Hard_Configurator - Windows Hardening Configurator

F

ForgottenSeer 95367

wat0114 said:
This limitation of SAC makes it a dealbreaker from my pov.
Click to expand...
SAC is still in the alpha\early beta stage. So it's too early to judge it, but I wouldn't bet 1 euro that Microsoft will make SAC a well-polished product. Just look at MDAC; Microsoft started on it, but then further development came to a crawl. The only real options in the same class of default deny are SMB and enterprise third party security software.
 
  • Like
Reactions: wat0114
wat0114

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
570
Furyo said:
So it's too early to judge it, but I wouldn't bet 1 euro that Microsoft will make SAC a well-polished product.
Click to expand...

Unfortunately I think you are right, so I will not be "downgrading" to 22H2. Why can't MS get SAC, which currently seems to be a half-baked joke, to work properly yet? It's like their development team is made up people with stunted attention spans who can't concentrate on anything for more than a few minutes at a time, and are unable to see anything through to to its completion. To me it's inexcusable. I remember clearly years ago Applocker working exactly as intended out of the box when Windows 7 Ultimate was released. And of course before that the same with SRP. Applocker still remains my favourite Windows built-in security feature. Too bad now it's only available to enterprises, Server and the Education version of Windows.

EDIT

Btw, my rant is fueled not just by this SAC stupidity, but also by other bizarre decisions MS has made over the years with Windows versions since 7, such as deprecating the ability to display messages and send emails using Task Scheduler, making Applocker unavailable to individuals, and even the bizarre removal of seconds on their task bar clock.
 
Last edited:
  • Like
Reactions: 1chaoticadult
F

ForgottenSeer 95367

wat0114 said:
It's like their development team is made up people with stunted attention spans who can't concentrate on anything for more than a few minutes at a time, and are unable to see anything through to to its completion.
Click to expand...
Everyone thinks Microsoft's development teams operate in a proficient and military manner. Nothing could be further from the truth. For one, Microsoft has employee turnover that impacts their projects. Then there are competing priorities within the company itself and a lack of long-term commitment to sub-projects.

I don't know why everybody is treating 22H2 as a stable, general release. It's not. It is a preview build. And it is full of problems. So part of the problem are users thinking it is a stable release.
 
Last edited by a moderator:
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Guys, it would be better to continue the discussion about the pros and cons of SAC in another thread, like:
malwaretips.com

New Update - Smart App Control - Windows 11 22H2 feature promises significant protection from malware

I am curious how it will work in practice.:) https://www.windowslatest.com/2022/03/05/windows-11-22h2-feature-promises-significant-protection-from-malware/amp/ It will probably use Microsoft ISG, so many false positives are expected. Anyway, it can be some solutions for children and happy...
malwaretips.com malwaretips.com
There are several interesting aspects related to SAC and most of them are not related to H_C. :) (y)
 
  • Like
Reactions: ErzCrz
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
  • Like
  • Thanks
Reactions: piquiteco, eonline, jerzy601 and 4 others
L

learningexp

Level 1
Nov 7, 2015
13
Applying the recommended settings in HC, ConfDefender and FwHardening results in being unable to install any extension from the edge store (An error has occurred Download interrupted).
Is this related? How should I allow installing extensions?
Thank you!

LE: issues with microsoft servers. Just tried it now and it works. Sorry.
 
Last edited:
  • Like
Reactions: piquiteco, simmerskool, Andy Ful and 1 other person
Andrezj

Andrezj

Level 6
Nov 21, 2022
248
Andy Ful said:
This is an internal feature of SRP, related to Default Security Level (Disallowed or BasicUser).
Click to expand...
on windows 11 pro 22h2 i tested H_C:
install H_C
install SRP
enable default security level = disallow

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\CodeIdentifiers\DefaultLevel = 0

constrained language mode is not enabled in standard user powershell console nor when install H_C with -p switch

[system.console]::WriteLine("Test") is not blocked in standard or admin console; powershell running in full language mode
import-module -name az.account is not blocked in standard or admin console; powershell running in full language mode
 
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
piquiteco said:
@Andy Ful I have an old PC that has Win 8.1 installed. Does Hard Configurator work on that version of windows? or is it only on windows 10 and 11? Thanks!
Click to expand...
It works for Windows Vista up to Windows 10. On Windows 11, it works only when upgraded from Windows 10.
 
  • Like
  • Thanks
Reactions: windows1064, piquiteco, mkoundo and 3 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Last edited:
  • Like
  • +Reputation
Reactions: franz, piquiteco, mkoundo and 5 others
Andrezj

Andrezj

Level 6
Nov 21, 2022
248
Andy Ful said:
SRP does not work on Windows 11 22H2.
malwaretips.com

Hard_Configurator - Windows Hardening Configurator

Post updated in July 2023. WARNING! The fake domain hard-configurator.com is currently (May 2023) used by some malicious actors. Please do not use it. Someone tries to fool people who want to get information about Hard_Configurator. Support for Windows 11 22H2 was added in the new version...
malwaretips.com malwaretips.com
Click to expand...
upgraded system windows 10 to 11
not clean install 11 22h2
srp works fine; constrained language mode does not get set
 
  • Like
Reactions: franz, piquiteco, simmerskool and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,129
Andrezj said:
upgraded system windows 10 to 11
not clean install 11 22h2
srp works fine; constrained language mode does not get set
Click to expand...
Interesting - if SRP works fine then Constrained Language Mode (CLM) should work too. I cannot say for sure, but there can be some incompatibility with other security layers. After your post, I tested SRP + CLM on Windows Home 21H2 (works well) and on Windows Pro 22H2 (did not work). But, in the second case, the issue was related to my tests with HomeApplocker.
It is interesting that removing HomeApplocker policies did not work. The SRP functionality has been restored after removing two folders:
c:\Windows\System32\AppLocker\MDM
c:\Windows\SysWOW64\AppLocker\MDM
 
Last edited:
  • Like
Reactions: franz, piquiteco, simmerskool and 3 others
Andrezj

Andrezj

Level 6
Nov 21, 2022
248
Andy Ful said:
Interesting - if SRP works fine then Constrained Language Mode (CLM) should work too. I cannot say for sure, but there can be some incompatibility with other security layers. After your post, I tested SRP + CLM on Windows Home 21H2 (works well) and on Windows Pro 22H2 (did not work). But, in the second case, the issue was related to my tests with HomeApplocker.
It is interesting that removing HomeApplocker policies did not work. The SRP functionality has been restored after removing two folders:
c:\Windows\System32\AppLocker\MDM
c:\Windows\SysWOW64\AppLocker\MDM
Click to expand...
it is strange behavior
one upgraded system 11 22h2 CLM does not work
another upgraded 11 22h2 system CLM does work; dot-net of some scripts is blocked by CLM
 
  • Like
Reactions: franz, piquiteco, simmerskool and 1 other person

Similar threads

Andy Ful
    • Like
    • +Reputation
    • Thanks
  • Sticky
Serious Discussion WHHLight - simplified application control for Windows Home and Pro.
Replies
254
Views
17,133
Hard_Configurator Tools
Andy Ful
Andy Ful
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
21,971
Hard_Configurator Tools
South Park
South Park
SpyNetGirl
    • Like
    • Applause
    • Thanks
Serious Discussion Why do you use obsolete security technologies such as SRP?
Replies
7
Views
477
General Security Discussions
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top