Hard_Configurator - Windows Hardening Configurator

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Gandalf_The_Grey said:
No, it's not the Pro version:
View attachment 267166
Click to expand...
My fault. I have forgotten that the attachment preview on MT allows seeing the attachments from other posts ( the attachment I saw was Hard_Configurator - Windows Hardening Configurator).

In the meantime, I installed the Adobe Acrobat Pro, but after clicking <Enable all features> on the yellow bar, I could open the links. So, there must be some non-default setting that makes the difference. I will try to find it. I like the behavior of Adobe on your computer because after using <Enable all features> on the Yellow Bar, other restrictions are not removed (although the name <Enable all features> can suggest that they should be removed).
 
  • Like
Reactions: Nevi, [correlate] and Gandalf_The_Grey
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
flaubert1971 said:
@Andy Ful

In windows 10 enterprise I found this: if I add LOLbins in firewall hardening, the weather conditions icon is no longer visible in the weather widget in the tasbar. If I remove LOLBins the icon becomes visible again. Is this normal?
Click to expand...
Probably yes. Blocking all LOLBins via the firewall can have some side effects and has to be usually adjusted to the concrete computer. Did you enable "Start logging events" and use <Blocked Events> to see which LOLBin was blocked?
You should adjust the LOLBins or simply use the "Recommended H_C" setup.
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and flaubert1971
flaubert1971

flaubert1971

Level 2
Oct 14, 2019
65
Andy Ful said:
Probably yes. Blocking all LOLBins via the firewall can have some side effects and has to be usually adjusted to the concrete computer. Did you enable "Start logging events" and use <Blocked Events> to see which LOLBin was blocked?
You should adjust the LOLBins or simply use the "Recommended H_C" setup.
Click to expand...

Ok, i used Recommended H_C "setup and now the problem no longer occurs. Thanks!
 
  • Like
Reactions: Nevi, Gandalf_The_Grey and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Gandalf_The_Grey,

I found the difference on my computer that is responsible for opening links in the PV setting after using <Enable all features> and blocking links in the ON setting. In the PV setting, after pressing <Allow all features> the path of the document is automatically added to Privileged Locations:

1654122561196.png


Until the path is here the links in the document can be opened (either with ON or PV). If I remove this path and confirm via OK button, then the links in the already opened document (I did not close it) are blocked (either with ON or PV).
When a new document is opened, then its path is absent in Privileged Locations. When the setting is ON the path is not added, so the links are blocked. When the setting is PV and <Allow all features> is used then the path is added and the links are not blocked.
So, maybe some of your settings prevent adding the path of the document to Privileged Locations, after using <Enable all features> on the Yellow Bar.
 
  • Like
  • +Reputation
Reactions: Nevi, Gandalf_The_Grey and mkoundo
wat0114

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
570
Andy Ful said:
Such a setup can be probably accepted by many users who mostly open files for viewing and not for editing. I blocked only Excel files, because they are the most dangerous. People who use Word and PowerPoint mostly for viewing should do the same for all MS Office files and use Word Mobile, PowerPoint Mobile, or Xodo PDF.
In rare cases when editing is necessary, the MS Office desktop applications can be used similarly to the Excel case.
Click to expand...
Andy,

I get the Professional versions of Office through my employer at only $22 Cdn, currently running the full Office Professional Plus 2019 suite, so that's a deal I can't refuse. I use Word and Excel only occasionally for creating, viewing and editing documents, so this current restricted setup with H_C suits me fine, opening excel files from the program, especially with added security provided from OSArmor - in a "just in case" scenario, however unlikely it may be. Thanks for all your tremendous work (y)
 
  • Like
Reactions: Nevi, Gandalf_The_Grey, mkoundo and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Gandalf_The_Grey,

Finally, I managed to reproduce your problem by using the system-wide policy:

Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown]
"bDisableTrustedFolders"=dword:00000001

It forces Adobe to untrust all locations on local disks, so even if you use <Enable All Features> the policies applied via DocumentsAntiExploit are still active.
H_C (SWH) does not use this policy, so you probably enabled it manually or via another application. After removing this policy, the standard behavior of <Enable All Features> is restored (links can be opened). (y)
When you reset in DocumentsAntiExploit tool <Adobe Acrobat Reader> option PV ---> OFF --> PV, then this policy will be removed (except if it is controlled/restored by a 3rd party application).

Thanks for your input, I will think if this policy can be adopted in H_C/SWH.
 
