- Apr 5, 2021
- 621
You have applied very strong protection. Now, your security will depend on the way you deal with blocked files. So, choose wisely when whitelisting the blocked files or when intentionally bypassing the protection layers.this is my current H_C configuration, ...
Version 6.0.1.1 | |
1. Adjusted the default extensions in <Designated File Types> to those used in Simple Windows Hardening. So, some popular Excel extenions are not blocked in default setup: XLS, XLSX, XLSB, XLSM, XLT, XLTM, XSL. | |
2. Updated the manual and some help files. | |
3. Added new option in DocumentsAntiExploit tool to make the configuration of Adobe Acrobat more granular. | |
4. Added the button <MORE ...><Remove Obsolete Restrictions>. | |
5. Added a new digital certificate. | |
Version 6.0.1.0 beta | |
1. Added several file extensions to the <Designated File Types>, mostly for MS Excel Add-ins, Query files, and some legacy file formats: | |
New default extensions | |
ACCDA, ACCDU, CSV, DQY, ECF, MDA, PA, PPA, PPAM, RTF, WLL, WWL, XLA, XLAM, XLL, XLM, XLS, XLSX, XLSB, XLSM, XLT, XLTM, XSL. | |
New Paranoid extensions | |
ACCDU, ARJ, BZIP, BZIP2, DOC, ECF, FAT, HWP, IMG, ISO, LHA, NTFS, MCL, PA, PPA, PPT, PPTX, REV, R00, R01, R02, R03, R04, R05, R06, R07, R08, R09, TBZ, TPZ, TXZ, TZ, VHD, VHDX, WLL, WWL, XAR, XIP, XLS, XLSX, XSL, XZ | |
Disk image extensions: ISO, IMG, VHDX, can be blocked by SWH settings only if a 3-rd party application is set to open them (and not Windows built-in File Explorer). | |
2. Added new versions of DocumentsAntiExploit, RunBySmartscreen and FirewallHardening tools. | |
3. Improved policies for Adobe Acrobat Reader XI/DC. | |
4. Corrected some minor bugs. | |
5. Updated H_C manual and some help files. | |
Version 6.0.0.1 beta | |
1. Added <Block AppInstaller> option. | |
2. New FirewallHardening version 2.0.1.1. | |
- added the options to load/save the external BlockLists. | |
- added new LOLBins: bitsadmin.exe (blocked via Exploit Protection), calc, certoc, certreq, cmd, desktopimgdownldr, dllhost, ExtExport, findstr, ieexec (new path), notepad, pktmon, Register-cimprovider, verclsid, wsl, wuauclt.exe, xwizard. | |
Hard_Configurator ver. 6.0.1.1
The update can be made over the older version. After the update, some Infos are displayed in the notepad. The info about updating the configuration is included in the displayed Quick_Configuration.txt.
The changelog from the latest stable version 6.0.0.0
Version 6.0.1.1 1. Adjusted the default extensions in <Designated File Types> to those used in Simple Windows Hardening. So, some popular Excel extenions are not blocked in default setup: XLS, XLSX, XLSB, XLSM, XLT, XLTM, XSL. 2. Updated the manual and some help files. 3. Added new option in DocumentsAntiExploit tool to make the configuration of Adobe Acrobat more granular. 4. Added the button <MORE ...><Remove Obsolete Restrictions>. 5. Added a new digital certificate. Version 6.0.1.0 beta 1. Added several file extensions to the <Designated File Types>, mostly for MS Excel Add-ins, Query files, and some legacy file formats: New default extensions ACCDA, ACCDU, CSV, DQY, ECF, MDA, PA, PPA, PPAM, RTF, WLL, WWL, XLA, XLAM, XLL, XLM, XLS, XLSX, XLSB, XLSM, XLT, XLTM, XSL. New Paranoid extensions ACCDU, ARJ, BZIP, BZIP2, DOC, ECF, FAT, HWP, IMG, ISO, LHA, NTFS, MCL, PA, PPA, PPT, PPTX, REV, R00, R01, R02, R03, R04, R05, R06, R07, R08, R09, TBZ, TPZ, TXZ, TZ, VHD, VHDX, WLL, WWL, XAR, XIP, XLS, XLSX, XSL, XZ Disk image extensions: ISO, IMG, VHDX, can be blocked by SWH settings only if a 3-rd party application is set to open them (and not Windows built-in File Explorer). 2. Added new versions of DocumentsAntiExploit, RunBySmartscreen and FirewallHardening tools. 3. Improved policies for Adobe Acrobat Reader XI/DC. 4. Corrected some minor bugs. 5. Updated H_C manual and some help files. Version 6.0.0.1 beta 1. Added <Block AppInstaller> option. 2. New FirewallHardening version 2.0.1.1. - added the options to load/save the external BlockLists. - added new LOLBins: bitsadmin.exe (blocked via Exploit Protection), calc, certoc, certreq, cmd, desktopimgdownldr, dllhost, ExtExport, findstr, ieexec (new path), notepad, pktmon, Register-cimprovider, verclsid, wsl, wuauclt.exe, xwizard.
Only for some people (like my wife).Easy & untroublesome
Update file paths are whitelisted, so no need to for me to manually update applications.Such a setup requires manual software updates
Just create an allow file path for *.xls; can run Excel only at this file path. Alternate, safer practice is to run Excel online.When using Paranoid Extensions, some popular file types are blocked (like Excel documents).
Turn off <Validate Admin C.S.> temporarily and install. Updates are infrequent so no problem for user.The <Validate Admin C.S.> is ON, so there can be some problems with installing/updating the unsigned applications.
Most software updates use %LocalAppdata%\Temp . Did you whitelist it?Update file paths are whitelisted, so no need to for me to manually update applications.
Your whitelist includes several paths in UserSpace. These paths can cover the updating executables for applications. So, the auto-updates will probably start, but they usually create folders & files in the folder LocalAppdata%\Temp, and next try to run some executables from there. Most of them will be blocked with your setup. Anyway, you are not a newbie, so you will find a solution.Do not whitelist %LocalAppdata%\Temp.
Only allow known good update and application processes to run from there. Manual application updates are not required.
View attachment 267997
So simple.
All my known good applications and their updates work perfectly via configuration of H_C at maximum possible protection settings. Thank you.Your whitelist includes several paths in UserSpace. These paths can cover the updating executables for applications. So, the auto-updates will probably start, but they usually create folders & files in the folder LocalAppdata%\Temp, and next try to run some executables from there. Most of them will be blocked with your setup. Anyway, you are not a newbie, so you will find a solution.
The software updates work for you because your applications update via the Inno Setup installer. It uses the folder pattern ...\Temp\is-*.tmp\ which is whitelisted in your setup. Generally, your setup is powerful. Although some malware and adware can use Inno Setup too, such malicious installers will be prevented by the H_C Forced SmartScreen. Even if something is exploited, the malware after exploiting rarely uses the Inno Setup installer.
The Inno Setup is used to update VS Code IIRC. The other programs running and updating from AppData require their own specific allow rules. Creating the allow exception rules is easy.The software updates work for you because your applications update via the Inno Setup installer.
Not for H_C. It would be possible for ConfigureDefender, SWH, and other tools. But, this would also require translating the manual and help files (included in PDF documents).
Did you read the help for this option? (press <help> button near the option).What is validate admin C.S. and what it does?