Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
The x86 installer was detected as malware by multiple scanners. I submitted false positive reports to some of them, but according to Avast it was not a false positive.

"
Hello,

Thank you for reporting this.

Our virus specialists have confirmed that this detection is indeed correct due to lack of compliance with our clean software policy.

You can find further details in the following article: Avast Clean Guidelines.


With regards,

Avast Customer Care
"
I asked them why, but they haven't responded yet
Thanks for the info and for submitting false positives. :)(y)
The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
I sent a reclamation to Avast. We will see how they respond.
 

CoherentCrayon

Level 4
Verified
Jun 23, 2017
183
Thanks for the info and for submitting false positives. :)(y)
The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
I sent a reclamation to Avast. We will see how they respond.
No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

Thanks
 
  • Like
Reactions: AtlBo and Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

Thanks
It is not strange, because the AV Artificial Intelligence analyzes the process of installation, and do not like the temp files in the Windows folder. Inno Setup program is known for many years. It is a very popular installer.
It is known false positive (MalwareBytes Antimalware also uses Inno Setup):
Find Hidden Command Line Silent Switches for Setup Files • Raymond.CC
Inno Setup tmp blocked
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Recently, Microsoft changed the paths of MsMpEng.exe and NisSrv.exe from %ProgramFiles%\Windows Defender to %ProgramData%\Microsoft\Windows Defender\Platform\, and Windows Defender Antivirus drivers from %Windir%\System32\drivers to %Windir%\System32\drivers\wd. Those changes could cause problems on computers protected by Software Restriction Policies (SRP).
But, not in Hard_Configurator settings (ver. 3.0.1.0 and higher), because the paths:
%ProgramData%\Microsoft\Windows Defender\
%Windir%\System32\drivers\
and their subfolders are whitelisted by default (they are executable but not writable).(y)
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
@Andy Ful: everything is fine, but I have a query .. I use Sandboxie to navigate, configure and clean when I close.
it fails me if I activate .cmd.exe.

explorer_2017-12-22_00-10-28.png
Hard_Configurator(x64)_2017-12-22_00-48-25.png
explorer_2017-12-22_00-43-11.png
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@Andy Ful: everything is fine, but I have a query .. I use Sandboxie to navigate, configure and clean when I close.
it fails me if I activate .cmd.exe.

View attachment 176567
View attachment 176569
View attachment 176568
Yes. Sandboxie uses cmd.exe to delete the sandbox. I solved this issue some years ago by using the sike.exe to delete sandboxes:
sike Download
I put sike.exe into C:\Windows. This requires also changing the Sandboxie options by adding the below line (in red) to Sandboxie.ini in GlobalSettings section:.
------------------------------------------------------------------------------------
[GlobalSettings]
....
DeleteCommand=C:\Windows\sike.exe -f "%SANDBOX%"
------------------------------------------------------------------------------------
.
You can check the impact of blocking cmd.exe in your system (and other sponsors), via <Tools><Run SRP/Scripts Event Log View>
<Blocking Sponsors> is recommended temporary when using the computer in the insecure environment, but may be adopted also on daily usage by users, who will bother to examine and troubleshoot the potential issues.(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598

Attachments

  • ConfigureDefender1.png
    ConfigureDefender1.png
    70.9 KB · Views: 501
  • ConfigureDefender2.png
    ConfigureDefender2.png
    77.2 KB · Views: 470
  • ConfigureDefender3.png
    ConfigureDefender3.png
    68.9 KB · Views: 479
  • ConfigureDefender4.png
    ConfigureDefender4.png
    87.6 KB · Views: 474

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
@Andy Ful

Great (y)

Request: Adding folders to Controlled folder access?
Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF. :)
.
But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Does these settings persist when updating Windows if you are using Windows 10 Home (as the settings are intended for Win 10 Pro, Enterprise and Education computers)?
All settings except 'Cloud Protection Level' are available for all Windows editions (Windows Home included). Most of them can be configured on Windows Home, when using PowerShell cmdlets. The option 'Cloud Protection Level' on Windows Home can be set only to 'Default' (no higher levels). All settings should persist updates/upgrades.
 
D

Deleted member 178

Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF. :)
.
But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.
It would be more convenient especially because on Win10 every changes requires UAC validation. If we can make changes and your utility only ask for UAC validation once at the end, would be nicer.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
Recently, I noticed a Windows bug related to Secure Attention Sequence (SAS), that requires physically pressing Ctrl+Alt+Del to open the secure desktop with UAC. After one of Windows Updates, the Admin account on the computer of my wife was not accessible.
It turned out that Windows wanted to configure something and required to elevate some tool, but SAS alert was invisible to the user.
So, I had to reboot to Safe Mode, run Hard_Configurator and disable SAS via <More...> <UAC CTRL_ALT_DEL> option.
Microsoft, I love you.:sick:;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top