Hard_Configurator - Windows Hardening Configurator

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,083
Running them both is possible, but not recommended. Such a setup would be too complex. Some people use VS with Simple Windows Hardening. Anyway, I did not test VS for a long time, so I do not know if SWH is really needed. You can ask @danb. (y)
very good. thanks for the feedback. I'll continue to follow this thread, love your all your work, thanks.
 
  • Like
Reactions: Andy Ful

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,083
None at all. As @Andy Ful points out, it's too complex. Choose one from H_C, SWH or VS. Anything else is overkill. Stay safe, not paranoid! :LOL:
Thanks, I'm sticking with VS for now, only because I know it better. I do now recall that I ran H_C in VMWare win10, (long story missing, have not been running vm for awhile)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,208
Do I understand correctly installing 22h2 update on win11makes H_C obsolete? I am using Avast_hardened_mode_aggressive profile that comes with the program...
If you did not make a fresh install, then H_C should work with 22H2 update. You can test it by copying the H_C shortcut from the Desktop to your Downloads folder and executing this shortcut from the Downloads folder.
Anyway, if you will refresh the system then SRP restrictions will not work.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,176
One of the H_C testers reported that SRP does not work properly on the current builds of Windows 11 22H2 (Windows Insider). I confirmed this issue and reported it to Microsoft. I suspect that this issue can be caused by Smart App Control which is in the early stage and can cause conflicts.
Does this include SRP via Group Policy? And is Basic User deprecated?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,208

nadis

Level 1
Apr 21, 2020
14
The H_C always enabled SmartScreen (except for a few early versions). The whole idea of H_C is based on the Forced SmartScreen.
Late reply, but please reconsider this.
People can have various reasons for not using SmartScreen or any other anti-malware solution, whether it's performance related or privacy related or anything else.
(I saw that uninstalling H_C 6.* also re-enables SS. But it looks like the SS related Group Policy settings stick if you toggle them to default and back.)



And I found a bug in H_C, at recommended settings:
If a shortcut (*.lnk) is more than a few folders deep, the linked app gets blocked. For example:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1\2\shortcut.lnk — works
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1\2\3\shortcut.lnk — does not work

This problem doesn't happen when setting SRP rules in GP, only with H_C.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,208
Late reply, but please reconsider this.
People can have various reasons for not using SmartScreen or any other anti-malware solution, whether it's performance related or privacy related or anything else.
I know, but then they will not be able to use H_C.

And I found a bug in H_C, at recommended settings:
If a shortcut (*.lnk) is more than a few folders deep, the linked app gets blocked. For example:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1\2\shortcut.lnk — works
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1\2\3\shortcut.lnk — does not work

This problem doesn't happen when setting SRP rules in GP, only with H_C.
It is not a bug. Almost all applications do not need such deep whitelisting of shortcuts. Furthermore, one can whitelist the blocked shortcut.
Normally, the shortcuts are not blocked when using SRP via GPO.
 
F

ForgottenSeer 95367

And I found a bug in H_C, at recommended settings:
If a shortcut (*.lnk) is more than a few folders deep, the linked app gets blocked. For example:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1\2\shortcut.lnk — works
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1\2\3\shortcut.lnk — does not work

This problem doesn't happen when setting SRP rules in GP, only with H_C.
Can you please show image of the LNK rules you configured in SRP rules section of GP?
 
  • Like
Reactions: vtqhtr413

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,208
Yes, that's what the posts were referring to.
I know, but is it the "Basic User" setting of the SRP security level? The "Basic User" security level is rarely used. Do you use it?
If so, then I am confused why you think that it might be depreciated. I think that the last time that it changed its functionality was with Windows 7. But, it is also true that I did not use this setting for several years.
Do you have some new information? :unsure:
 

nadis

Level 1
Apr 21, 2020
14
It is not a bug.
Is it something that H_C does (and if so, why?) or it's a Windows thing?
I know that most apps don't make such long paths, but it can happen.
one can whitelist the blocked shortcut.
Whitelisting the shortcut file didn't work for me, but whitelisting that entire folder did.


