Hard_Configurator - Windows Hardening Configurator
- Thread starter Andy Ful
- Start date
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
If you had installed MS Office in the system and would like to use another AV, then you have to be cautious with MS Office documents (especially Excel documents) or use additional H_C features:
- Use the DocumentsAntiExploit tool (from SwitchDefaultDeny) or at least block Excel macros without notifications.
- Apply "Paranoid Extensions" in H_C.
https://malwaretips.com/threads/simple-windows-hardening.102265/post-973123
https://malwaretips.com/threads/simple-windows-hardening.102265/post-973470
Thank you. Does this mean that if I stay with WD with Configure defender, without enabling DocumentsAntiExploit and Paranoid Extensions, I will be safer?
- Mar 29, 2018
- 7,595
As long as you use common sense when online you'll be fine. I run Office 2007 with ConfigureDefender @ modified Max and no problems. Like yourself, I hardly use Office.
Good internet hygiene goes a long way. Remember, with ConfigureDefender your security is light years ahead of the average user.
My motto: "Stay safe, not paranoid!"
You are right. Just have a free subscription for ESET (AV) and I'm thinking of using it, so wanted to compare pros and cons.As long as you use common sense when online you'll be fine. I run Office 2007 with ConfigureDefender @ modified Max and no problems. Like yourself, I hardly use Office.
Good internet hygiene goes a long way. Remember, with ConfigureDefender your security is light years ahead of the average user.
My motto: "Stay safe, not paranoid!"
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
I am not an expert on Eset HIPS. It is possible that one can tweak HIPS settings to get similar protection as Defender's ASR rules (ConfigureDefender HIGH settings). But, Eset AV does not have Network Protection.
In practice, it would be hard to see the difference in the protection when the AVs are supported by the H_C with Recommended Settings + FirewallHardening. The malicious samples that could bypass the protection are very rare and mostly related to targeted attacks.
Using "Paranoid Extensions" is recommendable for casual users with any AV. These restrictions are whitelisted in the folders where most applications are installed/updated, so they rarely can be a problem.
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Hard_Configurator 6.0.0.1 beta1:
What is new:
1. Added <Block AppInstaller> option.
2. New FirewallHardening version 2.0.1.1.
Updating from the ver. 6.0.0.0
The LOLBin DesktopImgDownldr is not currently fully blocked by FirewallHardening - the connections are blocked only if the code is injected into it for spying. If it will be used in the wild as a LOLBin downloader (can use BITS) then I will consider blocking it via Exploit Protection.
What is new:
1. Added <Block AppInstaller> option.
2. New FirewallHardening version 2.0.1.1.
- added the options to load/save the external BlockLists.
- added new LOLBins (EXE files): bitsadmin (blocked via Exploit Protection), calc, certoc, certreq, cmd, desktopimgdownldr, dllhost, ExtExport, findstr, ieexec (new path), notepad, pktmon, Register-cimprovider, verclsid, wsl, wuauclt.exe, xwizard.
Updating from the ver. 6.0.0.0
- Set <MORE SRP ...><Block AppInstaller> = ON (new option).
- Update the rules in FirewallHardening by using the <Load> option to load the file UpdateFirewallHardening2011.fwbl. Some new LOLBins will appear on the BlockList as Inactive - they can be activated by the user if necessary.
The LOLBin DesktopImgDownldr is not currently fully blocked by FirewallHardening - the connections are blocked only if the code is injected into it for spying. If it will be used in the wild as a LOLBin downloader (can use BITS) then I will consider blocking it via Exploit Protection.
Last edited:
- Jun 23, 2018
- 441
Possible error with FWH 2011: a blank rule, which I marked with a red dot
Attachments
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
It is OK because it is a fake rule (for Bitsadmin). It has no name because Bitsadmin is not really blocked by the firewall, but by Exploit Protection - it blocks execution of Bitsadmin so the firewall will not ever use this fake rule.
Here how it looks in the Registry:
v2.29|Action=Block|Active=TRUE|Dir=Out|App=bitsadmin.exe (ExploitProtection)|Name=H_C rule for: |EmbedCtxt=H_C Firewall Rules|
Normally, the firewall rule should include the full file path in the place marked in red and the name in the place marked in blue. But when using Exploit Protection, the bitsadmin.exe is blocked everywhere. Windows Firewall does not support files without full paths.
Last edited:
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Anyway, I could make it more informative and give the rule name: Bitsadmin (blocked by Exploit Protection).
- Aug 19, 2019
- 1,157
Looking forward to trying out the beta a some point soon!
- Apr 5, 2021
- 619
Hi Andy,
As per usual in my case, your Beta release works flawlessly. It's actually become too easy and boring to secure Windows with only bult-in Defender augmented with your utility
As per usual in my case, your Beta release works flawlessly. It's actually become too easy and boring to secure Windows with only bult-in Defender augmented with your utility
Good day.
Andy, someone asked the following question
www.wilderssecurity.com
Andy, someone asked the following question
Best firewalls these days is hips still a thing
Looking for a firewall anti-virus suiti mine crypto with my gpu and Norton firewall won't work with crypto mining for whatever reason even with rules...
www.wilderssecurity.com
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
Good day.
Andy, someone asked the following question
Best firewalls these days is hips still a thing
Looking for a firewall anti-virus suiti mine crypto with my gpu and Norton firewall won't work with crypto mining for whatever reason even with rules...
I doubt if Nanominer might use LOLBins for something. So, it should work.
Hi,
first of all thank you for providing HC. It's a wonderful tool and makes things a lot easier. I got a few questions, maybe someone can help me out.
