Defender sends only the samples it deemed to be interesting, AFAIK. So, setting cloud blocking level to "zero tolerance" is not as effective as enabling the ASR rule named "Block executable files from running unless they meet a prevalence, age, or trusted list criterion", right? Just wondering how much effective the latter one is against truly unknown malware.
Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Yes.
Defender uses this ASR rule to prevent polymorphic threats, which are unknown yet to the cloud backend.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
If you will run Hard_Configurator with "-p" switch, then this will force all current SRP restrictions to block also Administrators. I included a special section about this in the manual.@Andy Ful
is there a way to disable privileged execution\admin bypass of sponsor blocking in admin account
iirc the ability to run sponsors as admin is controlled by a registry key but i cannot remembeer the key
Running H_C normally will switch SRP to standard restriction mode.
Can this program also give back admin rights? Even yjough I am logged in as Admin, I can not run any Msc command.
I have UAC set to off, Ran sfc /r chkdsk ect. I still get blocked
I have UAC set to off, Ran sfc /r chkdsk ect. I still get blocked
Last edited by a moderator:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
So, the H_C cannot solve your problem. If I correctly remember you use AppGuard that does not use Windows built-in SRP. Please, open a new thread about your problem.
@Andy Ful Hi maybe you can help me why network protection is working in that way.
Windows 10 21H2, HC 6.0.0.0 (the inbuild Configure Settings on High + "block unless reputation age is ok"). Adguard Desktop 7.8 with Adguard DNS enabled.
When I have network protection on "audit" I see one DNS server listed (the one from adguard)
When I have network protection on "on" I see one DNS server (the one from adguard) listed plus a dozen from my ISP
The only difference was network protection on/audit nothing else was changed.
I haven't touched the service for network protection in any other way then using your on/audit switch followed by an reboot.
Any ideas?
Windows 10 21H2, HC 6.0.0.0 (the inbuild Configure Settings on High + "block unless reputation age is ok"). Adguard Desktop 7.8 with Adguard DNS enabled.
When I have network protection on "audit" I see one DNS server listed (the one from adguard)
When I have network protection on "on" I see one DNS server (the one from adguard) listed plus a dozen from my ISP
The only difference was network protection on/audit nothing else was changed.
I haven't touched the service for network protection in any other way then using your on/audit switch followed by an reboot.
Any ideas?
- Sep 20, 2017
- 93
@Andy Ful
hey i dig into this program and its grate... now i can see how superior it is compared to syshardener
great job only this app should be more than enough to defend average pc
hey i dig into this program and its grate... now i can see how superior it is compared to syshardener
great job
only this app should be more than enough to defend average pc
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
No idea. In my case, I can see always one entry (either in Audit or ON setting).
Maybe some other users can check it, too (DNS leak test).
Did you inspect the other servers?
Last edited:
@Heki
Most ISP have rolled out or are rolling out IP6, so they might reset the router to their default values.
DNS can be set in Browser, Network Adaptor in Windows (of your PC) and in the Router, best to check all of IP4 and IP6 settings for correct DNS settings (AdGuard)
When all fails, try to set Adguard DNS IP addresses also in the router for IP4 and IP6 and in your browser for HTTPS over DNS
/K
Most ISP have rolled out or are rolling out IP6, so they might reset the router to their default values.
DNS can be set in Browser, Network Adaptor in Windows (of your PC) and in the Router, best to check all of IP4 and IP6 settings for correct DNS settings (AdGuard)
When all fails, try to set Adguard DNS IP addresses also in the router for IP4 and IP6 and in your browser for HTTPS over DNS
/K
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
@Andy Ful What do you mean with "inspect the other servers"? I tried some others from the default ones Adguard Desktop offered (even different protocols there like DOH, DOQ, DOT) same result for me.
@Kees1958 I have IP6 disabled under Ethernet property>networking (only Ip4 is checked all the rest is unchecked). The browser has no DNS selected and in the ISP router you can't really change anything.
I didn't change anything browser/router related between the two results only the on/audit toggle.
@Kees1958 I have IP6 disabled under Ethernet property>networking (only Ip4 is checked all the rest is unchecked). The browser has no DNS selected and in the ISP router you can't really change anything.
I didn't change anything browser/router related between the two results only the on/audit toggle.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
The test shows the IP of the server. You can use it to identify the company behind an IP address and several other details:
IP Whois Online, Whois Lookup Online | IPVoid
Query the whois database online to find information about a domain name or an IP address. With the whois lookup you can find the owner of the specified domain name and more.
By the way, I have repeated this test several times without changing Defender settings, and the results are not the same. In the beginning, I got one server, but after some time I can see even 7 servers with different IPs.
I checked the IP (via the website you linked)
"Audit" results = only Adguard Server shown
"On" results = Adguard server and a random amount of ISP servers (the IP shown clearly belong to them your website tells me).
Even when I recheck like 6 times "audit" is still only the Adguard server. While "on" may change the amount of ISP servers (like 7-12 or so) but they are still there and the adguard server of course.
Andy how big is the increase in security when I run "on" instead of "audit"? Is it like 5% or 50%
?
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
...
Andy how big is the increase in security when I run "on" instead of "audit"? Is it like 5% or 50%
Normally any website can see your IP if it needs. I think that the test on dnslinktest.com makes sense only when you use anonymity or privacy service (like VPN).
See also:
dnsleaktest.com
groups.google.com
If the Network Protection (NP) is set to Audit, then it does not protect anything but only checks the URL and writes the information to the Log about connections with malicious URLs. If there is any difference on dnsleaktest.com then it can follow from the fact that Defender can block some URLs when NP is set to ON. I am not sure if the Defender's telemetry is the same or slightly different when using ON or Audit mode.
Last edited:
@Kees1958 Just did that: I added Adguard DNS over HTTPS setting in FF. The leaktest shows only ONE server (which belongs to adguard)
It shows one server now with Network protection "on".
When I want to do it for the global OS it also works when I enter the Adguard Dns Crypt IP under IP4 in ethernet (one server with network protection "on").
Edit:
Afaik the DNS leaktest should also work for DNS leaks when you change your DNS. When I see my ISP name in the results something is broken. An encrypted DNS shouldn't show that. At least that's the way I understood it. And when it works it does exactly that (show only servers from the chosen DNS provider in the results and not my ISP name at all)
I know it's not an VPN I just want like my ISP enough to not use another DNS that's not theirs.
I never thought I would have to use redundancy's (in different places of the OS) when I use DNS Servers. I thought I just activate it (e.g. in Adguard Desktop) and be done with it.
Thank you both for your time and help.
It shows one server now with Network protection "on".
When I want to do it for the global OS it also works when I enter the Adguard Dns Crypt IP under IP4 in ethernet (one server with network protection "on").
Edit:
Afaik the DNS leaktest should also work for DNS leaks when you change your DNS. When I see my ISP name in the results something is broken. An encrypted DNS shouldn't show that. At least that's the way I understood it. And when it works it does exactly that (show only servers from the chosen DNS provider in the results and not my ISP name at all)
I know it's not an VPN I just want like my ISP enough to not use another DNS that's not theirs.
I never thought I would have to use redundancy's (in different places of the OS) when I use DNS Servers. I thought I just activate it (e.g. in Adguard Desktop) and be done with it.
Thank you both for your time and help.
Last edited:
Hello, Andy Ful and thank you for your efforts and the very useful tools you're making. I have a question - at the moment I'm using H_C with WD and Configure defender set to high. Will I lose much protection if I replace WD with ESET (AV only) and keep H_C, as I know that Configure defender works only with WD active.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Similar threads
-
- Sticky
