Hard_Configurator - Windows Hardening Configurator

F

ForgottenSeer 94654

The H_C can be improved in many ways, but usually, this would also make it more complex. So, I am not eager to make changes, except when they are necessary for security reasons (in the home environment).
I can rename pwsh.exe to pwsh.exe_ , not think twice about it and live a very happy (and very safe) life. Others would not find appending _ acceptable despite it being so simple and easy.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
Renaming LOLBins will work in some cases, but not if these LOLBins are installed with Windows or can auto-update. After the update, the file with original name will be restored. Anyway, one can use other methods. The most natural one (on Windows 10) is using Exploit Protection from Security Center. Applying "Disable Win32k system calls" will block most LOLBins. I use this method to block Bitsadmin LOLBin in FirewallHardening.

Another method is via IFEO key with Debugger value, for example:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pwsh.exe]
"Debugger"="null"

Deleting the Debugger value will unblock pwsh.exe
 
F

ForgottenSeer 94654

Renaming LOLBins will work in some cases, but not if these LOLBins are installed with Windows or can auto-update. After the update, the file with original name will be restored. Anyway, one can use other methods. The most natural one (on Windows 10) is using Exploit Protection from Security Center. Applying "Disable Win32k system calls" will block most LOLBins. I use this method to block Bitsadmin LOLBin in FirewallHardening.

Another method is via IFEO key with Debugger value, for example:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pwsh.exe]
"Debugger"="null"

Deleting the Debugger value will unblock pwsh.exe
It depends upon how people install PowerShell 7. I chose the autoupdate feature via Windows Update. So you are correct, after the update the process will probably be restored.

Using the IEFO key with Debugger value is a good technique. If I recall correctly, it can only be used for .exe files, but if you know better then please refresh my memory.

Thank you.
 
  • Like
Reactions: Andy Ful

kC77

Level 5
Verified
Well-known
Aug 16, 2021
209
@Andy Ful H_C & CF/FH are stunning and on my own machines and any family/friends who want better security they are the first tools I suggest....
Have you thought about (or do you have any) pre-configured gpo's or advice on hardening across domains?

(I work for an MSP) and while we try as best we can to keep on top of new customer onboardings and new projects etc, and while we try when possible to implement a baseline SRP, its usually such a pain for the engineer and the customer.... have you thought about a licensed/gpo friendly H_C ?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
@Andy Ful H_C & CF/FH are stunning and on my own machines and any family/friends who want better security they are the first tools I suggest....
Have you thought about (or do you have any) pre-configured gpo's or advice on hardening across domains?

(I work for an MSP) and while we try as best we can to keep on top of new customer onboardings and new projects etc, and while we try when possible to implement a baseline SRP, its usually such a pain for the engineer and the customer.... have you thought about a licensed/gpo friendly H_C ?

No, I am afraid. The H_C is dedicated to a home environment (no GPO on Windows Home). Furthermore, messing with GPO by the 3rd party tool would not be welcome by Microsoft.:(
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
Hi!

I'm French, and I have installed this software (Hard_configurator) but WatsApp audio don't start with active policies...

How I have to do for listen my audio WhatsApp ?

Thx
You can use the Hard_Configurator log to check what has been blocked:
<Tools><Blocked Events / Security Logs>
Next, the blocked executable can be whitelisted.

What settings did you apply? (you can post here the screenshot of the H_C window)
 
Last edited:

pxxb1

Level 7
Jan 17, 2018
298
@Andy Ful

Would it be possible to make H_C create an icon in the systray just like Av`s do, or other security programs. Since it is a security program it would be appropriate, and handy.
 
  • Like
Reactions: Andy Ful

aldist

Level 2
Jul 22, 2020
47
Would it be possible to make H_C create an icon in the systray just like Av`s do, or other security programs. Since it is a security program it would be appropriate, and handy.
H_C only hangs in processes when its window is open, so the icon in the system tray will be useless. After closing the window, the program closes completely, it does not hang in processes, as it works through the local group policy editor. Configured H_C once and that's enough.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
@Andy Ful

Would it be possible to make H_C create an icon in the systray just like Av`s do, or other security programs. Since it is a security program it would be appropriate, and handy.

