

Yes, it is. Anyway, the new standalone version can be renamed to replace the version used by H_C.(y)
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: Marana, [correlate], wat0114 and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
  • Like
Reactions: JasonUK, Gandalf_The_Grey, Deletedmessiah and 1 other person
S

some.jimmy

New Member
Dec 5, 2021
2
Hi,
just a quick question, where I can find the checksums for the newset version of Hard_Conficurator (ver. 6.0.0.0). On homepage there are only checksums for version 5.1.1.2, but on Github and Sofpedia there are the newest ones available.
Thanks!
 
  • Like
Reactions: Andy Ful

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,414
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,091
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top