Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I recently upgraded to the latest 6.x beta and found a couple of issues:

1. When loading an External BlockList in FirewallHardening, it discards the rules with missing paths (files that don't exist at that location). I think this should be optional. Because I'd like to install H_C on a clean Windows system and load all the firewall rules, so that they're ready before programs that need to be blocked are installed.
But maybe someone prefers the current behavior. In that case there should be an additional button, for a total of three, when missing paths are loaded: "show missing paths", "keep rules" and "discard rules". That way, one could decide what to do.
Rejecting invalid paths is necessary in the case when the user used the wrong path format. Anyway using FirewallHardening in your way is also OK. I will think about it.

2. When upgrading H_C from version 5.x to 6.x, it automatically enables SmartScreen for "Apps and Files", even when it was off and disabled by Group Policy. It looks like this doesn't happen with a fresh 6.x install, however.

The H_C always enabled SmartScreen (except for a few early versions). The whole idea of H_C is based on the Forced SmartScreen.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
Hello @Andy Ful, what is this file in H_C_HardeningTools? I know it's for Firewall Hardening, but what's the purpose of it? I think you explained it somewhere, but I forgot.
1654700529716.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Hello @Andy Ful, what is this file in H_C_HardeningTools? I know it's for Firewall Hardening, but what's the purpose of it? I think you explained it somewhere, but I forgot.
View attachment 267358
It can be used to update the BlockList to ver. 2.0.0.1.
You probably saw the explanation in the readme.txt (this file is in H_C_HardeningTools_2010.zip). :)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
It can be used to update the BlockList to ver. 2.0.0.1.
You probably saw the explanation in the readme.txt (this file is in H_C_HardeningTools_2010.zip). :)
Yeah, got it. So it's not necessary with the current version 2.1.1.1? I haven't applied Firewall Hardening on this system yet.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I noticed a discussion about Constrained Language Mode (CLM) on the Wilderssecurity forum and some questions.
  1. There are several methods of applying CLM, some of them are PowerShell session dependent and some not.
  2. The method used by SRP, Applocker, and MDAC is independent of the PowerShell sessions and does not use the __PSLockDownPolicy. Of course, changing the Language Mode is prevented in the session already running with Constrained Language mode. This is also explained in the article mentioned on Wilderssecurity:
  3. When using SRP one can apply CLM to processes running with standard rights and also to high privileged ones. In the H_C Recommended_Settings the first method is used. If one wants H_C to apply CLM and other SRP restrictions also to high privileged processes then it can be done by running H_C with "-p" switch.
 
Last edited:

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
you said you know a technique that can bypass the restrictions of your programs, the question is why don't you fix that. If it can be fixed. I don't know the technique but you do and it seems to me that it would be necessary for all of us who use your software to know what it is and how to prevent it if you don't update and mitigate that attack. I always thank you for making a code so easy to use and so good and I also thank you that you are always sharing your knowledge having a lot of patience especially in users like me who are basic. Thank you.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
you said you know a technique that can bypass the restrictions of your programs, the question is why don't you fix that.

I did not say so. You probably refer to my post:

This post was a continuation of a few posts about using PowerShell trojan-downloaders. I had in mind the attack method via successful exploit + PowerShell CmdLines that could rarely "bypass" the H_C Recommended_Settings. This method was discussed several times on MT (BITS Transfer cmdlet) - it is almost absent in widespread attacks. Restricting BITS is not recommendable, so a reasonable fix is not possible (as far as I know), except for blocking PowerShell (can be done in H_C). The recommendable way is to avoid vulnerable (unpatched) applications exploited in the wild.
If you use such an application then you have to be cautious or use additional protection like blocking some LOLBins (powershell.exe, powershell_ise.exe), using the DocumentsAntiExploit tool, advanced H_C profiles, etc. The details are included in the H_C manual. (y)
 
Last edited:

flaubert1971

Level 2
Oct 14, 2019
71
Probably I have not read the hard configurator documentation well or that it has already been written in this thread, so I apologize in advance for the question.
Can hard configurator be used, at the recommended settings, also in enterprise versions of windows?
Thank you
 

sypqys

Level 5
Apr 18, 2022
230
How to allow OBS to capture screen ?
i have add path and file of OBS studio in whitelist but the screen it is blocked like this :

without defaut deny protection, the screen it is black, ... so H_C block something...
sorry if it is not H_C whose block my OBS studio ... but finaly without deny protection, the screen was black so different...

Sorry it's an error. Because i was try another way, and the problem persist without deny protection...
so forget this post I don't succed to delete it.

ScreenWings_Rdche3GOPs.png
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Probably I have not read the hard configurator documentation well or that it has already been written in this thread, so I apologize in advance for the question.
Can hard configurator be used, at the recommended settings, also in enterprise versions of windows?
Thank you
Yes, if the user did not activate the SRP via GPO and policies shared with H_C must be set in GPO to "Not Configured". There should not be a problem if you did not apply the policies via GPO.
 
  • Like
Reactions: flaubert1971

sypqys

Level 5
Apr 18, 2022
230
Hi !

the shortcut from another disk don't want to open. How I have to do to allow this shortcut to execute ?

Because ok for the security but the problem, I cannot use anything on my HDD ...

If you have a solution ?

ScreenWings_DoBSc9ZMpY.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
shortcut from H_C nothing ; I have to open the source of folder on my disk to open H_C.
What is the location of these blocked shortcuts? The non-standard locations in the UserSpace are intentionally blocked. Shortcuts are allowed by default only in standard locations (Desktop, Start Menu, Task Bar, Power Menu).
If you want others, they must be whitelisted..
 
  • Like
Reactions: [correlate]

sypqys

Level 5
Apr 18, 2022
230
What is the location of these blocked shortcuts? The non-standard locations in the UserSpace are intentionally blocked. Shortcuts are allowed by default only in standard locations (Desktop, Start Menu, Task Bar, Power Menu).
If you want others, they must be whitelisted..
C:\Windows\Hard_Configurator
 
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top