Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
No, it's not the Pro version:
View attachment 267166
My fault. I have forgotten that the attachment preview on MT allows seeing the attachments from other posts ( the attachment I saw was Hard_Configurator - Windows Hardening Configurator).

In the meantime, I installed the Adobe Acrobat Pro, but after clicking <Enable all features> on the yellow bar, I could open the links. So, there must be some non-default setting that makes the difference. I will try to find it. I like the behavior of Adobe on your computer because after using <Enable all features> on the Yellow Bar, other restrictions are not removed (although the name <Enable all features> can suggest that they should be removed).
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
@Andy Ful

In windows 10 enterprise I found this: if I add LOLbins in firewall hardening, the weather conditions icon is no longer visible in the weather widget in the tasbar. If I remove LOLBins the icon becomes visible again. Is this normal?
Probably yes. Blocking all LOLBins via the firewall can have some side effects and has to be usually adjusted to the concrete computer. Did you enable "Start logging events" and use <Blocked Events> to see which LOLBin was blocked?
You should adjust the LOLBins or simply use the "Recommended H_C" setup.
 

flaubert1971

Level 2
Oct 14, 2019
71
Probably yes. Blocking all LOLBins via the firewall can have some side effects and has to be usually adjusted to the concrete computer. Did you enable "Start logging events" and use <Blocked Events> to see which LOLBin was blocked?
You should adjust the LOLBins or simply use the "Recommended H_C" setup.

Ok, i used Recommended H_C "setup and now the problem no longer occurs. Thanks!
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Gandalf_The_Grey,

I found the difference on my computer that is responsible for opening links in the PV setting after using <Enable all features> and blocking links in the ON setting. In the PV setting, after pressing <Allow all features> the path of the document is automatically added to Privileged Locations:

1654122561196.png


Until the path is here the links in the document can be opened (either with ON or PV). If I remove this path and confirm via OK button, then the links in the already opened document (I did not close it) are blocked (either with ON or PV).
When a new document is opened, then its path is absent in Privileged Locations. When the setting is ON the path is not added, so the links are blocked. When the setting is PV and <Allow all features> is used then the path is added and the links are not blocked.
So, maybe some of your settings prevent adding the path of the document to Privileged Locations, after using <Enable all features> on the Yellow Bar.
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
Such a setup can be probably accepted by many users who mostly open files for viewing and not for editing. I blocked only Excel files, because they are the most dangerous. People who use Word and PowerPoint mostly for viewing should do the same for all MS Office files and use Word Mobile, PowerPoint Mobile, or Xodo PDF.
In rare cases when editing is necessary, the MS Office desktop applications can be used similarly to the Excel case.
Andy,

I get the Professional versions of Office through my employer at only $22 Cdn, currently running the full Office Professional Plus 2019 suite, so that's a deal I can't refuse. I use Word and Excel only occasionally for creating, viewing and editing documents, so this current restricted setup with H_C suits me fine, opening excel files from the program, especially with added security provided from OSArmor - in a "just in case" scenario, however unlikely it may be. Thanks for all your tremendous work (y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Gandalf_The_Grey,

Finally, I managed to reproduce your problem by using the system-wide policy:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown]
"bDisableTrustedFolders"=dword:00000001

It forces Adobe to untrust all locations on local disks, so even if you use <Enable All Features> the policies applied via DocumentsAntiExploit are still active.
H_C (SWH) does not use this policy, so you probably enabled it manually or via another application. After removing this policy, the standard behavior of <Enable All Features> is restored (links can be opened). (y)
When you reset in DocumentsAntiExploit tool <Adobe Acrobat Reader> option PV ---> OFF --> PV, then this policy will be removed (except if it is controlled/restored by a 3rd party application).

Thanks for your input, I will think if this policy can be adopted in H_C/SWH.
 
Last edited:

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
674
I was reading online a magazine called Techlife. On page 52 there was a topic I liked: Don't pay for an antivirus…use Microsoft Defender. To boost its protection, the author recommends using a free tool called ConfigureDefender. It is suggested to click the High button to make CD apply the best tweaks to optimize your PC's security and prevent false positives...don't click the Max button that may stop some safe program running.
I installed CD on many computers at that setting and never had a call about it.
I use SWH on a computer I share with my wife and sometimes, I'm away for a week. My wife never had an issue with my computer.
In my mind, H_C, is like a Max button...excellent protection that I don't dare to use on shared or friends computers....
 
Last edited:

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Gandalf_The_Grey,

Finally, I managed to reproduce your problem by using the system-wide policy:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown]
"bDisableTrustedFolders"=dword:00000001

It forces Adobe to untrust all locations on local disks, so even if you use <Enable All Features> the policies applied via DocumentsAntiExploit are still active.
H_C (SWH) does not use this policy, so you probably enabled it manually or via another application. After removing this policy, the standard behavior of <Enable All Features> is restored (links can be opened). (y)
When you reset in DocumentsAntiExploit tool <Adobe Acrobat Reader> option PV ---> OFF --> PV, then this policy will be removed (except if it is controlled/restored by a 3rd party application).

Thanks for your input, I will think if this policy can be adopted in H_C/SWH.
Thanks, I will have a look if I can find that policy on my system when I get home from work (y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
In my mind, H_C, is like a Max button...excellent protection that I don't dare to use on shared or friends computers....
H_C has got many possible setting profiles for several groups of users. All you can do via SWH or (and) ConfigureDefender, can be done via H_C as well. So, H_C is rather a microscope and you only need a magnifying glass. Most people do not need a microscope - that is why I created the "standalone magnifying glasses". But still, there are some people that need a microscope, although using it requires more time and more learning from the teacher. :)(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I will modify the PV setting in the DocumentsAntiExploit tool (All users retictions), so it will automatically remove the policy "bDisableTrustedFolders", forcing <Enable All Features> to work in a standard way.
On the contrary, I will add the "bDisableTrustedFolders" to the ON setting.

In this way, the ON setting will open the document in Protected View and after using the <Enable All Features>, the DocumentsAntiExploit restrictions will still be active (good for casual users).
With the PV setting the document will be also opened in Protected View, but after using <Enable All Features>, the restrictions will not be active except AppContainer (good for @Gandalf_The_Grey). :)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
  • Like
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
This is not the right key. You should look here:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown]
I know, but there is nothing under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC on my laptop:

1654192331663.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
Adobe Reader DC 64-bit can install in a few different locations and can store its settings under different keys.
Please check if your current setting in DocumentsAntiExploit is PV and check these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown
 
  • Like
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
Adobe Reader DC 64-bit can install in a few different locations and can store its settings under different keys.
Please check if your current setting in DocumentsAntiExploit is PV and check these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown
I think I misunderstood what you were saying because DocumentsAntiExploit was OFF when checking for those keys :)

Now with PV I have both "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" and "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown" with the same values:

1654193904316.png
 
  • Like
Reactions: Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,593
I think I misunderstood what you were saying because DocumentsAntiExploit was OFF when checking for those keys :)

Now with PV I have both "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" and "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown" with the same values:

View attachment 267191
So in both keys should be 11 entries?
How do work links now?
 
  • Like
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 84
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,415
So in both keys should be 11 entries?
How do work links now?
Yes, both have the same 11 entries.

Links still don't work with PV or ON only when OFF.
I have only changed the settings in "All users restrictions":

1654194428746.png

EDIT: just for your information I currently use ConfigureDefender on High, SWH at basic recommended settings and O&O ShutUP 10+++ at (almost all) recommended settings.
 
Last edited:
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top