Update Hard_Configurator - Windows Hardening Configurator

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
The x86 installer was detected as malware by multiple scanners. I submitted false positive reports to some of them, but according to Avast it was not a false positive.

"
Hello,

Thank you for reporting this.

Our virus specialists have confirmed that this detection is indeed correct due to lack of compliance with our clean software policy.

You can find further details in the following article: Avast Clean Guidelines.


With regards,

Avast Customer Care
"
I asked them why, but they haven't responded yet
Thanks for the info and for submitting false positives. :)(y)
The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
I sent a reclamation to Avast. We will see how they respond.
 

steel9

Level 4
Verified
Joined
Jun 23, 2017
Messages
176
OS
Windows 10
Antivirus
Kaspersky
Thanks for the info and for submitting false positives. :)(y)
The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
I sent a reclamation to Avast. We will see how they respond.
No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

Thanks
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

Thanks
It is not strange, because the AV Artificial Intelligence analyzes the process of installation, and do not like the temp files in the Windows folder. Inno Setup program is known for many years. It is a very popular installer.
It is known false positive (MalwareBytes Antimalware also uses Inno Setup):
Find Hidden Command Line Silent Switches for Setup Files • Raymond.CC
Inno Setup tmp blocked
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
Recently, Microsoft changed the paths of MsMpEng.exe and NisSrv.exe from %ProgramFiles%\Windows Defender to %ProgramData%\Microsoft\Windows Defender\Platform\, and Windows Defender Antivirus drivers from %Windir%\System32\drivers to %Windir%\System32\drivers\wd. Those changes could cause problems on computers protected by Software Restriction Policies (SRP).
But, not in Hard_Configurator settings (ver. 3.0.1.0 and higher), because the paths:
%ProgramData%\Microsoft\Windows Defender\
%Windir%\System32\drivers\
and their subfolders are whitelisted by default (they are executable but not writable).(y)
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
@Andy Ful: everything is fine, but I have a query .. I use Sandboxie to navigate, configure and clean when I close.
it fails me if I activate .cmd.exe.

View attachment 176567
View attachment 176569
View attachment 176568
Yes. Sandboxie uses cmd.exe to delete the sandbox. I solved this issue some years ago by using the sike.exe to delete sandboxes:
sike Download
I put sike.exe into C:\Windows. This requires also changing the Sandboxie options by adding the below line (in red) to Sandboxie.ini in GlobalSettings section:.
------------------------------------------------------------------------------------
[GlobalSettings]
....
DeleteCommand=C:\Windows\sike.exe -f "%SANDBOX%"
------------------------------------------------------------------------------------
.
You can check the impact of blocking cmd.exe in your system (and other sponsors), via <Tools><Run SRP/Scripts Event Log View>
<Blocking Sponsors> is recommended temporary when using the computer in the insecure environment, but may be adopted also on daily usage by users, who will bother to examine and troubleshoot the potential issues.(y)
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft

Attachments

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
@Andy Ful

Great (y)

Request: Adding folders to Controlled folder access?
Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF. :)
.
But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.
 
Last edited:

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
Does these settings persist when updating Windows if you are using Windows 10 Home (as the settings are intended for Win 10 Pro, Enterprise and Education computers)?
All settings except 'Cloud Protection Level' are available for all Windows editions (Windows Home included). Most of them can be configured on Windows Home, when using PowerShell cmdlets. The option 'Cloud Protection Level' on Windows Home can be set only to 'Default' (no higher levels). All settings should persist updates/upgrades.
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,422
OS
Windows 10
Antivirus
Default-Deny
Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF. :)
.
But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.
It would be more convenient especially because on Win10 every changes requires UAC validation. If we can make changes and your utility only ask for UAC validation once at the end, would be nicer.
 

Andy Ful

Level 30
Content Creator
Verified
Joined
Dec 23, 2014
Messages
1,963
OS
Windows 10
Antivirus
Microsoft
Recently, I noticed a Windows bug related to Secure Attention Sequence (SAS), that requires physically pressing Ctrl+Alt+Del to open the secure desktop with UAC. After one of Windows Updates, the Admin account on the computer of my wife was not accessible.
It turned out that Windows wanted to configure something and required to elevate some tool, but SAS alert was invisible to the user.
So, I had to reboot to Safe Mode, run Hard_Configurator and disable SAS via <More...> <UAC CTRL_ALT_DEL> option.
Microsoft, I love you.:sick:;)