Last edited:
  • +Reputation
Reactions: Nevi, mkoundo and Gandalf_The_Grey
B

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
659
I was reading online a magazine called Techlife. On page 52 there was a topic I liked: Don't pay for an antivirus…use Microsoft Defender. To boost its protection, the author recommends using a free tool called ConfigureDefender. It is suggested to click the High button to make CD apply the best tweaks to optimize your PC's security and prevent false positives...don't click the Max button that may stop some safe program running.
I installed CD on many computers at that setting and never had a call about it.
I use SWH on a computer I share with my wife and sometimes, I'm away for a week. My wife never had an issue with my computer.
In my mind, H_C, is like a Max button...excellent protection that I don't dare to use on shared or friends computers....
 
Last edited:
  • Like
Reactions: Nevi, mkoundo and Andy Ful
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,586
Andy Ful said:
Gandalf_The_Grey,

Finally, I managed to reproduce your problem by using the system-wide policy:

Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown]
"bDisableTrustedFolders"=dword:00000001

It forces Adobe to untrust all locations on local disks, so even if you use <Enable All Features> the policies applied via DocumentsAntiExploit are still active.
H_C (SWH) does not use this policy, so you probably enabled it manually or via another application. After removing this policy, the standard behavior of <Enable All Features> is restored (links can be opened). (y)
When you reset in DocumentsAntiExploit tool <Adobe Acrobat Reader> option PV ---> OFF --> PV, then this policy will be removed (except if it is controlled/restored by a 3rd party application).

Thanks for your input, I will think if this policy can be adopted in H_C/SWH.
Click to expand...
Thanks, I will have a look if I can find that policy on my system when I get home from work (y)
 
  • Like
Reactions: Nevi, mkoundo and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Back3 said:
In my mind, H_C, is like a Max button...excellent protection that I don't dare to use on shared or friends computers....
Click to expand...
H_C has got many possible setting profiles for several groups of users. All you can do via SWH or (and) ConfigureDefender, can be done via H_C as well. So, H_C is rather a microscope and you only need a magnifying glass. Most people do not need a microscope - that is why I created the "standalone magnifying glasses". But still, there are some people that need a microscope, although using it requires more time and more learning from the teacher. :)(y)
 
  • Like
Reactions: Nevi, jerzy601, Back3 and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
I will modify the PV setting in the DocumentsAntiExploit tool (All users retictions), so it will automatically remove the policy "bDisableTrustedFolders", forcing <Enable All Features> to work in a standard way.
On the contrary, I will add the "bDisableTrustedFolders" to the ON setting.

In this way, the ON setting will open the document in Protected View and after using the <Enable All Features>, the DocumentsAntiExploit restrictions will still be active (good for casual users).
With the PV setting the document will be also opened in Protected View, but after using <Enable All Features>, the restrictions will not be active except AppContainer (good for @Gandalf_The_Grey). :)
 
Last edited:
  • Like
  • Thanks
Reactions: Nevi, jerzy601, mkoundo and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
  • Like
Reactions: Gandalf_The_Grey
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,586
Andy Ful said:
This is not the right key. You should look here:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown]
Click to expand...
I know, but there is nothing under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC on my laptop:

1654192331663.png
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Adobe Reader DC 64-bit can install in a few different locations and can store its settings under different keys.
Please check if your current setting in DocumentsAntiExploit is PV and check these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown
 
  • Like
Reactions: Gandalf_The_Grey
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,586
Andy Ful said:
Adobe Reader DC 64-bit can install in a few different locations and can store its settings under different keys.
Please check if your current setting in DocumentsAntiExploit is PV and check these keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown
Click to expand...
I think I misunderstood what you were saying because DocumentsAntiExploit was OFF when checking for those keys :)

Now with PV I have both "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" and "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown" with the same values:

1654193904316.png
 
  • Like
Reactions: Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Gandalf_The_Grey said:
I think I misunderstood what you were saying because DocumentsAntiExploit was OFF when checking for those keys :)

Now with PV I have both "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown" and "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown" with the same values:

View attachment 267191
Click to expand...
So in both keys should be 11 entries?
How do work links now?
 
  • Like
Reactions: Gandalf_The_Grey
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,586
Andy Ful said:
So in both keys should be 11 entries?
How do work links now?
Click to expand...
Yes, both have the same 11 entries.

Links still don't work with PV or ON only when OFF.
I have only changed the settings in "All users restrictions":

1654194428746.png

EDIT: just for your information I currently use ConfigureDefender on High, SWH at basic recommended settings and O&O ShutUP 10+++ at (almost all) recommended settings.
 
Last edited:
  • Like
Reactions: Andy Ful

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
254
Views
17,021
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
21,951
Hard_Configurator Tools
South Park
South Park
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
466
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top