As @aldist has already mentioned, H_C is a configurator. It configures the Windows built-in settings, so there is no need to keep the H_C processes in real-time. After finishing the configuration and closing H_C, all H_C processes are closed. The real-time protection comes from Windows built-in features.
If you do not close H_C but only minimize the window, the H_C icon is visible on the system tray (Notification Area).
 

pxxb1

Level 7
Jan 17, 2018
298
As @aldist has already mentioned, H_C is a configurator. It configures the Windows built-in settings, so there is no need to keep the H_C processes in real-time. After finishing the configuration and closing H_C, all H_C processes are closed. The real-time protection comes from Windows built-in features.
If you do not close H_C but only minimize the window, the H_C icon is visible on the system tray (Notification Area).

Nevertheless, it would be handy and appropriate to have it there together with the rest of the security icons, instead of the taskfield.

There are things one sometimes have to handle, whitelistning, settting some setting to ON instead of OFF and vice versa, so dependent on what one does it sometimes needs real-time handling. Lets say someone uses Ms Defender, Defender GUI and H_C, then it would be practical to be able to have icons for all of them in systray to monitor them when needed. Now, only 2 of them can be seen. It also works as a reminder, sometimes things, "do not work", and one does not know why, but after long figuring, ahh, H_C is blocking it for security reasons. If seen in tray, well, you understand.

So the idea stands on good practical and also conveniant ground.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
Nevertheless, it would be handy and appropriate to have it there together with the rest of the security icons, instead of the taskfield.

There are things one sometimes have to handle, whitelistning, settting some setting to ON instead of OFF and vice versa, so dependent on what one does it sometimes needs real-time handling. Lets say someone uses Ms Defender, Defender GUI and H_C, then it would be practical to be able to have icons for all of them in systray to monitor them when needed. Now, only 2 of them can be seen. It also works as a reminder, sometimes things, "do not work", and one does not know why, but after long figuring, ahh, H_C is blocking it for security reasons. If seen in tray, well, you understand.

So the idea stands on good practical and also conveniant ground.

The H_C is intended to work on the computers of casual users, so it should not start with Windows. Normally, only the shortcut for SwitchDefaultDeny should be visible on the Desktop.

Real-time could be probably a little more convenient for advanced users if one would need to use H_C daily. But, the H_C settings should be configured in a way that requires running it rarely. If so, then additional icons on the system try would be rather inconvenient and unnecessary.
Anyway, if one wants to use real-time H_C, then it can be easily done by creating a scheduled task or adding the H_C to the programs that start with Windows.
 

pxxb1

Level 7
Jan 17, 2018
298
The H_C is intended to work on the computers of casual users, so it should not start with Windows. Normally, only the shortcut for SwitchDefaultDeny should be visible on the Desktop.

Real-time could be probably a little more convenient for advanced users if one would need to use H_C daily. But, the H_C settings should be configured in a way that requires running it rarely. If so, then additional icons on the system try would be rather inconvenient and unnecessary.
Anyway, if one wants to use real-time H_C, then it can be easily done by creating a scheduled task or adding the H_C to the programs that start with Windows.

Or placing its icon in the taskfield, in lack of possible systray placing with other security icons ;).

I would not be the only one appreciating that feature. Well well, i tried.
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
Can I use SWH and HC together?
Simply, use H_C or skip it and use SWH + standalone tools that you need.
SWH + standalone tools have got similar features to the H_C with Basic_Recommended settings.
There are standalone versions of ConfigureDefender, FirewallHardening, DocumentsAntiExploit, and RunBySmartScreen.
 

pxxb1

Level 7
Jan 17, 2018
298
I know. It is hard to please all users and keep the application simple.
But do not give up. I remember all suggestions and sometimes change my mind.:)(y)

So, a little light in the tunnel!

I install, test a lot of programs out of curiosity so i use H_C several times a week, sometimes even several times a day several times a week, so i use it a lot more than the Ms Defender and Defender GUI icons. For ANYONE who do things like that, even little, it is used much more than a "set and forget" program because it blocks a lot that is safe and one have to use the whitelisting. Besides, it is practical, and logical, to have all the security icons at one place for fast and easy handling. A user choice for the feature, maybe?

What i have understood when reading your posts is that you are an intelligent down to earth guy so you probably can see the benefit, the question is if want to do the job, if not, that is ok of course, it is your program, but if, well, then you have made a terrific program even more terrific.

Out of the programs you have made it is H_C and SWH that could benefit out of this, the other ones are more of true "set and forget" type.

Good luck!? ;)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,174
Hi !

How i have to configure "defaut security level" ?
I assume that you refer to the H_C option <Default Security Level>. Did you read the help file about <Default Security Level>? Its settings are changed each time after pressing the button <Default Security Level>.