Hard_Configurator - Windows Hardening Configurator

F

ForgottenSeer 94654

Andy Ful said:
The H_C can be improved in many ways, but usually, this would also make it more complex. So, I am not eager to make changes, except when they are necessary for security reasons (in the home environment).
Click to expand...
I can rename pwsh.exe to pwsh.exe_ , not think twice about it and live a very happy (and very safe) life. Others would not find appending _ acceptable despite it being so simple and easy.
 
  • Like
Reactions: [correlate] and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Renaming LOLBins will work in some cases, but not if these LOLBins are installed with Windows or can auto-update. After the update, the file with original name will be restored. Anyway, one can use other methods. The most natural one (on Windows 10) is using Exploit Protection from Security Center. Applying "Disable Win32k system calls" will block most LOLBins. I use this method to block Bitsadmin LOLBin in FirewallHardening.

Another method is via IFEO key with Debugger value, for example:

Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pwsh.exe]
"Debugger"="null"

Deleting the Debugger value will unblock pwsh.exe
 
  • Like
  • +Reputation
Reactions: Nevi, kC77, Mercenary and 2 others
F

ForgottenSeer 94654

Andy Ful said:
Renaming LOLBins will work in some cases, but not if these LOLBins are installed with Windows or can auto-update. After the update, the file with original name will be restored. Anyway, one can use other methods. The most natural one (on Windows 10) is using Exploit Protection from Security Center. Applying "Disable Win32k system calls" will block most LOLBins. I use this method to block Bitsadmin LOLBin in FirewallHardening.

Another method is via IFEO key with Debugger value, for example:

Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pwsh.exe]
"Debugger"="null"

Deleting the Debugger value will unblock pwsh.exe
Click to expand...
It depends upon how people install PowerShell 7. I chose the autoupdate feature via Windows Update. So you are correct, after the update the process will probably be restored.

Using the IEFO key with Debugger value is a good technique. If I recall correctly, it can only be used for .exe files, but if you know better then please refresh my memory.

Thank you.
 
  • Like
Reactions: Andy Ful
kC77

kC77

Level 5
Verified
Well-known
Aug 16, 2021
232
@Andy Ful H_C & CF/FH are stunning and on my own machines and any family/friends who want better security they are the first tools I suggest....
Have you thought about (or do you have any) pre-configured gpo's or advice on hardening across domains?

(I work for an MSP) and while we try as best we can to keep on top of new customer onboardings and new projects etc, and while we try when possible to implement a baseline SRP, its usually such a pain for the engineer and the customer.... have you thought about a licensed/gpo friendly H_C ?
 
Last edited:
  • Like
Reactions: Nevi, Gandalf_The_Grey and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
kC77 said:
@Andy Ful H_C & CF/FH are stunning and on my own machines and any family/friends who want better security they are the first tools I suggest....
Have you thought about (or do you have any) pre-configured gpo's or advice on hardening across domains?

(I work for an MSP) and while we try as best we can to keep on top of new customer onboardings and new projects etc, and while we try when possible to implement a baseline SRP, its usually such a pain for the engineer and the customer.... have you thought about a licensed/gpo friendly H_C ?
Click to expand...

No, I am afraid. The H_C is dedicated to a home environment (no GPO on Windows Home). Furthermore, messing with GPO by the 3rd party tool would not be welcome by Microsoft.:(
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and kC77
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
sypqys said:
Hi!

I'm French, and I have installed this software (Hard_configurator) but WatsApp audio don't start with active policies...

How I have to do for listen my audio WhatsApp ?

Thx
Click to expand...
You can use the Hard_Configurator log to check what has been blocked:
<Tools><Blocked Events / Security Logs>
Next, the blocked executable can be whitelisted.

What settings did you apply? (you can post here the screenshot of the H_C window)
 
Last edited:
  • Like
Reactions: Nevi and Gandalf_The_Grey
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
@Andy Ful

Would it be possible to make H_C create an icon in the systray just like Av`s do, or other security programs. Since it is a security program it would be appropriate, and handy.
 
  • Like
Reactions: Andy Ful
aldist

aldist

Level 2
Jul 22, 2020
59
pxxb1 said:
Would it be possible to make H_C create an icon in the systray just like Av`s do, or other security programs. Since it is a security program it would be appropriate, and handy.
Click to expand...
H_C only hangs in processes when its window is open, so the icon in the system tray will be useless. After closing the window, the program closes completely, it does not hang in processes, as it works through the local group policy editor. Configured H_C once and that's enough.
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
pxxb1 said:
@Andy Ful

Would it be possible to make H_C create an icon in the systray just like Av`s do, or other security programs. Since it is a security program it would be appropriate, and handy.
Click to expand...

As @aldist has already mentioned, H_C is a configurator. It configures the Windows built-in settings, so there is no need to keep the H_C processes in real-time. After finishing the configuration and closing H_C, all H_C processes are closed. The real-time protection comes from Windows built-in features.
If you do not close H_C but only minimize the window, the H_C icon is visible on the system tray (Notification Area).
 
