Hard_Configurator - Windows Hardening Configurator

Andy Ful · Mar 11, 2023

Tiamati said:
Do i have to uninstall old H_C before install the new version? I'm using v. 6.0.0.0

No.

https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-996137
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-990667
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-962699
etc.

Anyway, I noticed that it is hard to find the info about the <Update> button. I will fix it soon.

The new name of that button < Update H_C > can help too.

simmerskool · Mar 11, 2023

Andy Ful said:
No.
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-996137
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-990667
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-962699
etc.

View attachment 273496

Anyway, I noticed that it is hard to find the info about the <Update> button. I will fix it soon.
The new name of that button < Update H_C > can help too.

how do I say I'm a big fan of genius_app_H_C, but not a big fan of its GUI, without offending you... (plus I have no ideas what I'd change

)

Tiamati · Mar 11, 2023

Andy Ful said:
No.
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-996137
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-990667
https://malwaretips.com/threads/hard_configurator-windows-hardening-configurator.66416/post-962699
etc.

View attachment 273496

Anyway, I noticed that it is hard to find the info about the <Update> button. I will fix it soon.
The new name of that button < Update H_C > can help too.

OMG, i never noticed that button! hahahaha What can i say?

Ty!

(maybe if you change the color/style of the button could help)

simmerskool said:
how do I say I'm a big fan of genius_app_H_C, but not a big fan of its GUI, without offending you... (plus I have no ideas what I'd change

I love H_C, but i have to agree with that.

. Despite I'll keep using and endorsing it.

Andy Ful · Mar 12, 2023

The GUI shows the limitations of AutoIt. It is a powerful programming language, except for GUIs.

oldschool · Mar 12, 2023

Andy Ful said:
The GUI shows the limitations of AutoIt.

Many of the posted questions in this thread are answered in the GUI, if users bothered to become familiar with it and the User Guide. It is more than sufficient.

Andy Ful · Mar 12, 2023

oldschool said:
Many of the posted questions in this thread are answered in the GUI, if users bothered to become familiar with it and the User Guide. It is more than sufficient.

Yes. Anyway, if possible, I would change the aesthetic appeal of the GUI.

simmerskool · Mar 12, 2023

oldschool said:
Many of the posted questions in this thread are answered in the GUI, if users bothered to become familiar with it and the User Guide. It is more than sufficient.

yes can agree with that, while at the same time admitting that I find the GUI "awkward" that may be limited to me...? For me it is not obvious or intuitive how the GUI uses colors, and placement of certain buttons. I am running H_C with Defender on this vm. A nice combo, & relatively fast.

Eg, what is the context of Apply Changes button to Switch OFF/ON SRP? SRP are currently ON and its button is green, ok... but if I click SRP button, it does change color to blue, but its text remains the same, ie OFF/ON, and I do see other things changing on the main screen, so then do I also have to hit the Apply Changes button? or then even reboot? I am sure this is all explained, and I have downloaded all of H_C docs, but don't always have time to read the finer details, and often there is no need to if and when the GUI is intuitive. Typically, I only read the finer details if I become aware of a problem. Usually, I am happy to run most software at default or recommended value, unless I have the time & need to dig into it. I continue to think H_C is a great app despite my limitations.

Andy Ful · Mar 12, 2023

simmerskool said:
yes can agree with that, while at the same time admitting that I find the GUI "awkward" that may be limited to me...?

H_C has got many options and settings. The H_C manual contains over 40 sections and over 70 pages. The fact that people can use H_C without reading carefully the manual, proves that the GUI layout is probably optimal.
Let's look at SWH. The GUI is much simpler, but this is only one of many possible setting profiles.
So, I do not think that the H_C GUI can be simpler and more intuitive. The colored buttons are those used most often. Two colored buttons change the color to see the difference between the switched ON/OFF states. Switching ON/F is different from turning ON/OFF.

ForgottenSeer 98186 · Mar 12, 2023

Andy Ful said:
the GUI layout is probably optimal.

I have a different perspective. The GUI itself is of little importance given the very minimal time that a user will spend in there. It has always worked when configuring settings and then creating allow exceptions from the event logs when needed.

The GUI just works. It is more important for users to understand and know what H_C does.

simmerskool · Mar 12, 2023

Andy Ful said:
H_C has got many options and settings. The H_C manual contains over 40 sections and over 70 pages. The fact that people can use H_C without reading carefully the manual, proves that the GUI layout is probably optimal.
Let's look at SWH. The GUI is much simpler, but this is only one of many possible setting profiles.
So, I do not think that the H_C GUI can be simpler and more intuitive. The colored buttons are those used most often. Two colored buttons change the color to see the difference between the switched ON/OFF states. Switching ON/F is different from turning ON/OFF.