Can you please show image of the LNK rules you configured in SRP rules section of GP?
I just set the Start Menu path to 'unrestricted', for the purpose of testing this. I don't usually have LNK rules in SRP.
 
  • Like
Reactions: vtqhtr413
F

ForgottenSeer 95367

I just set the Start Menu path to 'unrestricted', for the purpose of testing this. I don't usually have LNK rules in SRP.
I only asked for an image of the SRP configuration that you made in GPO as you stated earlier:

"This problem doesn't happen when setting SRP rules in GP"

From this statement and the other details provided, it appears that you created specific file (LNK) rules in SRP section of GP. If that is correct, then all of us taking a close look at those configured rules, one of us might find an explanation for the discrepancy between the rules you created in GP SRP and H_C rules.

On an H_C maximum settings VM, I created a test LNK to "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New folder\New folder\New folder\New folder\New folder\New folder\New folder\New folder\New folder\New folder\New folder\New folder\Test.docx" and placed it onto the Desktop. The Desktop LNK file opens the test document.

I think the devil is in the details. There might be something being done in your test case that is blocking the LNK.

What does shortcut.lnk in your test point to?

Over the past couple of years, I have run into isolated cases of LNK AND document files on the Desktop being randomly blocked. They would enter a "locked" state where I could not open them, moving them around was blocked, and other quirky behaviors such as no errors or notifications. That is really odd and almost seems a permissions corruption. It happened only two or three times. I cannot recall if it followed a Windows Update. I know the behavior did not follow any H_C version update. And I made no H_C policy changes that would account for the behavior. In troubleshooting the issue it appeared to me to be a Windows corruption issue because if I disabled both H_C SRP and Restrictions (turned all of H_C OFF), the issue still persisted. I could only get it to fix by resetting the rules by reinstalling H_C (over-writing the existing corrupted rules). That tells me that the cause is more likely to be Windows itself because H_C is only a front-end to the underlying Windows technology. That is not to say that H_C cannot do something like corrupting the rules itself somehow. But that makes no sense because the issue was spontaneous after many months of no problems and no alterations to H_C policy. My observations could somehow be related to yours, but we can't know this is case for sure.
 
Last edited by a moderator:

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,176
I know, but is it the "Basic User" setting of the SRP security level? The "Basic User" security level is rarely used. Do you use it?
If so, then I am confused why you think that it might be depreciated. I think that the last time that it changed its functionality was with Windows 7. But, it is also true that I did not use this setting for several years.
Do you have some new information? :unsure:
I use your threads and an old Kees post Tutorial - Windows Pro owner? Use Software Restriction Policies! for reference to refresh my memory, but I use "Disallowed". I keep it simple without many granular rules. I don't understand Windows well enough to do an advanced setup.

The posts I saw re: Basic User were old and probably referring to the last change during the W7 era that you mentioned. Otherwise I have no new info .
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,208
Whitelisting the shortcut file didn't work for me, but whitelisting that entire folder did.

The way of allowing/blocking shortcuts was designed by me. I could whitelist shortcuts even deeper, but I do not think that it is necessary.

The explanation of how one can whitelist shortcuts in H_C is included in the help for <Whitelist By Path> setting.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,208
I use your threads and an old Kees post Tutorial - Windows Pro owner? Use Software Restriction Policies! for reference to refresh my memory, but I use "Disallowed". I keep it simple without many granular rules. I don't understand Windows well enough to do an advanced setup.

The posts I saw re: Basic User were old and probably referring to the last change during the W7 era that you mentioned. Otherwise I have no new info .
Understand. In some way, the "Basic User" setting is depreciated compared to Windows Vista and XP.
From Windows 7, it is almost the same as the "Disallowed" setting. But when I tested it a few years ago, there were some differences. I think that I put the information about differences in the H_C manual (Table 3 in the section "Software Restriction Policies (SRP)".
 
Last edited:
F

ForgottenSeer 95367

I think that I put the information about differences in the H_C manual (Table 3 in the section "Software Restriction Policies (SRP)".

"Basic User" summary in Manual:

1664188873433.png


1664189049562.png
 

Attachments

  • 1664188829682.png
    1664188829682.png
    104.8 KB · Views: 80
  • Thanks
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top