  • Like
Reactions: cryogent, Nevi and Gandalf_The_Grey
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
Andy Ful said:
As @aldist has already mentioned, H_C is a configurator. It configures the Windows built-in settings, so there is no need to keep the H_C processes in real-time. After finishing the configuration and closing H_C, all H_C processes are closed. The real-time protection comes from Windows built-in features.
If you do not close H_C but only minimize the window, the H_C icon is visible on the system tray (Notification Area).
Click to expand...

Nevertheless, it would be handy and appropriate to have it there together with the rest of the security icons, instead of the taskfield.

There are things one sometimes have to handle, whitelistning, settting some setting to ON instead of OFF and vice versa, so dependent on what one does it sometimes needs real-time handling. Lets say someone uses Ms Defender, Defender GUI and H_C, then it would be practical to be able to have icons for all of them in systray to monitor them when needed. Now, only 2 of them can be seen. It also works as a reminder, sometimes things, "do not work", and one does not know why, but after long figuring, ahh, H_C is blocking it for security reasons. If seen in tray, well, you understand.

So the idea stands on good practical and also conveniant ground.
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
pxxb1 said:
Nevertheless, it would be handy and appropriate to have it there together with the rest of the security icons, instead of the taskfield.

There are things one sometimes have to handle, whitelistning, settting some setting to ON instead of OFF and vice versa, so dependent on what one does it sometimes needs real-time handling. Lets say someone uses Ms Defender, Defender GUI and H_C, then it would be practical to be able to have icons for all of them in systray to monitor them when needed. Now, only 2 of them can be seen. It also works as a reminder, sometimes things, "do not work", and one does not know why, but after long figuring, ahh, H_C is blocking it for security reasons. If seen in tray, well, you understand.

So the idea stands on good practical and also conveniant ground.
Click to expand...

The H_C is intended to work on the computers of casual users, so it should not start with Windows. Normally, only the shortcut for SwitchDefaultDeny should be visible on the Desktop.

Real-time could be probably a little more convenient for advanced users if one would need to use H_C daily. But, the H_C settings should be configured in a way that requires running it rarely. If so, then additional icons on the system try would be rather inconvenient and unnecessary.
Anyway, if one wants to use real-time H_C, then it can be easily done by creating a scheduled task or adding the H_C to the programs that start with Windows.
 
  • Like
Reactions: Nevi, jerzy601, Mercenary and 1 other person
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
Andy Ful said:
The H_C is intended to work on the computers of casual users, so it should not start with Windows. Normally, only the shortcut for SwitchDefaultDeny should be visible on the Desktop.

Real-time could be probably a little more convenient for advanced users if one would need to use H_C daily. But, the H_C settings should be configured in a way that requires running it rarely. If so, then additional icons on the system try would be rather inconvenient and unnecessary.
Anyway, if one wants to use real-time H_C, then it can be easily done by creating a scheduled task or adding the H_C to the programs that start with Windows.
Click to expand...

Or placing its icon in the taskfield, in lack of possible systray placing with other security icons ;).

I would not be the only one appreciating that feature. Well well, i tried.
 
  • Like
Reactions: Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
Emanuel Tomasin said:
Can I use SWH and HC together?
Click to expand...
Simply, use H_C or skip it and use SWH + standalone tools that you need.
SWH + standalone tools have got similar features to the H_C with Basic_Recommended settings.
There are standalone versions of ConfigureDefender, FirewallHardening, DocumentsAntiExploit, and RunBySmartScreen.
 
  • Like
Reactions: jerzy601, Nevi, Mercenary and 4 others
P

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
471
Andy Ful said:
I know. It is hard to please all users and keep the application simple.
But do not give up. I remember all suggestions and sometimes change my mind.:)(y)
Click to expand...

So, a little light in the tunnel!

I install, test a lot of programs out of curiosity so i use H_C several times a week, sometimes even several times a day several times a week, so i use it a lot more than the Ms Defender and Defender GUI icons. For ANYONE who do things like that, even little, it is used much more than a "set and forget" program because it blocks a lot that is safe and one have to use the whitelisting. Besides, it is practical, and logical, to have all the security icons at one place for fast and easy handling. A user choice for the feature, maybe?

What i have understood when reading your posts is that you are an intelligent down to earth guy so you probably can see the benefit, the question is if want to do the job, if not, that is ok of course, it is your program, but if, well, then you have made a terrific program even more terrific.

Out of the programs you have made it is H_C and SWH that could benefit out of this, the other ones are more of true "set and forget" type.

Good luck!? ;)
 
  • Like
Reactions: Nevi, Mercenary and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,484
sypqys said:
Hi !

How i have to configure "defaut security level" ?
Click to expand...
I assume that you refer to the H_C option <Default Security Level>. Did you read the help file about <Default Security Level>? Its settings are changed each time after pressing the button <Default Security Level>.
 
  • Like
Reactions: Nevi, sypqys and Back3

Similar threads

Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
29,430
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
318
Views
34,110
Hard_Configurator Tools
Andy Ful
Andy Ful
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
1,127
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top