I do not disagree with you while at the same time find the GUI unintuitive. I run SWH too on another vm with different av. Ideally both are set it and forget it, so by the time I would ever need to tweak the settings, I would have forgotten the 70-page details (I actually read of lot of it several months ago). I cloned a vm and forgot that it was cloned with all the H_C settings. the status of that vm was not obvious to me looking at the GUI once I realized I needed to stare at the GUI

For me there's a deep settings understanding / learning curve, and a GUI learning curve, but some GUI don't have much of a learning curve, IMO. Like you said, "nature of the beast" (my interpretation

Andy Ful · Mar 12, 2023

simmerskool said:
For me there's a deep settings understanding / learning curve, and a GUI learning curve, but some GUI don't have much of a learning curve, IMO. Like you said, "nature of the beast" (my interpretation

You are right. I intended this GUI for home administrators who use it more frequently and on several computers. It is not only a configuration GUI, but also a diagnostic one. So, it must show the most important settings at a glance (like the control panel). Such a GUI is also a natural barrier to prevent using H_C by unadvanced users.

piquiteco · Mar 13, 2023

I came to like Defender because of H_C, thanks to @Andy Ful, I don't like the Defender GUI to be honest, although I am getting used to tinkering here and there. I am also running H_C with Microsoft Defender and ConfigureDefender in MAX all enabled, on a test machine.

simmerskool · Mar 13, 2023

piquiteco said:
I came to like Defender because of H_C, thanks to @Andy Ful, I don't like the Defender GUI to be honest, although I am getting used to tinkering here and there. I am also running H_C with Microsoft Defender and ConfigureDefender in MAX all enabled, on a test machine.

me too, running MS Defender in VMware with H_C. I like that it's all MS and little or minimal slowdown! Kaspersky Standard on another VM with no H_C is noticeably heavier / slower.

ForgottenSeer 97327 · Mar 13, 2023

H_C not only makes it easy to apply SRP, it also does a lot of stuff for you which would otherwise require a lot of knowledge to configure.

I hope the next release with updated sponsors will be out soon.

Andy Ful · Mar 13, 2023

Max90 said:
H_C not only makes it easy to apply SRP, it also does a lot of stuff for you which would otherwise require a lot of knowledge to configure.

I hope the next release with updated sponsors will be out soon.

I plan to add pnputil.exe and maybe some other LOLBins. Do you have some suggestions?

ForgottenSeer 97327 · Mar 14, 2023

I thought two or three are missing from the combined Microsoft Recommended blocklist and the list of programs you need to block for Windows-S mode. Maybe you could add the programs listed in those two lists to your enhanced preset in H_C (I am again abroad for work and typing this from my Samsung tablet, apologize for not answering your question more to the point / specific).

Andy Ful · Mar 24, 2023

Hard_Configurator on Windows 11 with SAC ON.

In April, I plan to publish H_C ver. 6.1.1.1 with full support for Windows 11 ver. 22H2 (fresh installation).
This will include the correction which enables SRP, so it can be used alongside SAC.
But, there is a question: Is SRP really required with SAC?

The answer can depend on how tight protection is wanted. I think that many users will like the protection as follows:

SAC ON and No SRP (the left panel in H_C deactivated).
PowerShell scripts and Windows Script Host are blocked via Windows policies.
Remote features and SMB protocols are blocked.
ConfigureDefender set to HIGH Protection Level.
FirewallHardening configured with Recommended H_C settings.
If MS Office is installed, then it is recommendable to use DocumentsAntiExploit tool.

The above settings can be also applied with the current H_C version 6.0.1.1.

In the version 6.1.1.1, it will be possible to apply any SRP restrictions on Windows 11 ver. 22H2 with SAC ON.
For example (setup similar to Basic_Recommended_Settings):

ForgottenSeer 97327 · Mar 25, 2023

@AndyFul

Smartscreen, Cloud protection level Zero Tolerance, ISG and SAC seem to use the same back-end cloud technology, as always with Microsoft the implementations are different.

SAC seems to be a tighter omplementation of Microsoft Defender on MAX (also looks at DLL's). ConfigureDefender on MAX allowed me to install a (signed) Photobook application in user folders which did not have signed DLL's. Defender on MAX allowed that application to run while SAC blocked it.