I am trying to find a balance between privacy and security. Are there a any settings, which could be changed from the recommended settings, which increase privacy more, than they decrease security?
I am thinking about something like SmartScreen for MS Edge, which first checks URL's on a local list and if it's not found in the top visited websites, it will send the URL, infos about the website and a device ID to Microsoft. I wonder how much of my browsing history is being sent to Microsoft this way and if it is really worth using SmartScreen on Edge. What would you recommend? Is there also a possibility to only allow local checks?
I tried to use the Microsoft Diagnostic Data Viewer, to get a feeling about how much data is being sent to Microsoft, but somehow it always shows, that I don't have access to this data. Is this a known problem with HC?
What does "Edge (not Chromium)" under "Smartscreen" mean in the HC ConfigureDefender menu? I thought Edge is always based on Chromium? It is set to block, but I somehow can deactivate SmartScreen in the MS Edge settings. Is this a bug, or did I misunderstand the meaning of this setting?
My HC setup is: recommended settings in the main menu, ConfigureDefender on Max and FirewallHardening with all 4 available lists added to block.
Thanks in advance.
Best regards
first of all thank you for providing HC. It's a wonderful tool and makes things a lot easier. I got a few questions, maybe someone can help me out.
I am trying to find a balance between privacy and security. Are there a any settings, which could be changed from the recommended settings, which increase privacy more, than they decrease security?
I am thinking about something like SmartScreen for MS Edge, which first checks URL's on a local list and if it's not found in the top visited websites, it will send the URL, infos about the website and a device ID to Microsoft. I wonder how much of my browsing history is being sent to Microsoft this way and if it is really worth using SmartScreen on Edge. What would you recommend? Is there also a possibility to only allow local checks?
I tried to use the Microsoft Diagnostic Data Viewer, to get a feeling about how much data is being sent to Microsoft, but somehow it always shows, that I don't have access to this data. Is this a known problem with HC?
What does "Edge (not Chromium)" under "Smartscreen" mean in the HC ConfigureDefender menu? I thought Edge is always based on Chromium? It is set to block, but I somehow can deactivate SmartScreen in the MS Edge settings. Is this a bug, or did I misunderstand the meaning of this setting?
My HC setup is: recommended settings in the main menu, ConfigureDefender on Max and FirewallHardening with all 4 available lists added to block.
Thanks in advance.
Best regards
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
I do not think so.
Edge sends billions of signals every day to Microsoft. This Big data can be hardly usable for spying on consumers. It is used to enhance the customers' security and personalize the browsing. It could be used for spying if Microsoft had external information that someone is dangerous or very interesting for some particular reason. So, if the FBI or CIA could force Microsoft to filter the Big data for specific criminal activity, then your privacy could be exposed. So the terrorists, American dissidents, etc. would like to avoid Edge + SmartScreen.
Anyway, much more dangerous for consumers can be DNS providers, Google search, social media, etc.
No. I can use it without any problem with H_C, ConfigureDefender, and FirewallHardening all set to MAX settings.
Edge was not based on Chromium for a few first years. In the year 2020, the old Edge was replaced by the Chromium version.
This is a very strong setup.
I have a couple of questions about H_C:
- If you block LOLBins in H_C, is there additional value in blocking them with the Firewall Hardening tool or is there overlap?
- In AppGuard, we have the option to allow installs or shut everything off if needed through the agent app in the tray. In H_C I know there is the app to quickly switch default deny off or on, but if there are other restrictions impacting a specific task or application it appears that I would have to open H_C to switch those off - is that correct? I have some apps that I occasionally use that require access to one of the blocked sponsors, and it's nice to just be able to quickly switch off all restrictions temporarily. I wouldn't be asking these questions if I was totally thrilled with AppGuard.
- If you block LOLBins in H_C, is there additional value in blocking them with the Firewall Hardening tool or is there overlap?
- In AppGuard, we have the option to allow installs or shut everything off if needed through the agent app in the tray. In H_C I know there is the app to quickly switch default deny off or on, but if there are other restrictions impacting a specific task or application it appears that I would have to open H_C to switch those off - is that correct? I have some apps that I occasionally use that require access to one of the blocked sponsors, and it's nice to just be able to quickly switch off all restrictions temporarily. I wouldn't be asking these questions if I was totally thrilled with AppGuard.
- Mar 29, 2018
- 7,595
Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,484
If the LOLBin is blocked by <Blocked Sponsors>, then it will not run at all, so the Windows Firewall (with FirewallHardening settings) will not be bothered. The exception could be when the malware might exploit something, get high privileges and then use LOLBins. But such a scenario is unlikely at home on the well-patched Windows with well-patched software.
- In AppGuard, we have the option to allow installs or shut everything off if needed through the agent app in the tray. In H_C I know there is the app to quickly switch default deny off or on, but if there are other restrictions impacting a specific task or application it appears that I would have to open H_C to switch those off - is that correct? I have some apps that I occasionally use that require access to one of the blocked sponsors, and it's nice to just be able to quickly switch off all restrictions temporarily. I wouldn't be asking these questions if I was totally thrilled with AppGuard.
SwitchDefaultDeny can switch off/on all H_C restrictions visible on the left H_C panel. So <Blocked Sponsors> are also switched off/on. If you want to switch non-SRP restrictions visible on the left H_C panel, then you must run H_C and use <Switch OFF/ON Restrictions>. The ConfigureDefender and FirewallHardening restrictions cannot be switched off/on.
Similar threads
-
- Sticky
