Hard_Configurator - Windows Hardening Configurator

[Andy Ful]

The x86 installer was detected as malware by multiple scanners. I submitted false positive reports to some of them, but according to Avast it was not a false positive.

"
Hello,

Thank you for reporting this.

Our virus specialists have confirmed that this detection is indeed correct due to lack of compliance with our clean software policy.

You can find further details in the following article: Avast Clean Guidelines.


With regards,

Avast Customer Care
"
I asked them why, but they haven't responded yet

Thanks for the info and for submitting false positives.
The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
I sent a reclamation to Avast. We will see how they respond.

 

[CoherentCrayon]

Thanks for the info and for submitting false positives.
The same problem was with Windows Defender until I contacted with Microsoft for manual analysis. The problem is with popular 'Inno Setup' (www.jrsoftware.org), which I use to make Hard_Configurator installer. Inno Setup was also used recently to hide the malware in installers for Windows 32-bit, so many AVs started to flag Inno Setup installers as malicious.
I sent a reclamation to Avast. We will see how they respond.

No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

Thanks

 

[Andy Ful]

No problem. Just a question as I couldn't find the answer myself, was Inno Setup used to hide malware by JRSoftware themselves or by other persons? If by other persons it's strange that scanners flag all Inno Setups as malware imo.

Thanks

It is not strange, because the AV Artificial Intelligence analyzes the process of installation, and do not like the temp files in the Windows folder. Inno Setup program is known for many years. It is a very popular installer.
It is known false positive (MalwareBytes Antimalware also uses Inno Setup):
Find Hidden Command Line Silent Switches for Setup Files • Raymond.CC
Inno Setup tmp blocked

 

[CoherentCrayon]

Avast and AVG now removed the detection of the x86 installer

 

[Andy Ful]

Avast and AVG now removed the detection of the x86 installer

It is nice for them responding to our reclamation.

 

[Andy Ful]

Recently, Microsoft changed the paths of MsMpEng.exe and NisSrv.exe from %ProgramFiles%\Windows Defender to %ProgramData%\Microsoft\Windows Defender\Platform\, and Windows Defender Antivirus drivers from %Windir%\System32\drivers to %Windir%\System32\drivers\wd. Those changes could cause problems on computers protected by Software Restriction Policies (SRP).
But, not in Hard_Configurator settings (ver. 3.0.1.0 and higher), because the paths:
%ProgramData%\Microsoft\Windows Defender\
%Windir%\System32\drivers\
and their subfolders are whitelisted by default (they are executable but not writable).

 

[bribon77]

@Andy Ful: everything is fine, but I have a query .. I use Sandboxie to navigate, configure and clean when I close.
it fails me if I activate .cmd.exe.

 

[Andy Ful]

@Andy Ful: everything is fine, but I have a query .. I use Sandboxie to navigate, configure and clean when I close.
it fails me if I activate .cmd.exe.

View attachment 176567
View attachment 176569
View attachment 176568

Yes. Sandboxie uses cmd.exe to delete the sandbox. I solved this issue some years ago by using the sike.exe to delete sandboxes:
sike Download
I put sike.exe into C:\Windows. This requires also changing the Sandboxie options by adding the below line (in red) to Sandboxie.ini in GlobalSettings section:.
------------------------------------------------------------------------------------

[GlobalSettings]
....
DeleteCommand=C:\Windows\sike.exe -f "%SANDBOX%"​

------------------------------------------------------------------------------------
.
You can check the impact of blocking cmd.exe in your system (and other sponsors), via <Tools><Run SRP/Scripts Event Log View>
<Blocking Sponsors> is recommended temporary when using the computer in the insecure environment, but may be adopted also on daily usage by users, who will bother to examine and troubleshoot the potential issues.

 

[Sunshine-boy]

Any news?

 

[Andy Ful]

Any news?

I am working on ConfigureDefender utility (only Windows 10).
This will be a standalone program, but also integrated with Hard_Configurator.

 

[Sunshine-boy]

Keep up the good work hacker<3

 

[Windows_Security]

I am working on ConfigureDefender utility (only Windows 10).
This will be a standalone program, but also integrated with Hard_Configurator.

Andy, what does ConfigureDefender do?

 

[Andy Ful]

Andy, what does ConfigureDefender do?

It allows viewing important Defender settings and configuring them.

 

[Windows_Security]

@Andy Ful

Great

Request: Adding folders to Controlled folder access?

 

[CoherentCrayon]

It allows viewing important Defender settings and configuring them.

Does these settings persist when updating Windows if you are using Windows 10 Home (as the settings are intended for Win 10 Pro, Enterprise and Education computers)?

 

[Andy Ful]

@Andy Ful

Great

Request: Adding folders to Controlled folder access?

Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF.
.
But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.

 

[Andy Ful]

Does these settings persist when updating Windows if you are using Windows 10 Home (as the settings are intended for Win 10 Pro, Enterprise and Education computers)?

All settings except 'Cloud Protection Level' are available for all Windows editions (Windows Home included). Most of them can be configured on Windows Home, when using PowerShell cmdlets. The option 'Cloud Protection Level' on Windows Home can be set only to 'Default' (no higher levels). All settings should persist updates/upgrades.

 

[Deleted member 178]

Controlled Folder Access and Exploit Guard for applications can be managed easily via Defender Security Center. Some settings like for example Controlled Folder Access are in ConfigureDefender only to quickly ON/OFF.
.
But I understand, that adding Controlled Folder Access and Exploit Guard for applications would be convenient for the users.

It would be more convenient especially because on Win10 every changes requires UAC validation. If we can make changes and your utility only ask for UAC validation once at the end, would be nicer.

 

[Andy Ful]

ConfigureDefender is now available for testing:
ConfigureDefender utility for Windows 10

 

[Andy Ful]

Recently, I noticed a Windows bug related to Secure Attention Sequence (SAS), that requires physically pressing Ctrl+Alt+Del to open the secure desktop with UAC. After one of Windows Updates, the Admin account on the computer of my wife was not accessible.
It turned out that Windows wanted to configure something and required to elevate some tool, but SAS alert was invisible to the user.
So, I had to reboot to Safe Mode, run Hard_Configurator and disable SAS via <More...> <UAC CTRL_ALT_DEL> option.
Microsoft, I love you.