Hard_Configurator - Windows Hardening Configurator

Discussion in 'System Utilities' started by Andy Ful, Dec 10, 2016.

  1. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    Thanks for the info and for submitting false positives. :)(y)
    The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
    I sent a reclamation to Avast. We will see how they respond.
     
  2. steel9

    steel9 Level 3

    Jun 23, 2017
    142
    398
    Sweden
    Windows 10
    F-Secure
    No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

    Thanks
     
    AtlBo and Andy Ful like this.
  3. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    It is not strange, because the AV Artificial Intelligence analyzes the process of installation, and do not like the temp files in the Windows folder. Inno Setup program is known for many years. It is a very popular installer.
    It is known false positive (MalwareBytes Antimalware also uses Inno Setup):
    Find Hidden Command Line Silent Switches for Setup Files • Raymond.CC
    Inno Setup tmp blocked
     
  4. steel9

    steel9 Level 3

    Jun 23, 2017
    142
    398
    Sweden
    Windows 10
    F-Secure
    Avast and AVG now removed the detection of the x86 installer
     
  5. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    It is nice for them responding to our reclamation.:)
     
  6. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    Recently, Microsoft changed the paths of MsMpEng.exe and NisSrv.exe from %ProgramFiles%\Windows Defender to %ProgramData%\Microsoft\Windows Defender\Platform\, and Windows Defender Antivirus drivers from %Windir%\System32\drivers to %Windir%\System32\drivers\wd. Those changes could cause problems on computers protected by Software Restriction Policies (SRP).
    But, not in Hard_Configurator settings (ver. 3.0.1.0 and higher), because the paths:
    %ProgramData%\Microsoft\Windows Defender\
    %Windir%\System32\drivers\
    and their subfolders are whitelisted by default (they are executable but not writable).(y)
     
  7. bribon77

    bribon77 Level 10

    Jul 6, 2017
    495
    3,420
    spain
    Windows 7
    Emsisoft
    #347 bribon77, Dec 21, 2017
    Last edited: Dec 21, 2017
    @Andy Ful: everything is fine, but I have a query .. I use Sandboxie to navigate, configure and clean when I close.
    it fails me if I activate .cmd.exe.

    explorer_2017-12-22_00-10-28.png
    Hard_Configurator(x64)_2017-12-22_00-48-25.png
    explorer_2017-12-22_00-43-11.png
     
    Deletedmessiah and harlan4096 like this.
  8. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    Yes. Sandboxie uses cmd.exe to delete the sandbox. I solved this issue some years ago by using the sike.exe to delete sandboxes:
    sike Download
    I put sike.exe into C:\Windows. This requires also changing the Sandboxie options by adding the below line (in red) to Sandboxie.ini in GlobalSettings section:.
    ------------------------------------------------------------------------------------
    [GlobalSettings]
    ....
    DeleteCommand=C:\Windows\sike.exe -f "%SANDBOX%"
    ------------------------------------------------------------------------------------
    .
    You can check the impact of blocking cmd.exe in your system (and other sponsors), via <Tools><Run SRP/Scripts Event Log View>
    <Blocking Sponsors> is recommended temporary when using the computer in the insecure environment, but may be adopted also on daily usage by users, who will bother to examine and troubleshoot the potential issues.(y)
     
  9. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,171
    5,189
    IRAN
    Windows 10
    ESET
    Any news?
     
    bribon77 and Andy Ful like this.
  10. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    I am working on ConfigureDefender utility (only Windows 10).:)
    This will be a standalone program, but also integrated with Hard_Configurator.
     
  11. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,171
    5,189
    IRAN
    Windows 10
    ESET
    Keep up the good work hacker<3
     
  12. Windows_Security

    Windows_Security Level 13
    Content Creator Trusted

    Mar 13, 2016
    615
    2,884
    Holland
    Windows 7
    Default-Deny
    Andy, what does ConfigureDefender do?
     
  13. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    It allows viewing important Defender settings and configuring them.:)
     

    Attached Files:

  14. Windows_Security

    Windows_Security Level 13
    Content Creator Trusted

    Mar 13, 2016
    615
    2,884
    Holland
    Windows 7
    Default-Deny
    @Andy Ful

    Great (y)

    Request: Adding folders to Controlled folder access?
     
    Andy Ful likes this.
  15. steel9

    steel9 Level 3

    Jun 23, 2017
    142
    398
    Sweden
    Windows 10
    F-Secure
    Does these settings persist when updating Windows if you are using Windows 10 Home (as the settings are intended for Win 10 Pro, Enterprise and Education computers)?
     
    Sunshine-boy and Andy Ful like this.
  16. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    #356 Andy Ful, Jan 12, 2018
    Last edited: Jan 12, 2018
    Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF. :)
    .
    But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.
     
    Sunshine-boy, harlan4096 and bribon77 like this.
  17. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    All settings except 'Cloud Protection Level' are available for all Windows editions (Windows Home included). Most of them can be configured on Windows Home, when using PowerShell cmdlets. The option 'Cloud Protection Level' on Windows Home can be set only to 'Default' (no higher levels). All settings should persist updates/upgrades.
     
  18. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,653
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    It would be more convenient especially because on Win10 every changes requires UAC validation. If we can make changes and your utility only ask for UAC validation once at the end, would be nicer.
     
  19. Andy Ful

    Andy Ful Level 22

    Dec 23, 2014
    1,101
    4,708
    business
    Poland
    Windows 10
    Microsoft
    silversurfer, harlan4096 and Av Gurus like this.
Loading...
Similar Threads Forum Date
More Windows patches, primarily previews, point to escalating problems this month Technology News Yesterday at 12:12 PM
Windows 10 Windows 10 version 1803: privacy improvements. Operating Systems Yesterday at 10:55 AM
Windows Defender - Pro's & Con's Microsoft Wednesday at 10:41 PM