That said I have SRP (using H_C) running on my wife's laptop for years while also running Defender on MAX (using CD), to limit the execution of risk in user folders for unelevated processes (with standard user / medium IL rights).H_C allowed me to add exceptions for the Photobook executable. Defender on MAX worked well on a Lenovo laptop, an Asus laptop (which sadly passed away when my wife spilled a mug of hot thee over it) and her latest HP laptop.

Maybe you could start a poll how many H_C users were running Defender on MAX, to get an idea of how many people would still like to have SRP using H_C with SAC?

I have an other question: Why would people need SAC when they also can run Defender on MAX (and add exceptions)? Like UAC, SAC seems to be an ALL or NOTHING first implementation, this will like UAC probably will be lowered (you already explained the differences of SAC and ISG when Defender/Smartscreen decided to allow something). My bet is that the next version of SAC will also have this ISG behaviour to enhance useability and reduce protection.

When that happens (second less rigid implementation of SAC with malware misusing this like current UAC on default), people wished they had still SRP to set a deny execute in userland

A benefit of H_C (on default) for people using a third-party AntiVirus would be to run it in SWH like setting with sponsor blocking for standard users. I think SAC (or WDAC ISG) has more value to people running a 3p AntiVirus (you get two for the burden/price of one) than people already running Defender on MAX.

Freki123 · Mar 25, 2023

Andy Ful said:
But, there is a question: Is SRP really required with SAC?

Yes please give the user always the choice to use SRP (maybe off be default).

On my win 11 MS decided to disable SAC. SAC was for me the reason to try 11 at all (so I'm quite disappointed).
So if there is no SRP and MS disables SAC for you you got "nothing" otherwise.

Andy Ful · Mar 25, 2023

Max90 said:
@AndyFul

Smartscreen, Cloud protection level Zero Tolerance, ISG and SAC seem to use the same back-end cloud technology, as always with Microsoft the implementations are different.

SAC seems to be a tighter omplementation of Microsoft Defender on MAX (also looks at DLL's). ConfigureDefender on MAX allowed me to install a (signed) Photobook application in user folders which did not have signed DLL's. Defender on MAX allowed that application to run while SAC blocked it.

Defender on MAX allowed unsigned DLLs because it did not check them. In some situations, a few ASR rules can check DLLs by behavior rules (like with the ASR rule "Use advanced protection against ransomware"). SAC can check all loaded DLLs (via standard APIs). Generally, SAC will produce far more false positives for DLLs compared to Defender on MAX.

Max90 said:
I have an other question: Why would people need SAC when they also can run Defender on MAX (and add exceptions)?

I think that Defender on MAX can be used with SAC. Both can support each other. Their protection overlaps mostly on EXE files, but even there we can see some important differences. For example, Defender on MAX can block some digitally signed EXE malware (by prevalence) that could be allowed by SAC. On the other side, SAC can block unsigned malware without cloud backend or when malware has got a big file size (not checked by Defender due to file size limit).

Max90 said:
When that happens (second less rigid implementation of SAC with malware misusing this like current UAC on default), people wished they had still SRP to set a deny execute in userland

Yes, using SRP is clearly beneficial at home. But this usually requires a home administrator.
Many people can probably use SAC + Defender on MAX and choose a simple software setup based on well-signed and popular applications. If they will not change that setup, then everything will probably work well. Of course, such a security setup will be not good for many people too (there will be problems with games, etc.)

Max90 said:
A benefit of H_C (on default) for people using a third-party AntiVirus would be to run it in SWH like setting with sponsor blocking for standard users. I think SAC (or WDAC ISG) has more value to people running a 3p AntiVirus (you get two for the burden/price of one) than people already running Defender on MAX.

When using the H_C, it is unimportant which popular AV is installed. The concrete H_C setup can mostly depend on the home administrator's preferences.

Search

Hard_Configurator - Windows Hardening Configurator

Andy Ful

From Hard_Configurator Tools

simmerskool

Level 36

Tiamati

Level 12

Andy Ful

From Hard_Configurator Tools

oldschool

Level 84

Andy Ful

From Hard_Configurator Tools

simmerskool

Level 36

Andy Ful

From Hard_Configurator Tools

ForgottenSeer 98186

simmerskool

Level 36

Andy Ful

From Hard_Configurator Tools

piquiteco

Level 14

simmerskool

Level 36

ForgottenSeer 97327

Andy Ful

From Hard_Configurator Tools

ForgottenSeer 97327

Andy Ful

From Hard_Configurator Tools

ForgottenSeer 97327

Freki123

Level 16

Andy Ful

From Hard_Configurator Tools

Similar threads